Analysis Overview
SHA256
93bc218fa7956dc4eb8d19f7fe8c8ebb2e0b60f06ff221bbab6e62b56fc94f6a
Threat Level: Likely malicious
The file CheatEngine75_0fa34a97.exe was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
Modifies file permissions
Drops file in System32 directory
Drops file in Program Files directory
Checks installed software on the system
Launches sc.exe
Loads dropped DLL
Executes dropped EXE
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Runs net.exe
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:59
Reported
2024-06-13 06:04
Platform
win11-20240508-en
Max time kernel
299s
Max time network
246s
Command Line
Signatures
Stops running service(s)
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\bcryptPrimitives.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\system32\explorerframe.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\PROPSYS.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNELBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\sechost.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\imm32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shell32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\comdlg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNEL32.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\combase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\GDI32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\uxtheme.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\hhctrl.ocx | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\gdi32full.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\msimg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcp_win.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcrt.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\opengl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\GLU32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wininet.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\imm32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\user32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\advapi32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\psapi.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\version.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcp_win.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shell32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\hhctrl.ocx | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNELBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\uxtheme.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\sechost.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wsock32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wininet.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\win32u.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\bcryptPrimitives.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\oleaut32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ucrtbase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNEL32.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\apphelp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wintypes.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ucrtbase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ole32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\MSCTF.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ws2_32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dxcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\gdi32full.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ole32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\windows.storage.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\comdlg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\RPCRT4.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\opengl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel.appcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\version.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ws2_32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\msimg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\winmm.