e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e

Analysis

max time kernel
207s
max time network
516s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CheatEngine75.exe
Size

3.1MB
MD5

609fea742d34dc1d53f0eeb4873b1a0a
SHA1

3232c52da3cb8f47a870162a35cdd75fcae60aea
SHA256

e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
SHA512

27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
SSDEEP

98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+

Score

8^/10

discovery evasion execution persistence privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET9905.tmp	RunDLL32.Exe
File created	C:\Windows\system32\DRIVERS\SET9905.tmp	RunDLL32.Exe
File opened for modification	C:\Windows\system32\DRIVERS\bddci.sys	RunDLL32.Exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 12 IoCs

pid	Process
2920	CheatEngine75.tmp
1544	WcInstaller_IC201102_ISV.exe
2296	WebCompanionInstaller.exe
3048	CheatEngine75.exe
1528	CheatEngine75.tmp
932	_setup64.tmp
3008	Kernelmoduleunloader.exe
832	windowsrepair.exe
1484	Cheat Engine.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
480	Process not Found
844	DCIService.exe

Loads dropped DLL 55 IoCs

pid	Process
1880	CheatEngine75.exe
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
1544	WcInstaller_IC201102_ISV.exe
2920	CheatEngine75.tmp
3048	CheatEngine75.exe
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
1484	Cheat Engine.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe
2868	cheatengine-x86_64-SSE4-AVX2.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
844	DCIService.exe
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2440	icacls.exe
1320	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RunDLL32.Exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cheat Engine 7.5\is-K8M94.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\is-06TL9.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-processthreads-l1-1-1.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-crt-time-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\win32\is-A8CK2.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-B10P1.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-O63FH.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-3BS5D.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-DA069.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\is-7JUH8.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-FLR74.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\unins000.msg	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci_install.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\is-29QQI.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-Q82J9.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-AV3R4.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\lsa.dll	WebCompanionInstaller.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\tcc64-32.dll	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\BDUpdateServiceCom.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bridge_stop.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\ftp.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-string-l1-1-0.dll	WebCompanionInstaller.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-4C503.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\is-R777G.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NUUAF.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\is-697JJ.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\sec_api\is-3L9RQ.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\is-AL8B6.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.Loader.exe	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-processthreads-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-ABJ7T.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\winapi\is-5GG9K.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-9E475.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vccorlib140.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\is-O2Q7O.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-9PSQV.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-1M1TI.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\unins000.dat	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-05AT4.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\is-1SKGV.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\badassets\is-022KL.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\badassets\is-2FMRE.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-81LM1.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\badassets\is-Q1ALV.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll	WebCompanionInstaller.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\libipt-32.dll	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\forms\is-J8F9P.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\clibs64\is-FLI0K.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll	WebCompanionInstaller.exe
File created	C:\Program Files\Cheat Engine 7.5\languages\is-15VRU.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-NLCM9.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-PO69J.tmp	CheatEngine75.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	RunDLL32.Exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1480	sc.exe
1856	sc.exe
1028	sc.exe
1668	sc.exe
1532	sc.exe
2200	sc.exe
2516	sc.exe
2188	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WcInstaller_IC201102_ISV.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanionInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cheat Engine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kernelmoduleunloader.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CheatEngine75.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	CheatEngine75.tmp
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine"	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\""	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine"	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER	CheatEngine75.tmp

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine75.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe

Runs net.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	21	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
2920	CheatEngine75.tmp
1528	CheatEngine75.tmp
1528	CheatEngine75.tmp
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe
2296	WebCompanionInstaller.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2920	CheatEngine75.tmp

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
480	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
2920	CheatEngine75.tmp
1528	CheatEngine75.tmp
2868	cheatengine-x86_64-SSE4-AVX2.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1880 wrote to memory of 2920	1880	CheatEngine75.exe	31
PID 1304 wrote to memory of 532	1304	chrome.exe	33
PID 1304 wrote to memory of 532	1304	chrome.exe	33
PID 1304 wrote to memory of 532	1304	chrome.exe	33
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2928	1304	chrome.exe	35
PID 1304 wrote to memory of 2628	1304	chrome.exe	36
PID 1304 wrote to memory of 2628	1304	chrome.exe	36
PID 1304 wrote to memory of 2628	1304	chrome.exe	36
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37
PID 1304 wrote to memory of 2816	1304	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\is-HT8KU.tmp\CheatEngine75.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HT8KU.tmp\CheatEngine75.tmp" /SL5="$400E0,2335682,780800,C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\prod0_extract\WcInstaller_IC201102_ISV.exe
    "C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\prod0_extract\WcInstaller_IC201102_ISV.exe" --silent --partner=IC201102
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\7zS8060D419\WebCompanionInstaller.exe
      .\WebCompanionInstaller.exe --partner=IC201102 --version=8.9.0.371 --silent --partner=IC201102
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      PID:2296
    - - C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:1028
    - - C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" failure WCAssistantService reset= 30 actions= restart/60000
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:1668
    - - C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:1532
    - - C:\Windows\system32\RunDLL32.Exe
        
        "C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
        5⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3060
      - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        6⤵
        Checks processor information in registry
        
        PID:2380
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        7⤵
        
        PID:2908
    - - C:\Windows\system32\net.exe
        
        "C:\Windows\sysnative\net.exe" start bddci
        5⤵
        
        PID:2444
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 start bddci
        6⤵
        
