Malware analysis CheatEngine75.exe Malicious activity

Add for printing

File name:	CheatEngine75.exe
Full analysis:	https://app.any.run/tasks/99920a14-d1e4-4ba9-94b4-556fc187f24f
Verdict:	Malicious activity
Analysis date:	November 28, 2023, 23:55:02
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	96D1196BD8E52D9889656B2960A27E5B
SHA1:	75B17106B9AA54CCEA7583C8339B81993F27E69E
SHA256:	75F32AB1A2E666CA53D9D8E3D9D6D7E64EE068AA92AF66BDD1E4F6527E83E1EC
SSDEEP:	98304:p+cD4dn4FEEnnT/6wIIeFEEnnT/6wIIeFEEnnT/6wIIDO7UClKtIu/uuf+EE2nuG:i/U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - CheatEngine75.exe (PID: 2708)
  - CheatEngine75.exe (PID: 2512)
  - CheatEngine75.tmp (PID: 2504)
  - CheatEngine75.exe (PID: 2760)
  - CheatEngine75.tmp (PID: 944)
- Starts NET.EXE for service management
  - CheatEngine75.tmp (PID: 944)
  - net.exe (PID: 3380)
  - net.exe (PID: 2336)
SUSPICIOUS
- Reads the Windows owner or organization settings
  - CheatEngine75.tmp (PID: 2504)
  - CheatEngine75.tmp (PID: 944)
- Reads settings of System Certificates
  - CheatEngine75.tmp (PID: 2504)
- Reads the Internet Settings
  - CheatEngine75.tmp (PID: 2504)
  - Cheat Engine.exe (PID: 2696)
  - Cheat Engine.exe (PID: 3900)
  - saBSI.exe (PID: 1452)
- Starts SC.EXE for service management
  - CheatEngine75.tmp (PID: 944)
- Uses ICACLS.EXE to modify access control lists
  - CheatEngine75.tmp (PID: 944)
- Reads security settings of Internet Explorer
  - saBSI.exe (PID: 1452)
- Process drops SQLite DLL files
  - CheatEngine75.tmp (PID: 944)
- Process drops legitimate windows executable
  - CheatEngine75.tmp (PID: 944)
- Checks Windows Trust Settings
  - saBSI.exe (PID: 1452)
INFO
- Create files in a temporary directory
  - CheatEngine75.exe (PID: 2708)
  - CheatEngine75.exe (PID: 2512)
  - CheatEngine75.tmp (PID: 2504)
  - CheatEngine75.exe (PID: 2760)
- Checks supported languages
  - CheatEngine75.tmp (PID: 128)
  - CheatEngine75.exe (PID: 2708)
  - CheatEngine75.exe (PID: 2512)
  - CheatEngine75.tmp (PID: 2504)
  - wmpnscfg.exe (PID: 2952)
  - CheatEngine75.tmp (PID: 944)
  - CheatEngine75.exe (PID: 2760)
  - saBSI.exe (PID: 1452)
  - Cheat Engine.exe (PID: 2696)
  - Kernelmoduleunloader.exe (PID: 3084)
  - windowsrepair.exe (PID: 3712)
  - cheatengine-i386.exe (PID: 3252)
  - Cheat Engine.exe (PID: 3900)
  - cheatengine-i386.exe (PID: 3496)
- Reads the computer name
  - CheatEngine75.tmp (PID: 128)
  - CheatEngine75.tmp (PID: 2504)
  - wmpnscfg.exe (PID: 2952)
  - saBSI.exe (PID: 1452)
  - CheatEngine75.tmp (PID: 944)
  - Kernelmoduleunloader.exe (PID: 3084)
  - Cheat Engine.exe (PID: 2696)
  - cheatengine-i386.exe (PID: 3252)
  - Cheat Engine.exe (PID: 3900)
  - cheatengine-i386.exe (PID: 3496)
- Manual execution by a user
  - wmpnscfg.exe (PID: 2952)
  - Cheat Engine.exe (PID: 3900)
- Reads the machine GUID from the registry
  - wmpnscfg.exe (PID: 2952)
  - CheatEngine75.tmp (PID: 2504)
  - saBSI.exe (PID: 1452)
- Creates files in the program directory
  - saBSI.exe (PID: 1452)
  - CheatEngine75.tmp (PID: 944)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (53.5)
.exe	\|	InstallShield setup (21)
.exe	\|	Win32 EXE PECompact compressed (generic) (20.2)
.exe	\|	Win32 Executable (generic) (2.1)
.exe	\|	Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:02:15 15:54:16+01:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	741888
InitializedDataSize:	89600
UninitializedDataSize:	-
EntryPoint:	0xb5eec
OSVersion:	6.1
ImageVersion:	6
SubsystemVersion:	6.1
Subsystem:	Windows GUI
FileVersionNumber:	7.5.0.0
ProductVersionNumber:	7.5.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:
FileDescription:	EngineGame Installer
FileVersion:	7.5.0
LegalCopyright:	© EngineGame
OriginalFileName:
ProductName:	EngineGame
ProductVersion:	7.5.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