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Cheat Engine 7.5\include\winapi\is-MIS34.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\kernelbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\win32u.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\apphelp.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\CoreMessaging.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-4O49N.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\combase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\dnsapi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\opengl32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\dnsapi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-TR5G2.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UNP82.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\advapi32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-NLEBT.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-IRT1R.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\languages\is-KB533.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\forms\is-A7FC1.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-PUJME.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\oleaut32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-O6IP6.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\ntdll.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\wininet.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-9MA8N.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\kernelbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\combase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\DLL\kernel32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\lua53-32.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-UMO97.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-EHR6L.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-FD8PP.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-PFMD8.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\netutils.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-EE3D9.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\psapi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\tcc64-64.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\CheatEngine.chm | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\libmikmod64.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\DLL\kernel32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\iertutil.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\lua53-64.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-B8DEP.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-CV0CI.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\msvcp_win.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-N9O4H.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\opengl32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-6MSAN.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\propsys.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\XInput1_4.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\psapi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\DLL\kernel32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\devobj.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-SSFCE.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-9M0PT.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\kernelbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\user32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-CE11P.tmp | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\windowsrepair.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open | C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe"
C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp" /SL5="$70250,29019897,780800,C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe"
C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp" /SL5="$102DA,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAntic
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAntic
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAnticheat
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAnticheat
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAntic
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAnticheat
C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp
helper 105 0x3A4
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cheatengine.org/?referredby=CE7.50
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb4ecb3cb8,0x7ffb4ecb3cc8,0x7ffb4ecb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d1zlukw2pqueen.cloudfront.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1zlukw2pqueen.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1zlukw2pqueen.cloudfront.net | udp |
| US | 8.8.8.8:53 | cheatengine.org | udp |
| US | 8.8.8.8:53 | cheatengine.org | udp |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
Files
memory/1468-0-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/1468-2-0x0000000000401000-0x00000000004B7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp
| MD5 | 14e34c5e0e3c320b904b9500e8fa96cf |
| SHA1 | 47cf88e6ddc1683135194b9d8b1cc32c78277f5e |
| SHA256 | 7398bd01e78df0d69169402f7fecf781c23f61127ba68290d146582ebadbf2ef |
| SHA512 | 6d99202dafd3209622e6fa217407bccd0b4157550d873bff36f06a279c499c9e98cb01d235c337d76d86c9e3c369d89712450fe1353eb18b2b7c108abd67ad59 |
memory/3048-6-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\zbShieldUtils.dll
| MD5 | b83f5833e96c2eb13f14dcca805d51a1 |
| SHA1 | 9976b0a6ef3dabeab064b188d77d870dcdaf086d |
| SHA256 | 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401 |
| SHA512 | 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb |
memory/1468-13-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/3048-14-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/3048-16-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\logo.png
| MD5 | 1df360d73bf8108041d31d9875888436 |
| SHA1 | c866e8855d62f56a411641ece0552e54cbd0f2fb |
| SHA256 | c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43 |
| SHA512 | 3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14 |
memory/3048-23-0x0000000004540000-0x0000000004680000-memory.dmp
memory/3048-24-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe
| MD5 | e0f666fe4ff537fb8587ccd215e41e5f |
| SHA1 | d283f9b56c1e36b70a74772f7ca927708d1be76f |
| SHA256 | f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af |
| SHA512 | 7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a |
memory/2468-34-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/2468-32-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp
| MD5 | 9aa2acd4c96f8ba03bb6c3ea806d806f |
| SHA1 | 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15 |
| SHA256 | 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb |
| SHA512 | b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d |
C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
| MD5 | 9a4d1b5154194ea0c42efebeb73f318f |
| SHA1 | 220f8af8b91d3c7b64140cbb5d9337d7ed277edb |
| SHA256 | 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363 |
| SHA512 | 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b |
C:\Program Files\Cheat Engine 7.5\is-M7UQH.tmp
| MD5 | 22653019de4a66b1140d146fbc674ea2 |
| SHA1 | 8b8d4c716e4460e4b7ddce0b086aa77dd7fcadd8 |
| SHA256 | 526cff2e58b6ee3a3af1162981a2997d052047d5beae0958a8fe2013c3d42cd9 |
| SHA512 | be6b926353892177a9779b6c4e1a5f744fac27a6ee3f06cf53d1bade3a11f0d4d7db59fb79cb017ffd4ed8597e696b78e91c79e7210ec3bac5451bf7acbca0e0 |
C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll
| MD5 | 6e00495955d4efaac2e1602eb47033ee |
| SHA1 | 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c |
| SHA256 | 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9 |
| SHA512 | 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866 |
C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll
| MD5 | 19b2050b660a4f9fcb71c93853f2e79c |
| SHA1 | 5ffa886fa019fcd20008e8820a0939c09a62407a |
| SHA256 | 5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff |
| SHA512 | a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a |
C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll
| MD5 | e9b5905d495a88adbc12c811785e72ec |
| SHA1 | ca0546646986aab770c7cf2e723c736777802880 |
| SHA256 | 3eb9cd27035d4193e32e271778643f3acb2ba73341d87fd8bb18d99af3dffdea |
| SHA512 | 4124180b118149c25f8ea8dbbb2912b4bd56b43f695bf0ff9c6ccc95ade388f1be7d440a791d49e4d5c9c350ea113cf65f839a3c47d705533716acc53dd038f8 |
C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll
| MD5 | 8d487547f1664995e8c47ec2ca6d71fe |
| SHA1 | d29255653ae831f298a54c6fa142fb64e984e802 |
| SHA256 | f50baf9dc3cd6b925758077ec85708db2712999b9027cc632f57d1e6c588df21 |
| SHA512 | 79c230cfe8907df9da92607a2c1ace0523a36c3a13296cb0265329208edc453e293d7fbedbd5410decf81d20a7fe361fdebddadbc1dc63c96130b0bedf5b1d8a |
C:\Program Files\Cheat Engine 7.5\allochook-i386.dll
| MD5 | 19d52868c3e0b609dbeb68ef81f381a9 |
| SHA1 | ce365bd4cf627a3849d7277bafbf2f5f56f496dc |
| SHA256 | b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4 |
| SHA512 | 5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926 |
C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll
| MD5 | daa81711ad1f1b1f8d96dc926d502484 |
| SHA1 | 7130b241e23bede2b1f812d95fdb4ed5eecadbfd |
| SHA256 | 8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66 |
| SHA512 | 9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065 |
C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll
| MD5 | 9f50134c8be9af59f371f607a6daa0b6 |
| SHA1 | 6584b98172cbc4916a7e5ca8d5788493f85f24a7 |
| SHA256 | dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6 |
| SHA512 | 5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0 |
C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll
| MD5 | dd71848b5bbd150e22e84238cf985af0 |
| SHA1 | 35c7aa128d47710cfdb15bb6809a20dbd0f916d8 |
| SHA256 | 253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d |
| SHA512 | 0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790 |
C:\Program Files\Cheat Engine 7.5\winhook-i386.dll
| MD5 | de625af5cf4822db08035cc897f0b9f2 |
| SHA1 | 4440b060c1fa070eb5d61ea9aadda11e4120d325 |
| SHA256 | 3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38 |
| SHA512 | 19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099 |
C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll
| MD5 | f9c562b838a3c0620fb6ee46b20b554c |
| SHA1 | 5095f54be57622730698b5c92c61b124dfb3b944 |
| SHA256 | e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d |
| SHA512 | a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296 |
C:\Program Files\Cheat Engine 7.5\libipt-32.dll
| MD5 | df443813546abcef7f33dd9fc0c6070a |
| SHA1 | 635d2d453d48382824e44dd1e59d5c54d735ee2c |
| SHA256 | d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca |
| SHA512 | 9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25 |
C:\Program Files\Cheat Engine 7.5\libipt-64.dll
| MD5 | 4a3b7c52ef32d936e3167efc1e920ae6 |
| SHA1 | d5d8daa7a272547419132ddb6e666f7559dbac04 |
| SHA256 | 26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb |
| SHA512 | 36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312 |
C:\Program Files\Cheat Engine 7.5\d3dhook.dll
| MD5 | 2a2ebe526ace7eea5d58e416783d9087 |
| SHA1 | 5dabe0f7586f351addc8afc5585ee9f70c99e6c4 |
| SHA256 | e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42 |
| SHA512 | 94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0 |
C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll
| MD5 | 42e2bf4210f8126e3d655218bd2af2e4 |
| SHA1 | 78efcb9138eb0c800451cf2bcc10e92a3adf5b72 |
| SHA256 | 1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288 |
| SHA512 | c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74 |
C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll
| MD5 | 61ba5199c4e601fa6340e46bef0dff2d |
| SHA1 | 7c1a51d6d75b001ba1acde2acb0919b939b392c3 |
| SHA256 | 8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4 |
| SHA512 | 8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31 |
C:\Program Files\Cheat Engine 7.5\d3dhook64.dll
| MD5 | 2af7afe35ab4825e58f43434f5ae9a0f |
| SHA1 | b67c51cad09b236ae859a77d0807669283d6342f |
| SHA256 | 7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722 |
| SHA512 | 23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0 |
C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll
| MD5 | 43dac1f3ca6b48263029b348111e3255 |
| SHA1 | 9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1 |
| SHA256 | 148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066 |
| SHA512 | 6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032 |
C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll
| MD5 | 5f1a333671bf167730ed5f70c2c18008 |
| SHA1 | c8233bbc6178ba646252c6566789b82a3296cab5 |
| SHA256 | fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf |
| SHA512 | 6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105 |
C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll
| MD5 | 0daf9f07847cceb0f0760bf5d770b8c1 |
| SHA1 | 992cc461f67acea58a866a78b6eefb0cbcc3aaa1 |
| SHA256 | a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4 |
| SHA512 | b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a |
C:\Program Files\Cheat Engine 7.5\overlay.fx
| MD5 | 650c02fc9f949d14d62e32dd7a894f5e |
| SHA1 | fa5399b01aadd9f1a4a5632f8632711c186ec0de |
| SHA256 | c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc |
| SHA512 | f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d |
C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll
| MD5 | 0eaac872aadc457c87ee995bbf45a9c1 |
| SHA1 | 5e9e9b98f40424ad5397fc73c13b882d75499d27 |
| SHA256 | 6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f |
| SHA512 | 164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b |
C:\Program Files\Cheat Engine 7.5\languages\language.ini
| MD5 | af5ed8f4fe5370516403ae39200f5a4f |
| SHA1 | 9299e9998a0605182683a58a5a6ab01a9b9bc037 |
| SHA256 | 4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5 |
| SHA512 | f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f |
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
| MD5 | 9af96706762298cf72df2a74213494c9 |
| SHA1 | 4b5fd2f168380919524ecce77aa1be330fdef57a |
| SHA256 | 65fa2ccb3ac5400dd92dda5f640445a6e195da7c827107260f67624d3eb95e7d |
| SHA512 | 29a0619093c4c0ecf602c861ec819ef16550c0607df93067eaef4259a84fd7d40eb88cd5548c0b3b265f3ce5237b585f508fdd543fa281737be17c0551163bd4 |
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png
| MD5 | 5cff22e5655d267b559261c37a423871 |
| SHA1 | b60ae22dfd7843dd1522663a3f46b3e505744b0f |
| SHA256 | a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9 |
| SHA512 | e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50 |
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
| MD5 | f921416197c2ae407d53ba5712c3930a |
| SHA1 | 6a7daa7372e93c48758b9752c8a5a673b525632b |
| SHA256 | e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e |
| SHA512 | 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce |
memory/4052-682-0x0000000000400000-0x000000000071B000-memory.dmp
C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.vcproj
| MD5 | 9ee34d72f0c9e158fcebb31cd8878d6c |
| SHA1 | 3f06d5e6e886961af80fa823e2d52ce5cd0b84d8 |
| SHA256 | cafe34e86117a15c4e0b40f12bcbb79cb6ef8f0ab8ed10def567357ab11637cd |
| SHA512 | fb41af029142289de950ba7bc1512a586e9c9e2414f46bb755936637978d40eca5d8e671369be61acd38e841bcd11c264e2de55fbc087e91b4a7529ffe91a55b |
memory/2468-714-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.h
| MD5 | 20af26e2ab559ddc6ca1929834da003e |
| SHA1 | 7ae93554fbcec9851f68f16a2eaed9c3f299ce5f |
| SHA256 | 18c5fb7cb71eb7b2d1835ce44b24e09213aa885c1407e4e2401fbd2d74970d8e |
| SHA512 | b9ff67e715e0489d761424266eda7049f40fe38e0ee4f595b1d4b43e6e9f829074827dc4ebbf9ff368be02a90a9343117930c88ed5fbb8e3d8eebda43a857d90 |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.cpp
| MD5 | 021aa48bed78c67e3a7969be8bc0bb5b |
| SHA1 | cca95a2d7d82ed610245d3ae88dd19c339c402ac |
