File name:

CheatBreaker_Setup.exe

Full analysis: https://app.any.run/tasks/4d705f32-e06b-461f-b674-4ef3f1e791aa
Verdict: Malicious activity
Analysis date: August 01, 2024, 16:52:14
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

07CEB3A0970599DF6117EFA157E7E12B

SHA1:

1974DF0E5E557592104905B172B3D0FE2EFB1836

SHA256:

E8DAAF610C77BD22EE010DCDFDCD63FE12A5F979ED0C7556D33DEE2AECBA524E

SSDEEP:

393216:t+eBdLbCK4LPBM/FY1AUUQyyPbwquGLUsI8aiN9Yl3wtGgtK1aUhuIHdSAP1fb8G:t+mXcLO/yAUZy0wdGws4YYlAGgtiSIH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes powershell execution policy (Unrestricted)

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CheatBreaker_Setup.exe (PID: 6796)

    • Executable content was dropped or overwritten

      • CheatBreaker_Setup.exe (PID: 6796)

    • The process creates files with name similar to system file names

      • CheatBreaker_Setup.exe (PID: 6796)

    • Creates a software uninstall entry

      • CheatBreaker_Setup.exe (PID: 6796)

    • Application launched itself

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 7956)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 3900)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 8952)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 7476)
      • CheatBreaker.exe (PID: 1984)
      • CheatBreaker.exe (PID: 4644)
      • CheatBreaker.exe (PID: 4344)
      • CheatBreaker.exe (PID: 7596)
      • CheatBreaker.exe (PID: 8116)
      • CheatBreaker.exe (PID: 7548)
      • CheatBreaker.exe (PID: 9132)

    • Starts CMD.EXE for commands execution

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 9060)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)
      • CheatBreaker.exe (PID: 8508)
      • CheatBreaker.exe (PID: 7036)

    • Starts application with an unusual extension

      • cmd.exe (PID: 6216)
      • cmd.exe (PID: 1108)
      • cmd.exe (PID: 7912)
      • cmd.exe (PID: 6156)
      • cmd.exe (PID: 7796)
      • cmd.exe (PID: 8236)
      • cmd.exe (PID: 1536)
      • cmd.exe (PID: 7736)
      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 7196)
      • cmd.exe (PID: 232)
      • cmd.exe (PID: 8800)
      • cmd.exe (PID: 6996)
      • cmd.exe (PID: 7668)
      • cmd.exe (PID: 6584)
      • cmd.exe (PID: 8100)

    • The process hides Powershell's copyright startup banner

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

    • The process bypasses the loading of PowerShell profile settings

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

    • Starts POWERSHELL.EXE for commands execution

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

  • INFO

    • Creates files or folders in the user directory

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Reads the computer name

      • CheatBreaker.exe (PID: 7072)
      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 5504)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8040)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 6652)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6576)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 6564)
      • CheatBreaker.exe (PID: 8536)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)

    • Checks supported languages

      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 7072)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker_Setup.exe (PID: 6796)
      • chcp.com (PID: 6044)
      • chcp.com (PID: 3032)
      • CheatBreaker.exe (PID: 7956)
      • CheatBreaker.exe (PID: 5504)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8040)
      • chcp.com (PID: 8068)
      • chcp.com (PID: 7020)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 3900)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 6652)
      • CheatBreaker.exe (PID: 6576)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • chcp.com (PID: 7020)
      • chcp.com (PID: 3176)
      • CheatBreaker.exe (PID: 8952)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 6564)
      • CheatBreaker.exe (PID: 8536)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)
      • chcp.com (PID: 8668)
      • CheatBreaker.exe (PID: 1984)
      • chcp.com (PID: 5588)

    • Create files in a temporary directory

      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Checks proxy server information

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Manual execution by a user

      • CheatBreaker.exe (PID: 6948)

    • Process checks computer location settings

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 6528)

    • Reads product name

      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)

    • Reads Environment values

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 6528)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2088)
      • powershell.exe (PID: 6576)
      • powershell.exe (PID: 1288)
      • powershell.exe (PID: 7540)
      • powershell.exe (PID: 7060)
      • powershell.exe (PID: 7536)

    • Reads CPU info

      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.5.5.0
ProductVersionNumber: 2.5.5.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: CheatBreaker
FileDescription: CheatBreaker
FileVersion: 2.5.5
LegalCopyright: Copyright © 2024 CheatBreaker
ProductName: CheatBreaker
ProductVersion: 2.5.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
556
Monitored processes
439
Malicious processes
23
Suspicious processes
3

Behavior graph

Click at the process to see the details
start cheatbreaker_setup.exe cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
232C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\System32\cmd.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
304\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
608\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
788powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
788powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
888\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
904powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
373 118
Read events
372 576
Write events
470
Delete events
72

Modification events

(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\cheatbreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:ShortcutName
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayName
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\cheatbreaker\Uninstall CheatBreaker.exe" /currentuser
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\cheatbreaker\Uninstall CheatBreaker.exe" /currentuser /S
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayVersion
Value:
2.5.5
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\cheatbreaker\uninstallerIcon.ico
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:Publisher
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:NoModify
Value:
1
Executable files
19
Suspicious files
40
Text files
308
Unknown types
127

Dropped files

PID
Process
Filename
Type
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\app-64.7z
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\icudtl.dat
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\chrome_100_percent.pakpgc
MD5:D31F3439E2A3F7BEE4DDD26F46A2B83F
SHA256:9F79F46CA911543EAD096A5EE28A34BF1FBE56EC9BA956032A6A2892B254857E
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\nsExec.dllexecutable
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Programs\cheatbreaker\uninstallerIcon.icoimage
MD5:E26442A96F2E6311ED3687F308A6FC96
SHA256:FC3F5AEA3AF1B7F8B63DDC0AE5CA21237692CF38C761E389D1A5D3740D753734
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\locales\de.pakpgc
MD5:EC069F60C9825080B9D18FF6492E816D
SHA256:E0F632CE324951002C80E019DD0169BE9F6B0640533FA434CD6CA80F28A1D3F7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
33
DNS requests
9
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
239.255.255.250:1900
unknown
4
System
192.168.100.255:138
unknown
692
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:137
unknown
6332
CheatBreaker.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown
6316
CheatBreaker.exe
185.199.108.153:443
client-api.cheatbreaker.net
FASTLY
US
unknown
6316
CheatBreaker.exe
172.67.155.182:443
cheatbreaker.net
CLOUDFLARENET
US
unknown
5336
SearchApp.exe
104.126.37.179:443
www.bing.com
Akamai International B.V.
DE
unknown
6008
CheatBreaker.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
google.com
  • 142.250.181.238
unknown
client-api.cheatbreaker.net
  • 185.199.108.153
  • 185.199.111.153
  • 185.199.110.153
  • 185.199.109.153
unknown
api.github.com
  • 140.82.121.5
  • 140.82.121.6
unknown
cheatbreaker.net
  • 172.67.155.182
  • 104.21.50.25
unknown
www.bing.com
  • 104.126.37.179
  • 104.126.37.155
  • 104.126.37.169
  • 104.126.37.184
  • 104.126.37.147
  • 104.126.37.153
  • 104.126.37.177
  • 104.126.37.154
  • 104.126.37.152
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CheatBreaker_Setup.exe