128

"C:\Users\admin\AppData\Local\Temp\is-PVBA3.tmp\CheatEngine75.tmp" /SL5="$701E6,2349502,832512,C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe"

C:\Users\admin\AppData\Local\Temp\is-PVBA3.tmp\CheatEngine75.tmp

—

CheatEngine75.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-pvba3.tmp\cheatengine75.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

944

"C:\Users\admin\AppData\Local\Temp\is-1S8O2.tmp\CheatEngine75.tmp" /SL5="$80108,26511452,832512,C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\admin\AppData\Local\Temp\is-1S8O2.tmp\CheatEngine75.tmp

—

CheatEngine75.exe

User:

admin

Company:

Cheat Engine

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-1s8o2.tmp\cheatengine75.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1452

"C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=DE

C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\saBSI.exe

CheatEngine75.tmp

User:

admin

Company:

McAfee, LLC

Integrity Level:

HIGH

Description:

McAfee WebAdvisor(bootstrap installer)

Exit code:

4294967295

Version:

4,1,1,818

Modules

Images
c:\users\admin\appdata\local\temp\is-ma738.tmp\prod0_extract\sabsi.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1660

"sc" delete BadlionAntic

C:\Windows\System32\sc.exe

—

CheatEngine75.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1728

C:\Windows\system32\net1 stop BadlionAnticheat

C:\Windows\System32\net1.exe

—

net.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Net Command

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll

2336

"net" stop BadlionAnticheat

C:\Windows\System32\net.exe

—

CheatEngine75.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Net Command

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll

2504

"C:\Users\admin\AppData\Local\Temp\is-V3MON.tmp\CheatEngine75.tmp" /SL5="$D0194,2349502,832512,C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe" /SPAWNWND=$7019C /NOTIFYWND=$701E6

C:\Users\admin\AppData\Local\Temp\is-V3MON.tmp\CheatEngine75.tmp

CheatEngine75.exe

User:

admin

Company:

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-v3mon.tmp\cheatengine75.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2512

"C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe" /SPAWNWND=$7019C /NOTIFYWND=$701E6

C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe

CheatEngine75.tmp

User:

admin

Company:

Integrity Level:

HIGH

Description:

EngineGame Installer

Exit code:

Version:

7.5.0

Modules

Images
c:\users\admin\appdata\local\temp\cheatengine75.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll

2696

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

—

CheatEngine75.tmp

User:

admin

Integrity Level:

HIGH

Exit code:

Version:

6.3.0.0

Modules

Images
c:\program files\cheat engine 7.5\cheat engine.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2708

"C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe"

C:\Users\admin\AppData\Local\Temp\CheatEngine75.exe

—

explorer.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

EngineGame Installer

Exit code:

Version:

7.5.0

Modules

Images
c:\users\admin\appdata\local\temp\cheatengine75.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

6 032

Read events

5 981

Write events

Delete events

Modification events


(PID) Process:	(2952) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5D6FDBA1-AC93-4CC0-9BDA-8AE41E3C841D}\{2EA63D80-004F-4B63-8203-9BC0C518550B}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(2952) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5D6FDBA1-AC93-4CC0-9BDA-8AE41E3C841D}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(2952) wmpnscfg.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{E6A34EFB-EC33-4A18-B117-8FFEACD8A1FA}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2504) CheatEngine75.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:	write	Name:	Implementing
Value: 1C00000001000000E7070B0002001C00170038000400E003010000001E768127E028094199FEB9D127C57AFE
(PID) Process:	(944) CheatEngine75.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	GlobalAssocChangedCounter
Value: 115