| SHA256 | c9ef523d9abcac32bc86cc5e316c03749b64ec4bce0343289c05e9366639696d |
| SHA512 | d3e10547d368d50863cc781e1831c5fa6264faa9cc64af6114e7f4e21d361849bbee0784f0d653bc824079e43bdd8ae8d02b5574520497b07e0022cbaaef3c32 |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.h
| MD5 | 956c9c67fe3fa489547c1767afb50ec4 |
| SHA1 | bc76c3e7df811b582ee153c43b986c8ed107e72a |
| SHA256 | 65df81aa1a72667285733ff7515632d7c003b2c21b37d623fc3f6663738137c0 |
| SHA512 | 3fd906cb79b534fc63336005a605ee092fb8b028ad660882c3324f72d794cb1198c13fc23390b1fa1e0e895c1963f293b3411ec4599d67a5b8b8fdfd77840200 |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.cpp
| MD5 | 9f6258b7c0fafde9b1d0ed44ffea7070 |
| SHA1 | fdbf716e6fd03bb3d2671f854a997ea46efae26f |
| SHA256 | d020d9cf2563f8b6021593fa604e9cfbe54bcb8b7361ccdbc220e543a6995045 |
| SHA512 | dd00a5f40caa128ccaed782e6aba697dbd24ca194f051ef1fa542b3acaaa618e08c822ecec45eac4a37fb29c889dc4df5bb99ca6f328f010c4f4931d88a3ee7b |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll
| MD5 | 4237719534b21bb179480ed8bb23c0cc |
| SHA1 | a1c8db76137b6131b7b8fe379841cb3df62f3b7d |
| SHA256 | 15ee5851ff1b33e369b43c66d44e3d1452a212c2a37f337b680fe8bd88df8748 |
| SHA512 | 4ace9a2ca9beaf64a3b097922300e6bf46729375cb4dfa4bc3d81b0420ff28cd45c2cfdb9c05e4885ddd39cb6bf160d932be4711c219302d684d23afeadb4f72 |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll
| MD5 | c5b870ce07da5206d8a81e139920b7dc |
| SHA1 | f868450ed5f886f084c00345c75143c65fd9338e |
| SHA256 | eb26b38a604cf98b95a39fd249c0771e351061a9894d22284cdfe984e8fc7a6c |
| SHA512 | 7dfb3e9940ec0d14b42c77483f71274701c46483e65ee57a0853a31f688cc5c3d0c0af2050229ba196d9beff9813f259e3f92eec9d8352cc0e416feb4eb1a6be |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll
| MD5 | ed7867296697880928f297914d80f211 |
| SHA1 | 1cc9b65d8f94a04ea59b7511df522fcb68c275e9 |
| SHA256 | 3dc9ea4350e99e6216da0840c53ed8ccca39ba7df7a4146b47affcab128a4432 |
| SHA512 | 044fdeccb4a46edf37bbef8e6cbb36ac586a2aa505b34f71977a2e404fff088a60ff8277d0251b23c7f5d090a337b4cb5af1fea1a638b408eec6f334bc416ad8 |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll
| MD5 | cefc5c56720ca850ccb20faf47733bd2 |
| SHA1 | 55f25cf4a7de12607b085e8cfdba0383f0207e9d |
| SHA256 | f107dd69b4115864d289f364fafc0e045fd3e9fc4bde5586ce8c1bcf59cc65a7 |
| SHA512 | 1b6fba56feac4f4345b2f6ced82a3dddacc3c0cb6f49c1d30105a8156b8de851e34b9e31478c658c60d907c9f26237d2efb7c2ab85adb49905fdcca6349a4dee |
C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll
| MD5 | b02fa5c8eefbcd010aaac97a94ff62bb |
| SHA1 | fd88f2fc529515252cbcab507f322b080853c38b |
| SHA256 | 7bd0d77fd790215bb67337f9f210b05aaab0193d105b8ff86ec422e9875eb033 |
| SHA512 | 1d18cb2cffbf83ef949c2a34fa28c4e011c623c62ce743c7f320db1acfbd41bea2ea6d3f0d93a34874973fc43367d6562c630f8b7912b22be7ccc61851001a18 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare.lua
| MD5 | 26c0e56abebfb550a9d208d6191816e0 |
| SHA1 | 8f2392846633ac48a0168afe9f20afc124699f4c |
| SHA256 | a825f660df2e6c13dbece0a0f8dc306129bd784f8dc4efc37e67e9cdd00ce65f |
| SHA512 | 4fc8a18e2f24374953694cb9230d9ddba7a1b69b3ba5574ae143cb79b8d0f7cd94e9dd7337ec58ea40769a4b552a583c466781ac7eff50c9199eab39ad2076a9 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\link.png
| MD5 | 0212208fd406500388f08bc4189cc57e |
| SHA1 | 79a82f1ac86d6c4be3c3e4b0a790bfd4e2f6b27e |
| SHA256 | a85170d26b9344dca793c3b2326ec709d2f2d01578e78b855e82b14795b0025c |
| SHA512 | 33e7e2ae0b3d36d8e909cffc993e6b36923e8775e780832f5d689c15d04712ea412b62cc709c53128d9acad34f1922cb9fee90304da2f879bebeb4f3a67b9523 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\UpdateOrNew.FRM
| MD5 | 5ad30685c039c115c346d24223c3eae4 |
| SHA1 | 814c5b02040e87906e7a64f4355b8a35101bdacf |
| SHA256 | bd3e07decc17007796403191246ab0f3585f51532fbf16d496e541c3107d7e0e |
| SHA512 | de29c279573c7cc542e8a9ac427594e067d47de390a7d41ac2e7ccddd646550b5ed6d2ecae39b2c7b798649b6d61ba5bd259fd0a8814d35b508d3ae96dd19bc1 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\PublishCheat.FRM
| MD5 | d6fcb383a27920083054dd42003bec4d |
| SHA1 | 3941a986929680d50b8b74e61323d1d6c20aec27 |
| SHA256 | a8611471651393e17090167c5b6cade46eae9fee8841db0816bf36a4f43fbe16 |
| SHA512 | 405cbb3823344bc321e135c8084710352506a342ff22a2c356b0629eb6e929ac44c0098bd6e90256bc0814a7693d367e6e4aea8bf277b122654e19a185d52938 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\Permissions.FRM
| MD5 | 7ffd1e1b425636cfa08cda89429c69a6 |
| SHA1 | ec6a75fca2bc4f2e8cb7ab9644d1bedb1d686221 |
| SHA256 | 44e9bc08a3f919da8689c4703e77324568f3902e95f8f3f92ccf234bcf7bf649 |
| SHA512 | dba72b7a8f1a3d72101e4f735e0cea1be8e72236a81e6fc2ce18e7f93715b5c1f21aa384790c7e0097a23aeb6d52e954ce7c7adf7c6189a855dcd6fadade7c9b |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\InitialSetup.FRM
| MD5 | 23cc858da49a7bda9e9fe3abf8d86d1d |
| SHA1 | 9d869496104acfff0c5cb572628085666dc53486 |
| SHA256 | d5786540891c411bc34a5505a6cee0e747df2e5cd410abfeb94e6d4169c85069 |
| SHA512 | b5650ab1ae463f97f5681dd3fdff7015c963703a7437ac5f71a158f3e0bdc045e69151897d0ec75aa9dd4ccac5475e6e492ce46a296bcab8c4c329720e3c002a |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\CommentsOrRequests.FRM
| MD5 | cd4d7aee15163ab407b4f18d8f93dcc3 |
| SHA1 | 676e3eea53646f221dcb4c9b7dcc2cb5315f36bc |
| SHA256 | d8de8120c14da094feddb24c46c3e729d99696ccce9c2d479797ffbbf34bd20b |
| SHA512 | 17ede3db62a9d2abfb8d2715e5ed816a7badf1eb7ead79e5b48ab6db7dcd8215b40cdd03d4a3cfd5ede4567fa5092d9f7406fb25bc82dcaa26cbea57c2207f69 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\BrowseCheats.FRM
| MD5 | d4f5fe5a2f5feeb3d97b2fdf4ae7e6bc |
| SHA1 | eef59c5a8aacd86f993e2bb3f8e5892817a9f7eb |
| SHA256 | 9cb25c63ab41be2ba3984df20686dd27bf937e029ebfaa56ebe88bac6dfc53b6 |
| SHA512 | b00e9467a5203b04a958a69b20152ad5907e5337a43e3ff8f9209a01d7874dd477bb8596e93b3acaf7354ee7ce76e742f4a72f598473a9c8cc36bbdbb240bb43 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_requests.lua
| MD5 | 6cf99831e2aaafb97e975eae06a705ff |
| SHA1 | b6e71f7d3c779575598b65a6e4fb341344a3ddd2 |
| SHA256 | e9d57acb17502ac169deb37f211e472f68cd6e8a69e071d384b989fa45e9fa7f |
| SHA512 | f6467c4c9dcab563dbb5a337c76616208d1a1058d704b222e616e5a0809a156b1a29198919f4bf0d40c55a6e972439722c02aac8a156c53572b6d7ef80986405 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_querycheats.lua
| MD5 | 623b89f1e13c54a1f560b254317948b5 |
| SHA1 | b90e2de7a5cff0b14738f2fb4f6a3a4e1ee1a17c |
| SHA256 | 0c6e90c2525f1560acea3f4bdae056d11df1c2f675c2335594dc80bb910a1b17 |
| SHA512 | f80cd50f860a5f8d5c6d6ab7ba8691b443da91573f3f0fc8d5b82b79556c5ac02accc610870ea61a886ecb8a4491457965d082f8f41df781ded1db84f7157a3f |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_publish.lua
| MD5 | 87cd08b16891e0dbe3d47bb71ca91691 |
| SHA1 | 55d98338b4aa0df3566cd2e721b3d3f86a3836aa |
| SHA256 | 6bfd35aa64ab566ddb68d0675ad3b4a093649010a9c30df3a30a7f9dc2ed7702 |
| SHA512 | 847becf1d3066a3e185001035b68496b91876bdeb323734782c41fc9b2bdf665bf33c728cebbe78e820654d87b1969c09b5d1faed7498538cb5f761984108614 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_processlistextention.lua
| MD5 | 607a7c1ab93026d94916f21779d0d645 |
| SHA1 | 3d5a64b256fc44086e6e190ea0bc45b5999e1979 |
| SHA256 | ea61eea6289c2feba7b7d0cc24db5277e383102f24784e6bf7254af41829599c |
| SHA512 | d6749e2dbe46466a1cb1c464ce3f237836ef6b572ef897c7f5c9d12f80a6c0c7a5dfea54c3499a91e14b29c8bbf0809cce433c379f9e5dc0072e436f641c59ad |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_permissions.lua
| MD5 | 65c8d4eddfe05267a72eae3ddb2cf02a |
| SHA1 | eef2928d355c8b669f8854da37162ba1fe32740a |
| SHA256 | 15b0c7682e5e8d2e2c2b8cb00c0c03b7dfa9439ac80c37f8e96a4f86652246f9 |
| SHA512 | 1c151d5a44482362430fbc6ed4550671ad96e768942e4ec2a4c487182bed9d0326a0d40a1ac43f2c8a3de1e18e33b055ce7126d80fee9b5b7091ed83a22a41ad |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_fulltablelist.lua
| MD5 | 665bb2e55e2a13157d1dbfef05d1b905 |
| SHA1 | 408fea33f574bd0fa9e4cb71958363398e0699bc |
| SHA256 | da6ecce3db7d305813ffe80ca994663d43f1068f0fb67399a4c66d1f28684bfa |
| SHA512 | 8fe95e22680e1e802d0ceeecbbd6b098526468b8cf4d838301d2833247d94e4f3b3a4b76a68f9faaa2177b42ff2ffea2df46ef56a4a0ce501d126135ce8ee985 |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua
| MD5 | 0d4d1b597712015ef1b0ec8adc26495f |
| SHA1 | 3584779c06619f545b47a27703aa2f47455d50de |
| SHA256 | 89c8fccc16d2aa0a3004dc1b477a5c1dcbba539769b2a4558f7c7d9b9809b133 |
| SHA512 | ae26bbb2c3f74c143a01ec3b296a26699c679d51bc68c8c7b8c460616d1a0aa065500ebca83e972a720bd7a3c5a7b63a673eaecef1391a2e717208ef8da0796f |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua
| MD5 | 0b5180bd64689788ebeaa8e705a264ac |
| SHA1 | 43a5cc401ee6c4ff4a94697112b1bc1d4345fc19 |
| SHA256 | 8fd38a5e6c0408ca77e0e7a0ee179b4391758ec6da94ea289e3a2cbc1ab1ec59 |
| SHA512 | cc26e2e36b93bf89aa16c744b2db60d855de616db7a67f4fb24135545104459338c3edeab42bb316b1ecb0db9e31970b1415a1bf638ea3e53ae31471330aeadb |
C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua
| MD5 | e76fcd2ecd5b956d4579a676aa3eea01 |
| SHA1 | 49ecba5ccc531a40ad7805a126d38b44b4a36576 |
| SHA256 | 0339ba0043af5c058cf3a19de9f90312d18f6bb2728f454ef403b531bd57ae42 |
| SHA512 | 8443c213d4a626a358631f76a0cc4c106543ce58c94d34a96b88574b3e32ae742f28878b259a17823ca07ec521b06e32e572e7bc77e10951bc0984b07c0571c6 |
C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua
| MD5 | 40d6bfe593194cf938e19622a3c13a5e |
| SHA1 | 761257e8ef492431cf0e04dbca396fabb25fe1ae |
| SHA256 | c4cef60489b067c8e7abcdd5594643a27d0720b21523753dd462d53024287116 |
| SHA512 | 1d1aaa9de74b0bb08cc4ceced5dbfa4c589347eac098d7ae013d5a1beaae0eeaca4d314e2591560c6df14a93dd4e9316ca317d21efadcca57d11eee72f4c6e16 |
C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA
| MD5 | 459b793e0dc43a993f03d8b612f67cec |
| SHA1 | f14ae9afbe97af534a11bf98ac1cc096269f1474 |
| SHA256 | e2cbb4c2f46305bb07d84222231012fd4c800fe8e1b43e0aa1af9b6c5d111f7f |
| SHA512 | 1740068e3419d153ecbd9d1a6aada20aabe71915e7422dce1a83e616e8d2a1084922a81741591a682531e1f8146e437d8688521c7707a4909e5721768a3f956e |
C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua
| MD5 | 3e20f1013fb48a67fe59bede7b8e341b |
| SHA1 | 8c8a4cb49c3b29db2c47f84aafd0416101722bfe |
| SHA256 | 96e4429192f9ab26f8bf9f9429f36b388aa69c3624781c61ea6df7e1bca9b49b |
| SHA512 | 99cf3f88c8b06da0dbe8085dee796bec7a9533990a55fbce7524a4f941b5ecf0e8ec975a4b032eb2aaabd116c0804995a75036c98a5e4058f25d78d08a11f3f2 |
memory/3048-718-0x0000000004540000-0x0000000004680000-memory.dmp
memory/3048-720-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/3048-727-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/1468-729-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce46573bfa8fc5ca7b8d41a6351a40c1 |
| SHA1 | 9be1d452118501074aa66e422949b4a8965a6074 |
| SHA256 | 63695d7287c55ee656622d931e66debc74bf4a7f16210a56d438e63c9d9c0561 |
| SHA512 | 23fbac8a231abbc0d5b7f6cbc5fe664981ee27d33455e9b414d54805b38fdee65d146f0bd4778d5c88305ebfcec831233475fd8ced5d927329417acaea496e77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f5631c52a89be5d364515a094b3e156 |
| SHA1 | ad02265958381c7571cd3a9418ba245319802c98 |
| SHA256 | 209de727a475156c9ea2c77cb3d222c157968e52f1f2df4e7b7c890551390545 |
| SHA512 | 549173bbca3bbb10b970a177ec8cf95deb720e0c776f2ce83b3bdeeca5c5579938bd967d8bec30ef0754104befcfaea61aa2dcc226ac0a7e98b4b53bf6799798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 286b8211a8ca2ee4763040a8937937e6 |
| SHA1 | c88a19531349d769d5bddf100d58e1d52de934ec |
| SHA256 | 2b9f9c50362cb60513acd705138ae9990e744e3ed708c165b44f7b5ca6acf0e1 |
| SHA512 | ce1c408da41fcd8b019f3858e9673b2e39875667acc570696aa6bbbe57c0ee8162f3d008d801bb52c4eeb0ba05585d1757bbb66cf487c76e908f960d290bb199 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5a077a539d9ff50239797ba5fde6779 |
| SHA1 | 9d3928d01aa664c95855f3c641231cfde9897045 |
| SHA256 | e36d234b5f454eac1a47bbfb71058a60e5fbb057f05837c339e0c606c1a7f822 |
| SHA512 | ad3060a6c2bd323aa9466253663c436707273d662614e47a818321666340099a0c0fa56ebecefa6d48530608fcffb73c016682ad880b32a2ec9b574cf32e085b |