        PID:3008
    - - C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:2200
    - - C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" description "DCIService" "Webprotection Bridge service"
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:2516
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
      - C:\Windows\SysWOW64\sc.exe
        
        sc start DCIService
        6⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:2188
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:900
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:9007/ user=Everyone
        6⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:904
    - - C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
        
        "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=
        5⤵
        
        PID:1792
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lz-gluqj.cmdline"
        6⤵
        
        PID:1836
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES451C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC451B.tmp"
        7⤵
        
        PID:2536
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eqyjfi1y.cmdline"
        6⤵
        
        PID:920
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4700.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC46FF.tmp"
        7⤵
        
        PID:2184
    - - C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
        
        "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --afterinstall
        5⤵
        
        PID:2328
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tv0hhk3w.cmdline"
        6⤵
        
        PID:2212
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8538.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8537.tmp"
        7⤵
        
        PID:1576
- - C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\CheatEngine75.exe
    "C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\is-4PGD2.tmp\CheatEngine75.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-4PGD2.tmp\CheatEngine75.tmp" /SL5="$501EE,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:1528
    - - C:\Windows\system32\net.exe
        
        "net" stop BadlionAntic
        5⤵
        
        PID:1772
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAntic
        6⤵
        
        PID:2252
    - - C:\Windows\system32\net.exe
        
        "net" stop BadlionAnticheat
        5⤵
        
        PID:2144
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAnticheat
        6⤵
        
        PID:2664
    - - C:\Windows\system32\sc.exe
        
        "sc" delete BadlionAntic
        5⤵
        Launches sc.exe
        
        PID:1480
    - - C:\Windows\system32\sc.exe
        
        "sc" delete BadlionAnticheat
        5⤵
        Launches sc.exe
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\is-NK8A6.tmp\_isetup\_setup64.tmp
        
        helper 105 0x1F8
        5⤵
        Executes dropped EXE
        
        PID:932
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:2440
    - - C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
        
        "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3008
    - - C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
        
        "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
        5⤵
        Executes dropped EXE
        
        PID:832
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:1320
- - C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
    "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1484
  - - C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
      "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6af9758,0x7fef6af9768,0x7fef6af9778
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2344 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2652 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2808 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2824 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1908 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2716 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1904 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1160 --field-trial-handle=1396,i,1712165194877795876,5401492601731881888,131072 /prefetch:1
  2⤵
  PID:1256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1048

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2420

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-991053917-11475529034412836801170635812-2917666401768982906183415237823002539"
1⤵
PID:1320

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12327198031691496039-751501708-16280941018597416015124446121841637714281300370"
1⤵
PID:1668

C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
"C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:844

C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"
1⤵
PID:1896
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
  2⤵
  PID:2380
- - C:\Windows\system32\netsh.exe
    netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    PID:1016

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-708819760-1864874746601095060-1236771841-26017045-8210274181079709172-1177126996"
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
8.8MB

MD5
2ddb76595361427259ad2733c0e2a92b

SHA1
1b0c897a1ae58c470f20fda67fee7f8f38936c04

SHA256
bbebe32f082f3277298a7a0f72ef8f66b639d91290c1c6bfd4ca4df4f7379690

SHA512
ad1b881eada6dd53ad307991746fbdb2a7e0c772f7c6f9d19e1708d42c18dd461ef20972f7ead5dfc722a61411159f47d9a27c5a5ae2c20eaf6a6d9027836798

Download Submit
C:\Program Files\Cheat Engine 7.5\allochook-i386.dll

Filesize
328KB

MD5
19d52868c3e0b609dbeb68ef81f381a9

SHA1
ce365bd4cf627a3849d7277bafbf2f5f56f496dc

SHA256
b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4

SHA512
5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926

Download Submit
C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll

Filesize
468KB

MD5
daa81711ad1f1b1f8d96dc926d502484

SHA1
7130b241e23bede2b1f812d95fdb4ed5eecadbfd

SHA256
8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66

SHA512
9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065

Download Submit
C:\Program Files\Cheat Engine 7.5\badassets\is-ODBOF.tmp

Filesize
5KB

MD5
5cff22e5655d267b559261c37a423871

SHA1
b60ae22dfd7843dd1522663a3f46b3e505744b0f

SHA256
a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

SHA512
e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll

Filesize
128KB

MD5
43dac1f3ca6b48263029b348111e3255

SHA1
9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1

SHA256
148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066

SHA512
6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll

Filesize
140KB

MD5
0daf9f07847cceb0f0760bf5d770b8c1

SHA1
992cc461f67acea58a866a78b6eefb0cbcc3aaa1

SHA256
a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4

SHA512
b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll

Filesize
137KB

MD5
42e2bf4210f8126e3d655218bd2af2e4

SHA1
78efcb9138eb0c800451cf2bcc10e92a3adf5b72

SHA256
1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288

SHA512
c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll

Filesize
146KB

MD5
0eaac872aadc457c87ee995bbf45a9c1

SHA1
5e9e9b98f40424ad5397fc73c13b882d75499d27

SHA256
6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f

SHA512
164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll

Filesize
124KB

MD5
5f1a333671bf167730ed5f70c2c18008

SHA1
c8233bbc6178ba646252c6566789b82a3296cab5

SHA256
fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf

SHA512
6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105

Download Submit
C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll

Filesize
136KB

MD5
61ba5199c4e601fa6340e46bef0dff2d

SHA1
7c1a51d6d75b001ba1acde2acb0919b939b392c3

SHA256
8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4

SHA512
8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31

Download Submit
C:\Program Files\Cheat Engine 7.5\d3dhook.dll

Filesize
119KB

MD5
2a2ebe526ace7eea5d58e416783d9087

SHA1
5dabe0f7586f351addc8afc5585ee9f70c99e6c4

SHA256
e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42

SHA512
94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0

Download Submit
C:\Program Files\Cheat Engine 7.5\d3dhook64.dll

Filesize
131KB

MD5
2af7afe35ab4825e58f43434f5ae9a0f

SHA1
b67c51cad09b236ae859a77d0807669283d6342f

SHA256
7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722

SHA512
23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0

Download Submit
C:\Program Files\Cheat Engine 7.5\languages\language.ini

Filesize
283B

MD5
af5ed8f4fe5370516403ae39200f5a4f

SHA1
9299e9998a0605182683a58a5a6ab01a9b9bc037

SHA256
4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5

SHA512
f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f

Download Submit
C:\Program Files\Cheat Engine 7.5\libipt-32.dll

Filesize
157KB

MD5
df443813546abcef7f33dd9fc0c6070a

SHA1
635d2d453d48382824e44dd1e59d5c54d735ee2c

SHA256
d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca

SHA512
9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25

Download Submit
C:\Program Files\Cheat Engine 7.5\libipt-64.dll

Filesize
182KB

MD5
4a3b7c52ef32d936e3167efc1e920ae6

SHA1
d5d8daa7a272547419132ddb6e666f7559dbac04

SHA256
26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb

SHA512
36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312

Download Submit
C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll

Filesize
197KB

MD5
9f50134c8be9af59f371f607a6daa0b6

SHA1
6584b98172cbc4916a7e5ca8d5788493f85f24a7

SHA256
dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6

SHA512
5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0

Download Submit
C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll

Filesize
260KB

MD5
dd71848b5bbd150e22e84238cf985af0

SHA1
35c7aa128d47710cfdb15bb6809a20dbd0f916d8

SHA256
253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d

SHA512
0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790

Download Submit
C:\Program Files\Cheat Engine 7.5\overlay.fx

Filesize
2KB

MD5
650c02fc9f949d14d62e32dd7a894f5e

SHA1
fa5399b01aadd9f1a4a5632f8632711c186ec0de

SHA256
c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc

SHA512
f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d

Download Submit
C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll

Filesize
200KB

MD5
6e00495955d4efaac2e1602eb47033ee

SHA1
95c2998d35adcf2814ec7c056bfbe0a0eb6a100c

SHA256
5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9

SHA512
2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866

Download Submit
C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll

Filesize
256KB

MD5
19b2050b660a4f9fcb71c93853f2e79c

SHA1
5ffa886fa019fcd20008e8820a0939c09a62407a

SHA256
5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff

SHA512
a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a

Download Submit
C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll

Filesize
324KB

MD5
e9b5905d495a88adbc12c811785e72ec

SHA1
ca0546646986aab770c7cf2e723c736777802880

SHA256
3eb9cd27035d4193e32e271778643f3acb2ba73341d87fd8bb18d99af3dffdea

SHA512
4124180b118149c25f8ea8dbbb2912b4bd56b43f695bf0ff9c6ccc95ade388f1be7d440a791d49e4d5c9c350ea113cf65f839a3c47d705533716acc53dd038f8

Download Submit
C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll

Filesize
413KB

MD5
8d487547f1664995e8c47ec2ca6d71fe

SHA1
d29255653ae831f298a54c6fa142fb64e984e802

SHA256
f50baf9dc3cd6b925758077ec85708db2712999b9027cc632f57d1e6c588df21

SHA512
79c230cfe8907df9da92607a2c1ace0523a36c3a13296cb0265329208edc453e293d7fbedbd5410decf81d20a7fe361fdebddadbc1dc63c96130b0bedf5b1d8a

Download Submit
C:\Program Files\Cheat Engine 7.5\winhook-i386.dll

Filesize
201KB

MD5
de625af5cf4822db08035cc897f0b9f2

SHA1
4440b060c1fa070eb5d61ea9aadda11e4120d325

SHA256
3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38

SHA512
19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099

Download Submit
C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll

Filesize
264KB

MD5
f9c562b838a3c0620fb6ee46b20b554c

SHA1
5095f54be57622730698b5c92c61b124dfb3b944

SHA256
e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d

SHA512
a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296

Download Submit
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
d965b90b308f139eb37dfd6fe91e234e

SHA1
d12aac5d30759033d21c5b0502d828b35061390a

SHA256
3036611488156303885ade167676db8290ca099f995cf82e68821a57c23a842b

SHA512
a48dbf538e2b6000abbf83c9370f9d657d44b6299676febfbc81d2ad6fd2106e848e0aa63a66d49686f373ab299e4fc184bd33729fa896638642bd3ec4909e24

Download Submit
C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip.tmp

Filesize
17KB

MD5
80e1acb2c9fd443f4298bce8af7ccc25

SHA1
0caed9af7e3e11395246eb697b35532c6d752013

SHA256
8fdb29858290d88f953e7eabbbbf6ef7362a54fc50108e9b148cdadc35ed3ac3

SHA512
cb89672e2f7b5a596a9d1eb9df1a405c763e24a65d2c5def0ecf9671c5f22b207a48aa44c7e06179b93ecb564df4ed0f5edd26873e47985d99939bcbe034502d

Download Submit
C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
183B

MD5
78bf5cb6fc32a7f8b33e672036fd3f61

SHA1
e850ea35b3abdf81c70f001d21e717d6d9337ee6

SHA256
631c240b8a0b2e2c78d64be9004df28e418bad9a6c3cd383743191cf7c07e525

SHA512
b972a0b6177dc42c64b6cacb69955d5b1fcae660b4acf5f6de8ee188a77afd5858c553a6a15a171c11467bd05a1a0ec440dceb321c29e3993ce7eb405f2ec20c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
717fbc3d51b1f148dc6db8f27e96e376

SHA1
0e8008d23765518e66f832a23571412ae3ac352f

SHA256
209336d14fb8e9a1447556cac709673b73f05855dc8827fdf94d1ec4d48ad6fc

SHA512
fc963f7587f62cf5eae86d3ef39a3b4946b5419782e1c60a8b6cae7435e750e9e544a02136e4dba2689953e234b11b6201be16d18d77307c7b84626c5070cef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
916eacb82890ebeaee590e17dfc577d5

SHA1
eb1e5d6b4ee751751c38fc6060884149852060fd

SHA256
e0cf0229e78ff1fb8a7cfd55932797197ade1da582a190c3e798312d80cecf0a

SHA512
f054c6b9a28727a569952e4f1667f8317127c8e1f04d7b90d495ac9af17719c709cd128f1c1f75d2f4387a0aa3e9019493c7ca646c00a7bd7f6da55f9614cd6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
855efd722c16183db444d81501124a9e

SHA1
1ae017cc82b3d43b0eeaba00a38b401b6a681380

SHA256
70c04e7bf3e47d2ea829028e0cb300f1682f196ed3c4ff91d656b3bf18c78bb7

SHA512
77acb469e0476b8b6399e2827e2e25a42c233f5b88b714c1de8e9303884dd3814152cc1ad3cc915a78a7d1e47d84a24d8de3d1c9a636398f10ac51b4da41d050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3a0ea1d6f349f466a50cd1f719d26ebd

SHA1
ef8c08ac0c4b1e17ad0f4d8386640db85dc444cb

SHA256
a7fb1815768c7d55e54f6c726c11ae1f1e11134eca1d614193178cd986741146

SHA512
fbc82219978d36cc0ce15d1d8648d6d627a3428e2782a3c6bf08578846776aa57186ad2a41f4c4bcc0471c7dc4bebcd027d071955e3214a69576c0763efc07ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7328ed37-e176-498a-aeaa-9afdcc18cf28.tmp

Filesize
9KB

MD5
453530be70590b89febd50f56ac31890

SHA1
5f5aa3eade501b2545b875475d2011f4ee50d50f

SHA256
f3b026b68f953cdfbe2c8e93ddc46e3484cb63f6daa2f1c7f14f290c97a7cbb5

SHA512
3cea150121dd78e35bcbd427cf21840f82a0ae0aec641049885ad0f775bcf154233fbfc4536308e6007f789551bafe4e742f8d9ed93dc97adf8387baaf339e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
815776351f7c8b61395e07be6f2b9d4f

SHA1
279ddec98f43140ac6bb04b2f0584c7fff832950

SHA256
c5e23a08b6c328216a368c208d6a8874957fc3e44864d5c212358dac08208869

SHA512
a95a7a3cba4b7c80eac9bc9741a2fd2985a7f535fac9a2a584186cf23e7ffdbb97ee893cb543dab4ef6544c5cbca8079ed244a0bc981bad45131d715b903b219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
829B

MD5
b23985931362677d509cb536714e2499

SHA1
888162e13e19449c3e9804148f4413c17cabb604

SHA256
32935511109717c97b3fe601e71815099fe7ef0fd1cc483b60260e6f3bc4719e

SHA512
2c68c24a7ba0fafbe0675a48d16d3bcb84eb932223c21e491d70e94cd054757c6acab4ac1cfa9ef9ec9528ffd0bec825dcf56cfa6c4db6695a0f71aa0e16b7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
633B

MD5
d4fb50e16562e597564fc98c47a542d6

SHA1
68b831c07d06480f13cdbb31a6f55d113f6f9665

SHA256
31f67707e15826a998c4c3d86811d79713aa3887b74d3709e8a0121316fb5e2f

SHA512
290ffe8a5419076bdb5568678702001171e185ee2049b5629d256e8a8e928ca76b3f49f03683396aa93d60263cf21565286a3c60fc9bbb1ad62e09656d10273f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ba65c86c4e76e4f124359d4cc9a09c1b

SHA1
0b953570c2fae89fce124e02214f7580a4857f62

SHA256
37ee5270d7c06bb3a757dae1fbef4093b615322bdc2dff39c86547536155ec4e

SHA512
ee70de378803d381776865501baf34131014301a5c4ee5fa976fe5875394b1d57f85e879cb755126d835b03a74075e3bdcaa1876dfc6ca8c2d792423f7fa210d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f974c41140e3269a19b397c5d977f1dc

SHA1
79700e499f3dfb770af29a2e8175a85cdda150b7

SHA256
1e55fb8a626b583e3c1c43029438f0b264e6b509b3dac81148c405e29882c030

SHA512
56346763ca6b532dd37b17e765c4889c8a55d4863871130ba596f46537001f7deab7a72c3165a51c628fcdc093d1b5a806840554150b9ffd5812f1f70e81aea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f1f13e5863d2772e74813743ee042468

SHA1
5c9cda6b11e0248434acc7306f1932f95ee80f97

SHA256
98fcb4d87f8563d348b311c2e1cf2af37010c172bdd1f0548f21719a1ce1419a

SHA512
d8da4fb88cd6a91d5825a459e2f446d9d9cb26a9bd63d0948df16700e710a667a7d53533b69e3427dbb47875b9754375c34130a6a843aa21fb3362d45c4632fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
7d3c2650e0139142a8d4274f6fd20311

SHA1
faa1823a93aa005919544bc15db1fd0ac6180904

SHA256
69b30a0c1938d6c123cf2ed14c575051d6f85d8ab7c0243a5b8ae5ba77c7266d

SHA512
a7376b650f0dd664f6d04908f19feeb3bcc3e37a4bb4a79d6d2058a8faba043ca3b89085e3a29dfa65dd8ddca7ed15686365ac91e2f310872dde97442fdd1e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d49dce6217e916301fbcda3378f5d5f5

SHA1
048e2325118006636b611c342a4a304837f8b884

SHA256
6dfcc0ed7be0f1b7c49162ca79203d234085fab9625a001eb424941b524e08d1

SHA512
e0f3f908f7c8f6bfa3ac667cf74547cd49ec64ca22cc44f1dde6f796a87b06a677331e308b5308e5b2e54b54b10f89d737d298cb7cd88d27271a49d323b98f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
019277b9ddc75de8b2d10c04d12f388a

SHA1
3ed6764d8d0799c0319bf9fb07839a753ba874e1

SHA256
e3f3b645392a5d13f68a333b9e4198ff4bd2d72ec419d14fc88591db024d5f78

SHA512
75cebe867a5fb4955b67ede2c1d4935a1226623a256f64f931dfdc984e736e3c7f54aee6a6503aaf2cf2fab745b6640c065508485ccfe5df18c8bc6b6645c53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
95b4e83962ced80d3994a3ac5d097ea4

SHA1
9559241800634286c277261ec9193c814cc7e48d

SHA256
6aea4314a3a4f77e4dfa1516b85da2eb147a539e45f1b59828bf575dc91f9bc6

SHA512
122e90acb38f623b6b2d6f45730fb2904fa7526d471240f63d0e9143382b89732040c82d334ead3bb197a184aed56f033d699775796f31ab9222e1a89524998d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac1f48097d332be12ac4ea8f590b0c62

SHA1
5487f6f32e6613c472f605624c2b6a26382d8ced

SHA256
c69b55b4941c7e621572fabe41eb382f179a55832893d9093e9d84defe2903e9

SHA512
0cb7e0774dda049db210e89a3651fe02fbfaaf32d7edd91af87c237be04a3dc5c5006063949f9b0fc97c9ed1877e6b8bedca3687d3c3b370a647025552b435f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
1d42cbcaaf79ef73195e644ddb64ec14

SHA1
4bd39c0a68516d2b4df698d3d39d684c67303a2f

SHA256
4c1fbe1cbd5129a056c06fe3b0faa1c42b3fa9ed692547003e619adddb18abf3

SHA512
dbd1807ba82b6c0cc6354a3f3ea79927d2308b33a5959cd066b54f2775d98facc9aebe4a3c87884340d8486db9210815aa14a3c186094952f31c028540fc9db7

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\5qk3gib9.newcfg

Filesize
2KB

MD5
26cc427945c959664a83e97d04e65a78

SHA1
8a6c052af332ae584b28475fbc7643add90e6c69

SHA256
9949e0b80972c8fe99767a9e49351c039fbe6abc811bbc076ef55f6fd70cc2e7

SHA512
98d562f26a25b81b64ceda8238bcbdcc3fc5e898818d554f5550919d800124a01d9d81c8ae7531fb1c8fcb61244002e57e672c00c4f72d14e62541808e484f78

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\9vnfo5t8.newcfg

Filesize
2KB

MD5
4d4ca86b8af28174188b5a99142860e4

SHA1
5f0de4ce5c1bcfa19d8cb4aa5716899463a92fb0

SHA256
12c6832e8d4603a78eadb96d4f7011a9345317d4619eb7d057b594936722bc42

SHA512
dc50f8c86ced84600d32f0ca94a6d3900f4afe54df3290703701de260fda52572fcdede731e62f97936134d2a13101a22bbb1f657af13cf63efbfe7dd2084a1c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\aolww_j_.newcfg

Filesize
1KB

MD5
e4308a22084be6f951aa99648cdbe1c2

SHA1
dbef8d6b73e101397816c3ade09d4f156987a53b

SHA256
f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446

SHA512
8d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\bmt1ju6n.newcfg

Filesize
2KB

MD5
ef12bea72f5f2b272fe26b197b3ca184

SHA1
7126b27288d8e5108fb15111b779b5eb8f77e902

SHA256
692e2d91afcd905969c5aa8fcbbb96b662207df6d1b78a595556bd3012533d39

SHA512
b9be043de3eed4e836c31405818a7c13de1da341907f809d809f2c0d093bc6c0a17964ba2e0d9df1faf2708f2f91915a73787c6221c7e829b037d3ada08051e9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\cua8rzbt.newcfg

Filesize
2KB

MD5
11f06d0ad6ffd5bba69c33dd652f1bf4

SHA1
16955cf7eff60e17006f1dc334524674952a1484

SHA256
3ca9011a3a97508dc4d1bffa39f237dd4d145d49018d589e8810f7315b1cdb36

SHA512
75d0027a8c19e9e947965a5749f99f4586ec07245c2642cff233aee6c5bcbf599be1604cefd9edb0a559796f55ad510bc564d60b8c1446bd2317d1a50ddcb7d1

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\if6crvka.newcfg

Filesize
2KB

MD5
76f386126b58c4ce0c05f1e445e53cda

SHA1
baa40d6190dc192e1c12194745e51bd220cbee50

SHA256
d286fd7552097fa68d4d3cfc3443242878c9b7db4924a81681c7621e6aca4510

SHA512
1c50465545201716a0f34fe05232edfe6e54cc54872f1fd0440e6ba65ce8a681253e7e6338d6f3ebf233d6fd186999453a02284356eba7b0cf3ac7c96af14737

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\nl5m9sgm.newcfg

Filesize
3KB

MD5
a0f94c88131876ee5c0236ff179e8992

SHA1
cef4628baa1fe79a4df00890ce95cead3a0820c6

SHA256
7cd9816cafa3d44a0fdec57a89c1522efbf42482bdb3f5b4610e52bad4fdae1d

SHA512
bddc74cf936bcdf68b3cac9040e16c072cb40011ce642bbc731bfbf77096635c9c77948a528585e57493d7fcf9f254b2153b1bfa146493cb7fd53b7dcc5b2d60

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\user.config

Filesize
338B

MD5
0a35fbae99f45bc0dccdb777ecfd0436

SHA1
65e295fde91f90d55b107680e060895654fe66e4

SHA256
19af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550

SHA512
db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\user.config

Filesize
4KB

MD5
4578ce63e631d9043805ba52a6284c40

SHA1
1b28d134b639692c17603bd19247001b744ee10b

SHA256
052705c660468044c9592d1b84bc38857a63022acd82507cc80b2b174e01f0d5

SHA512
f7011d157e2e5df6a6e19f2a8b1d866072f340a318001eea03b26de30d729220fc2a4d60a9000cfd8491fd7f53cb77267cb751d7a5edb70aba71c782aefb89a0

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\vo0m3vr7.newcfg

Filesize
4KB

MD5
f1a3c9b5606789fe48593e1ec9e4236a

SHA1
83abc7fe4f35c7e2d4f35deb91962a6bd8b27806

SHA256
36023a5b0024250a838badc9b21cafb8ffbb512c0b70a9f90c2a215a5b1d302d

SHA512
ecc2a63f3a89b8bca9c1df8b881d418944d0528769aac70f3bd2019c7905cbb65de2ff50a6b2ce62d23657d535dda3f22d73143e3141870731247b776801ca7c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\yklf18bf.newcfg

Filesize
2KB

MD5
0f52567ff36ee6655a32219f21b54887

SHA1
4fb341e09eaf176bc4e2d97f37a9de5d0c30872e

SHA256
89deccb3a952f09d39de0a9644cf37fd83afdb4ab97b52d9e0a9935f8a6ed152

SHA512
c44616767f441448cb32e40c3ae9c0f7836a726989424fa9d37c0f40af8779d8bb0f035b6763e7280063c3baa500dac59a3edf002195960cb85f53c2c9aa8c48

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\yru3wiaj.newcfg

Filesize
4KB

MD5
0618b3e803903a9f05fd41fcbec8d4f0

SHA1
76e389d47a5f4e0f5817e87df794e9b1170dc863

SHA256
82abb86d994c35d8da5da07bbb373848a65378eba9beddf29f786b1961f256b7

SHA512
2b4114e32fa95ea47a23dfde6d75df4a90fcda6cc4558c0c9a172bd6ad1aa7fc1193f91458efdaeb2045b6d3e06748f9b6d77882074be49e75f3890c19f68b82

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\yzpl0pxz.newcfg

Filesize
4KB

MD5
43b6f99947f6951a6a3013f89d7a319a

SHA1
529369bf52254c427aaaeca06c11d12c1141797c

SHA256
84b819be2bc9051c0749f7790c6f766fa66175fef60816ec0f16784eddd75146

SHA512
c743f9b231ff1dd3c6ed0513fea98d8298324dd0afb0bb9ed52affe5e639198edf884c5cf8f4db2466b3f39f3994302ea37d6e549411399cb96f496982cd2365

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\zpmhgu6l.newcfg

Filesize
4KB

MD5
2177205b4118bfdc6c01334905ee14b4

SHA1
2263ce79b13d1d463cdc59c00a953c6ba841958b

SHA256
0fc6db3f21cc89ea877d73fb49e2b059e2f18483889480bcb012c36de6aac1f4

SHA512
376d08c2a567568122e13ec670f053f6f472a3b10efa88fd8176e38a3ca7fb7aa3abf19fcac9623355bba75f79e925034ff4b10e3ae906a8326d0944bc9f4943

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8060D419\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
d9385bdc6e1554260cb7d30f6464dd9e

SHA1
b26637f3a18a503f5fd0fcf5d6cc20c087082052

SHA256
80a15ac4f887309d99b0e6566644a6fb95c028e8e90b130ceec54d808879a81c

SHA512
4dee0f7e2dae834f171766c3f7097660faf0bcbdaa57dd248c5c484c290e36d1b9e5599edd75dbdf2cc730ff872ce3bf7a5329941c84475bfac0bb25f01f4667

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCEC6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCEF8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\AVG_AV.png

Filesize
51KB

MD5
aee8e80b35dcb3cf2a5733ba99231560

SHA1
7bcf9feb3094b7d79d080597b56a18da5144ca7b

SHA256
35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9

SHA512
dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\AVG_BRW.png

Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\WebCompanionCHO.png

Filesize
19KB

MD5
992545a06d801d0fd6ef0390c147cae8

SHA1
c5e560ae740cb7da673edf2e7a9df0c31f2cfdfa

SHA256
ae499b9cf3d8b41a47c2b46abb0685230ab04ba0fc0dbfad92c3fc59cc188ea6

SHA512
e4d4211ff3f26d93e0e7bc9f07bc5f3db6ad2818d4044bdf8a457bb3e2f703e71c042a6c3e30f5131d47379c4c7418185084f88d5d3372d7ffaa2a09e6f0ef15

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\logo.png

Filesize
258KB

MD5
6b7cb2a5a8b301c788c3792802696fe8

SHA1
da93950273b0c256dab64bb3bb755ac7c14f17f3

SHA256
3eed2e41bc6ca0ae9a5d5ee6d57ca727e5cba6ac8e8c5234ac661f9080cedadf

SHA512
4183dbb8fd7de5fd5526a79b62e77fc30b8d1ec34ebaa3793b4f28beb36124084533e08b595f77305522bc847edfed1f9388c0d2ece66e6ac8acb7049b48ee86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\prod0.zip

Filesize
458KB

MD5
02224bf4902c35cbdc6bef8e6f7ca2ce

SHA1
a8728c98c4ada9b9f1af48308895fb0f92857028

SHA256
65a5285761330040b04cccbb7c01f61cec0a29cd86fcd8b62e0cb34e05b39164

SHA512
deb25dc6dc5005dbe7b56d3f1592ff6958710e129c551b471f91c4849492b1003a825021145424928c1f3210411d0a0b5405086ce484ff8a57a889d5a7f450a7

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new

Filesize
466B

MD5
c2c1b8f39e6ceef5556105ec9afed087

SHA1
2fe663d9878a42e54548452dd40c029d66a45dce

SHA256
9099162aa25543e0615e8253a3eef05d59cce0cad79608300bbc1cea849cc120

SHA512
812afb153cd914344f06b103983689da37d37a9d84237d329c7d75960641a4b06b548fd56d9a03e9b660fb436298cb6626edfa7f14b105b73a3a992f23ab7d63

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9ca42c78686d3bfc4d9199de904f930b

SHA1
d0a385c0c5ed1ae1770e0c64073928b052945a1a

SHA256
9e0285eee26a7793ec244781c58d05540f4ce747789f06dc146364d91029e5de

SHA512
552a0d4b440188d8cfed017a1a78abb9f7be857e1d1e000c415cc30631e6d870fea4d9b1ea9c1769c308e40396ca438af5e9e7825c8607f7a4216ec469271acd

Download Submit
C:\Windows\Temp\Cab347B.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
\Program Files\Cheat Engine 7.5\Cheat Engine.exe

Filesize
389KB

MD5
f921416197c2ae407d53ba5712c3930a

SHA1
6a7daa7372e93c48758b9752c8a5a673b525632b

SHA256
e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e

SHA512
0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

Download Submit
\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

Filesize
236KB

MD5
9af96706762298cf72df2a74213494c9

SHA1
4b5fd2f168380919524ecce77aa1be330fdef57a

SHA256
65fa2ccb3ac5400dd92dda5f640445a6e195da7c827107260f67624d3eb95e7d

SHA512
29a0619093c4c0ecf602c861ec819ef16550c0607df93067eaef4259a84fd7d40eb88cd5548c0b3b265f3ce5237b585f508fdd543fa281737be17c0551163bd4

Download Submit
\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe

Filesize
3.2MB

MD5
1c1630b241d5a6be07bfba2b3ea97a25

SHA1
7203255d1a6021874d41a48fcd5719fd7034f34c

SHA256
526cddd0d843f5984ac6cb98d28f22b090682c3a8704122b644ec8ae2c9a10e5

SHA512
bddedb575febf8c8103cfbb1981fd1d5f20d2e0f1d6f4252a98930d587420a69750ddc1be46932cdf979b8633054321f462557d88349459e111be43139beff4a

Download Submit
\Program Files\Cheat Engine 7.5\cheatengine-i386.exe

Filesize
12.2MB

MD5
5be6a65f186cf219fa25bdd261616300

SHA1
b5d5ae2477653abd03b56d1c536c9a2a5c5f7487

SHA256
274e91a91a7a520f76c8e854dc42f96484af2d69277312d861071bde5a91991c

SHA512
69634d85f66127999ea4914a93b3b7c90bc8c8fab1b458cfa6f21ab0216d1dacc50976354f7f010bb31c5873cc2d2c30b4a715397fb0e9e01a5233c2521e7716

Download Submit
\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

Filesize
15.9MB

MD5
910de25bd63b5da521fc0b598920c4ec

SHA1
94a15930aaf99f12b349be80924857673cdc8566

SHA256
8caef5000b57bca014ef33e962df4fca21aead0664892724674619ef732440ad

SHA512
6ff910bb4912fea1fa8fd91e47ae6348c8bf2eff4f2f5f9ef646a775ca1ecfef02c23f81baf6fe2d0b0bdda7617d91df52e75dc6063e86ea0444b0538cbd4e6c

Download Submit
\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe

Filesize
15.9MB

MD5
edeef697cbf212b5ecfcd9c1d9a8803d

SHA1
e90585899ae4b4385a6d0bf43c516c122e7883e2

SHA256
ac9bcc7813c0063bdcd36d8e4e79a59b22f6e95c2d74c65a4249c7d5319ae3f6

SHA512
1aaa8fc2f9fafecbe88abf07fbc97dc03a7c68cc1d870513e921bf3caeaa97128583293bf5078a69aecbb93bf1e531605b36bd756984db8d703784627d1877d1