Add for printing

Executable files

125

Suspicious files

Text files

431

Unknown types

Dropped files

PID	Process	Filename		Type
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\finish.png		image
		MD5:6B7CB2A5A8B301C788C3792802696FE8	SHA256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\error.png		image
		MD5:6B7CB2A5A8B301C788C3792802696FE8	SHA256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\WebAdvisor.png		image
		MD5:E7E01716964900D02C8DF9DB3125F8FE	SHA256:79301DD2BB2C8A67852C63163A3FF6448D9EFB202A611404F82C348BF9D1A5D2
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\is-EHN0D.tmp		image
		MD5:E7E01716964900D02C8DF9DB3125F8FE	SHA256:79301DD2BB2C8A67852C63163A3FF6448D9EFB202A611404F82C348BF9D1A5D2
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\is-FITGS.tmp		compressed
		MD5:CD9C77BC5840AF008799985F397FE1C3	SHA256:26D7704B540DF18E2BCCD224DF677061FFB9F03CAB5B3C191055A84BF43A9085
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\zbShieldUtils.dll		executable
		MD5:FAD0877741DA31AB87913EF1F1F2EB1A	SHA256:73FF938887449779E7A9D51100D7BE2195198A5E2C4C7DE5F93CEAC7E98E3E02
2504	CheatEngine75.tmp	C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\CheatEngine75.exe		executable
		MD5:E0F666FE4FF537FB8587CCD215E41E5F	SHA256:F88B0E5A32A395AB9996452D461820679E55C19952EFFE991DEE8FEDEA1968AF
944	CheatEngine75.tmp	C:\Program Files\Cheat Engine 7.5\is-B9721.tmp		executable
		MD5:9A4D1B5154194EA0C42EFEBEB73F318F	SHA256:2F3214F799B0F0A2F3955DBDC64C7E7C0E216F1A09D2C1AD5D0A99921782E363
2760	CheatEngine75.exe	C:\Users\admin\AppData\Local\Temp\is-1S8O2.tmp\CheatEngine75.tmp		executable
		MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F	SHA256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
2708	CheatEngine75.exe	C:\Users\admin\AppData\Local\Temp\is-PVBA3.tmp\CheatEngine75.tmp		executable
		MD5:2DBB23C62848635C596FA85BA7DEE128	SHA256:296DF81AD382686280652E45750AB5D9C0C35D4B308265FE5FF039017B7345A3

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
868	svchost.exe	95.101.148.135:80	—	Akamai International B.V.	NL	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
868	svchost.exe	184.30.20.134:80	armmf.adobe.com	AKAMAI-AS	DE	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
2504	CheatEngine75.tmp	18.245.78.226:443	d3cored83b0wp2.cloudfront.net	—	US	unknown
1452	saBSI.exe	34.213.112.26:443	analytics.apis.mcafee.com	AMAZON-02	US	unknown
1452	saBSI.exe	23.50.131.76:443	sadownload.mcafee.com	Akamai International B.V.	DE	unknown

DNS requests

Domain	IP	Reputation
armmf.adobe.com	184.30.20.134	whitelisted
d3cored83b0wp2.cloudfront.net	18.245.78.226 18.245.78.159 18.245.78.24 18.245.78.134	unknown
analytics.apis.mcafee.com	34.213.112.26 35.83.27.31 52.41.182.30 54.148.66.20 35.84.88.155 52.89.229.104 52.89.205.168 35.82.215.155	unknown
sadownload.mcafee.com	23.50.131.76 23.50.131.75	whitelisted

Threats

No threats detected

Add for printing

Process	Message
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-MA738.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in current directory

General Info

CheatEngine75.exe

96D1196BD8E52D9889656B2960A27E5B

75B17106B9AA54CCEA7583C8339B81993F27E69E

75F32AB1A2E666CA53D9D8E3D9D6D7E64EE068AA92AF66BDD1E4F6527E83E1EC

98304:p+cD4dn4FEEnnT/6wIIeFEEnnT/6wIIeFEEnnT/6wIIDO7UClKtIu/uuf+EE2nuG:i/U

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Starts NET.EXE for service management

SUSPICIOUS

Reads the Windows owner or organization settings

Reads settings of System Certificates

Reads the Internet Settings

Starts SC.EXE for service management

Uses ICACLS.EXE to modify access control lists

Reads security settings of Internet Explorer

Process drops SQLite DLL files

Process drops legitimate windows executable

Checks Windows Trust Settings

INFO

Create files in a temporary directory

Checks supported languages

Reads the computer name

Manual execution by a user

Reads the machine GUID from the registry

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings