File name:

CheatBreaker_Setup.exe

Full analysis: https://app.any.run/tasks/4d705f32-e06b-461f-b674-4ef3f1e791aa
Verdict: Malicious activity
Analysis date: August 01, 2024, 16:52:14
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

07CEB3A0970599DF6117EFA157E7E12B

SHA1:

1974DF0E5E557592104905B172B3D0FE2EFB1836

SHA256:

E8DAAF610C77BD22EE010DCDFDCD63FE12A5F979ED0C7556D33DEE2AECBA524E

SSDEEP:

393216:t+eBdLbCK4LPBM/FY1AUUQyyPbwquGLUsI8aiN9Yl3wtGgtK1aUhuIHdSAP1fb8G:t+mXcLO/yAUZy0wdGws4YYlAGgtiSIH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes powershell execution policy (Unrestricted)

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 2876)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CheatBreaker_Setup.exe (PID: 6796)

    • The process creates files with name similar to system file names

      • CheatBreaker_Setup.exe (PID: 6796)

    • Application launched itself

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 7956)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 3900)
      • CheatBreaker.exe (PID: 8952)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 7476)
      • CheatBreaker.exe (PID: 1984)
      • CheatBreaker.exe (PID: 4644)
      • CheatBreaker.exe (PID: 4344)
      • CheatBreaker.exe (PID: 9132)
      • CheatBreaker.exe (PID: 7548)
      • CheatBreaker.exe (PID: 8116)
      • CheatBreaker.exe (PID: 7596)

    • Creates a software uninstall entry

      • CheatBreaker_Setup.exe (PID: 6796)

    • Starts CMD.EXE for commands execution

      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 9060)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 7036)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 8508)
      • CheatBreaker.exe (PID: 2876)
      • CheatBreaker.exe (PID: 5028)

    • Starts application with an unusual extension

      • cmd.exe (PID: 6216)
      • cmd.exe (PID: 7912)
      • cmd.exe (PID: 6156)
      • cmd.exe (PID: 1108)
      • cmd.exe (PID: 7796)
      • cmd.exe (PID: 8236)
      • cmd.exe (PID: 7736)
      • cmd.exe (PID: 1536)
      • cmd.exe (PID: 232)
      • cmd.exe (PID: 8800)
      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 7196)
      • cmd.exe (PID: 6996)
      • cmd.exe (PID: 8100)
      • cmd.exe (PID: 7668)
      • cmd.exe (PID: 6584)

    • Starts POWERSHELL.EXE for commands execution

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

    • The process bypasses the loading of PowerShell profile settings

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)

    • The process hides Powershell's copyright startup banner

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8408)
      • CheatBreaker.exe (PID: 5028)
      • CheatBreaker.exe (PID: 6932)
      • CheatBreaker.exe (PID: 2876)
      • CheatBreaker.exe (PID: 8756)

    • Executable content was dropped or overwritten

      • CheatBreaker_Setup.exe (PID: 6796)

  • INFO

    • Reads the computer name

      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 7072)
      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 5504)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8040)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 6652)
      • CheatBreaker.exe (PID: 6576)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 8536)
      • CheatBreaker.exe (PID: 6564)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)

    • Checks supported languages

      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 7072)
      • chcp.com (PID: 3032)
      • chcp.com (PID: 6044)
      • CheatBreaker.exe (PID: 7956)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 5504)
      • CheatBreaker.exe (PID: 8040)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6008)
      • chcp.com (PID: 7020)
      • CheatBreaker.exe (PID: 3900)
      • CheatBreaker.exe (PID: 6576)
      • CheatBreaker.exe (PID: 6652)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 7772)
      • chcp.com (PID: 3176)
      • chcp.com (PID: 7020)
      • CheatBreaker.exe (PID: 8952)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 6564)
      • chcp.com (PID: 8068)
      • CheatBreaker.exe (PID: 8536)
      • chcp.com (PID: 5588)
      • chcp.com (PID: 8668)
      • CheatBreaker.exe (PID: 1984)

    • Creates files or folders in the user directory

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 7096)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Create files in a temporary directory

      • CheatBreaker_Setup.exe (PID: 6796)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Manual execution by a user

      • CheatBreaker.exe (PID: 6948)

    • Process checks computer location settings

      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 7452)
      • CheatBreaker.exe (PID: 8488)
      • CheatBreaker.exe (PID: 6528)

    • Reads Environment values

      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)

    • Checks proxy server information

      • CheatBreaker.exe (PID: 6948)
      • CheatBreaker.exe (PID: 8840)
      • CheatBreaker.exe (PID: 8444)
      • CheatBreaker.exe (PID: 7452)

    • Reads product name

      • CheatBreaker.exe (PID: 6332)
      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6008)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 7772)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)
      • CheatBreaker.exe (PID: 8488)

    • Reads CPU info

      • CheatBreaker.exe (PID: 6316)
      • CheatBreaker.exe (PID: 6732)
      • CheatBreaker.exe (PID: 8756)
      • CheatBreaker.exe (PID: 6528)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 6576)
      • powershell.exe (PID: 2088)
      • powershell.exe (PID: 1288)
      • powershell.exe (PID: 7060)
      • powershell.exe (PID: 7536)
      • powershell.exe (PID: 7540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.5.5.0
ProductVersionNumber: 2.5.5.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: CheatBreaker
FileDescription: CheatBreaker
FileVersion: 2.5.5
LegalCopyright: Copyright © 2024 CheatBreaker
ProductName: CheatBreaker
ProductVersion: 2.5.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
556
Monitored processes
439
Malicious processes
23
Suspicious processes
3

Behavior graph

Click at the process to see the details
start cheatbreaker_setup.exe cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe cheatbreaker.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cheatbreaker.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
232C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\System32\cmd.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
304\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
608\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
788powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
788powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
888\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
904powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCheatBreaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
373 118
Read events
372 576
Write events
470
Delete events
72

Modification events

(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\cheatbreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:ShortcutName
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayName
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\cheatbreaker\Uninstall CheatBreaker.exe" /currentuser
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\cheatbreaker\Uninstall CheatBreaker.exe" /currentuser /S
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayVersion
Value:
2.5.5
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\cheatbreaker\uninstallerIcon.ico
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:Publisher
Value:
CheatBreaker
(PID) Process:(6796) CheatBreaker_Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78fd9c95-8947-5340-87d3-029a9f5bec8e
Operation:writeName:NoModify
Value:
1
Executable files
19
Suspicious files
40
Text files
308
Unknown types
127

Dropped files

PID
Process
Filename
Type
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\app-64.7z
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\icudtl.dat
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\installerHeaderico.icoimage
MD5:E26442A96F2E6311ED3687F308A6FC96
SHA256:FC3F5AEA3AF1B7F8B63DDC0AE5CA21237692CF38C761E389D1A5D3740D753734
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\locales\da.pakpgc
MD5:FECABF71853BAB84EACDD95699C49F69
SHA256:1B0793B1CBEB6A56FF1E64523C37BA753457320AA29F9718022CAA07B4981D8F
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\locales\bn.pakpgc
MD5:D6CCC9689654B84BC095CEC4F1952CCA
SHA256:E325D936CD97C3F9DDFCA2D87CAEFB8B6E7465FFA31D0386AE2456B18F7A92DA
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\locales\ar.pakpgc
MD5:98F8A48892B41E64BEF135B86F3D4A6C
SHA256:E34D5CABAED4634C672591074057C12947BC9E728004228A9E75F87829F4A48A
6796CheatBreaker_Setup.exeC:\Users\admin\AppData\Local\Temp\nsfAF76.tmp\7z-out\locales\cs.pakpgc
MD5:26765C7BE201444F0238962BB16A506B
SHA256:936466784A55B965D23B016BC49377655BC5D281D012C8369C0809C961E05C74
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
33
DNS requests
9
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
239.255.255.250:1900
unknown
4
System
192.168.100.255:138
unknown
692
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:137
unknown
6332
CheatBreaker.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown
6316
CheatBreaker.exe
185.199.108.153:443
client-api.cheatbreaker.net
FASTLY
US
unknown
6316
CheatBreaker.exe
172.67.155.182:443
cheatbreaker.net
CLOUDFLARENET
US
unknown
5336
SearchApp.exe
104.126.37.179:443
www.bing.com
Akamai International B.V.
DE
unknown
6008
CheatBreaker.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
google.com
  • 142.250.181.238
unknown
client-api.cheatbreaker.net
  • 185.199.108.153
  • 185.199.111.153
  • 185.199.110.153
  • 185.199.109.153
unknown
api.github.com
  • 140.82.121.5
  • 140.82.121.6
unknown
cheatbreaker.net
  • 172.67.155.182
  • 104.21.50.25
unknown
www.bing.com
  • 104.126.37.179
  • 104.126.37.155
  • 104.126.37.169
  • 104.126.37.184
  • 104.126.37.147
  • 104.126.37.153
  • 104.126.37.177
  • 104.126.37.154
  • 104.126.37.152
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CheatBreaker_Setup.exe