Download Submit
\Program Files\Cheat Engine 7.5\windowsrepair.exe

Filesize
262KB

MD5
9a4d1b5154194ea0c42efebeb73f318f

SHA1
220f8af8b91d3c7b64140cbb5d9337d7ed277edb

SHA256
2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363

SHA512
6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8060D419\Newtonsoft.Json.dll

Filesize
423KB

MD5
32d2b354d49a144ad9cc73fda584c11c

SHA1
8024998509d082f984b84f8235637b626944ba78

SHA256
ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290

SHA512
c8d94823790264a0b3e9158c3453e4babf6523cd38ce626091f84d9b100e5fc5ab39d7ef6e082b207b54171e26136cce2033a99b7e2d1a17d8f0b2996723f491

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8060D419\WebCompanionInstaller.exe

Filesize
451KB

MD5
fb2ce6e0d7d5944e86697425c10cd11f

SHA1
0d4bee7a0b9350a3906bc4704cae72159dd83729

SHA256
ded4d86bf32884b7ad4639e26b4c79c0140060b8bca23660d31ebbcd66fa25b8

SHA512
e6daec17cf11ce4d9ccb28a489be80f1960a0a639138d2c770a5f84ddf7593f64824078796df7aa72e8407aae596333f646fea225207563f3e46dfcb1140eb8d

Download Submit
\Users\Admin\AppData\Local\Temp\is-4PGD2.tmp\CheatEngine75.tmp

Filesize
3.1MB

MD5
9aa2acd4c96f8ba03bb6c3ea806d806f

SHA1
9752f38cc51314bfd6d9acb9fb773e90f8ea0e15

SHA256
1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb

SHA512
b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

Download Submit
\Users\Admin\AppData\Local\Temp\is-HT8KU.tmp\CheatEngine75.tmp

Filesize
2.9MB

MD5
1cdbf6da4defe32c9cb5908968a02fab

SHA1
d1a5eb2928d718d7a1517187f523c701c141b659

SHA256
87c1bb2236a874c97369b2cca0d55559fa917707cebddf7a5eabc691f8302487

SHA512
215697cae7ec2ba27fbc0b9208cb8676e27d21e55e0184fc68cbd1c1bd57863daf29348ea677e97af84628800ba15e6db884df872c3adc673a3cd7faed2888b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-NK8A6.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\CheatEngine75.exe

Filesize
26.1MB

MD5
e0f666fe4ff537fb8587ccd215e41e5f

SHA1
d283f9b56c1e36b70a74772f7ca927708d1be76f

SHA256
f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af

SHA512
7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a

Download Submit
\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\prod0_extract\WcInstaller_IC201102_ISV.exe

Filesize
547KB

MD5
d7678115d4c99fbd770030a7bc9cc2eb

SHA1
be7df39fe98512112dd7f858888fa1bcb62f8e92

SHA256
4c432706ed06bf058d5b9bfb02d65c2e530f1b72ac1f4d7580177146b7a4d09a

SHA512
4ee99aa4e50586fe40a5bb9b2928b8752804895aefdb8ce523cbc225d2f623d143f660a82e618e87c2ff4ac9a11328ffa35f49a8c15fd8782b512b61e0cc2c0c

Download Submit
\Users\Admin\AppData\Local\Temp\is-PSLMV.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
fad0877741da31ab87913ef1f1f2eb1a

SHA1
21abb83b8dfc92a6d7ee0a096a30000e05f84672

SHA256
73ff938887449779e7a9d51100d7be2195198a5e2c4c7de5f93ceac7e98e3e02

SHA512
f626b760628e16b9aa8b55e463c497658dd813cf5b48a3c26a85d681da1c3a33256cae012acc1257b1f47ea37894c3a306f348eb6bd4bbdf94c9d808646193ec

Download Submit
memory/1528-1212-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1792-2739-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1792-2715-0x0000000073E60000-0x0000000073E72000-memory.dmp

Filesize
72KB

Download
memory/1792-2714-0x0000000008F00000-0x0000000008F12000-memory.dmp

Filesize
72KB

Download
memory/1792-3554-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1880-1241-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1880-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1880-49-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1880-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1896-2959-0x0000000000CA0000-0x0000000000CA8000-memory.dmp

Filesize
32KB

Download
memory/1896-3168-0x00000000199F0000-0x0000000019A00000-memory.dmp

Filesize
64KB

Download
memory/1896-3064-0x0000000000DB0000-0x0000000000E00000-memory.dmp

Filesize
320KB

Download
memory/2328-5455-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/2328-5351-0x000000006BA80000-0x000000006BA92000-memory.dmp

Filesize
72KB

Download
memory/2328-5350-0x00000000095A0000-0x00000000095B2000-memory.dmp

Filesize
72KB

Download
memory/2920-497-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-256-0x0000000002620000-0x000000000262F000-memory.dmp

Filesize
60KB

Download
memory/2920-279-0x0000000002620000-0x000000000262F000-memory.dmp

Filesize
60KB

Download
memory/2920-278-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-245-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-50-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-1219-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-1220-0x0000000002620000-0x000000000262F000-memory.dmp

Filesize
60KB

Download
memory/2920-8-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-1235-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2920-1239-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/3048-402-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3048-1213-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download