| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: Amcache.hve.5.dr | String found in binary or memory: http://upx.sf.net |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1481690797.00000000037AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org?q= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtabv209h |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1413332602.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1413505562.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://featureccus.shop/bdMAn |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://gemini.google.com/app?q= |
| Source: CheatInjector.exe1.exe, 00000002.00000002.2614233553.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2229015326.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/ |
| Source: CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2614233553.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2229015326.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2614179705.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/bdWUa |
| Source: CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2614179705.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/bdWUaQ |
| Source: CheatInjector.exe1.exe, 00000002.00000002.2614288618.0000000000E2D000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228900501.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/bdWUampress |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1413332602.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1413505562.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://menuedgarli.shop/AUIqnBHR |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1413505562.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/ |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1564436213.0000000000E21000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/8 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1544554955.0000000000E21000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2614179705.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1413505562.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzS |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1441325413.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzSR |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1441325413.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzSV |
| Source: CheatInjector.exe1.exe, 00000002.00000002.2614288618.0000000000E2D000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228900501.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228620716.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzSf |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1413332602.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1413505562.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzStH |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1544554955.0000000000E21000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/p |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1413332602.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387791649.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387851158.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387743522.0000000000D96000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/ |
| Source: CheatInjector.exe1.exe, 00000002.00000002.2613937125.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387724564.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/asdawfq |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1387743522.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387724564.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.org |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1387743522.0000000000D96000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=f7cc2ea85f50737ed6_132178671729 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1387743522.0000000000D96000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/v20 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1414977774.00000000036A8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1485137796.0000000003ABD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00786460 | 0_2_00786460 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00784CB0 | 0_2_00784CB0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074553B | 0_2_0074553B |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00761F50 | 0_2_00761F50 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077C870 | 0_2_0077C870 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077D070 | 0_2_0077D070 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075F860 | 0_2_0075F860 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00745856 | 0_2_00745856 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00753840 | 0_2_00753840 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074E030 | 0_2_0074E030 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076E020 | 0_2_0076E020 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075D810 | 0_2_0075D810 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077A810 | 0_2_0077A810 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00796010 | 0_2_00796010 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00741000 | 0_2_00741000 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A2800 | 0_2_007A2800 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075A0F0 | 0_2_0075A0F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007990F0 | 0_2_007990F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007AB0F0 | 0_2_007AB0F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007550E0 | 0_2_007550E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007600E0 | 0_2_007600E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007628C0 | 0_2_007628C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007698A0 | 0_2_007698A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007878A0 | 0_2_007878A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00786090 | 0_2_00786090 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00777170 | 0_2_00777170 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074B960 | 0_2_0074B960 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00759150 | 0_2_00759150 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00756940 | 0_2_00756940 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00778130 | 0_2_00778130 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00796920 | 0_2_00796920 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00770110 | 0_2_00770110 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00794110 | 0_2_00794110 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007AD90A | 0_2_007AD90A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074C906 | 0_2_0074C906 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075E900 | 0_2_0075E900 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00778900 | 0_2_00778900 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007441D0 | 0_2_007441D0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A41D0 | 0_2_007A41D0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077E9C0 | 0_2_0077E9C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007501A0 | 0_2_007501A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007589A0 | 0_2_007589A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00748990 | 0_2_00748990 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075F190 | 0_2_0075F190 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00788A70 | 0_2_00788A70 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074D250 | 0_2_0074D250 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00773A50 | 0_2_00773A50 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00780240 | 0_2_00780240 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076CA30 | 0_2_0076CA30 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076DA30 | 0_2_0076DA30 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007B8230 | 0_2_007B8230 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A3A20 | 0_2_007A3A20 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A2210 | 0_2_007A2210 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00763200 | 0_2_00763200 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00791A00 | 0_2_00791A00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00749AF6 | 0_2_00749AF6 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007472E0 | 0_2_007472E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007B22CA | 0_2_007B22CA |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007582B0 | 0_2_007582B0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A12B0 | 0_2_007A12B0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A7AB0 | 0_2_007A7AB0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00757AA0 | 0_2_00757AA0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00778AA0 | 0_2_00778AA0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00763A90 | 0_2_00763A90 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00765290 | 0_2_00765290 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00769360 | 0_2_00769360 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00757B50 | 0_2_00757B50 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078A350 | 0_2_0078A350 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00790350 | 0_2_00790350 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078EB40 | 0_2_0078EB40 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076D330 | 0_2_0076D330 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00767320 | 0_2_00767320 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00781320 | 0_2_00781320 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00748310 | 0_2_00748310 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075B310 | 0_2_0075B310 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074A300 | 0_2_0074A300 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00747B00 | 0_2_00747B00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074CB0F | 0_2_0074CB0F |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076A3F0 | 0_2_0076A3F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076ABF0 | 0_2_0076ABF0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077ABF0 | 0_2_0077ABF0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A93E0 | 0_2_007A93E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007893D0 | 0_2_007893D0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00797BB0 | 0_2_00797BB0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00751BA0 | 0_2_00751BA0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075E3A0 | 0_2_0075E3A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007753A0 | 0_2_007753A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00750B90 | 0_2_00750B90 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075DB80 | 0_2_0075DB80 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075EC70 | 0_2_0075EC70 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00773C70 | 0_2_00773C70 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00752450 | 0_2_00752450 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00765450 | 0_2_00765450 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00754430 | 0_2_00754430 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00750430 | 0_2_00750430 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00793430 | 0_2_00793430 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A8420 | 0_2_007A8420 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0075D410 | 0_2_0075D410 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00754C10 | 0_2_00754C10 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00776410 | 0_2_00776410 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00762C00 | 0_2_00762C00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A1C00 | 0_2_007A1C00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007984C0 | 0_2_007984C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007AA4C0 | 0_2_007AA4C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076E490 | 0_2_0076E490 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077B560 | 0_2_0077B560 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A3D60 | 0_2_007A3D60 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00749D30 | 0_2_00749D30 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00756530 | 0_2_00756530 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00763530 | 0_2_00763530 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077FD20 | 0_2_0077FD20 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00753510 | 0_2_00753510 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00769D00 | 0_2_00769D00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0079FD00 | 0_2_0079FD00 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00745DF6 | 0_2_00745DF6 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076B5F0 | 0_2_0076B5F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00787DF0 | 0_2_00787DF0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00750DE0 | 0_2_00750DE0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00748DD0 | 0_2_00748DD0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00777DD0 | 0_2_00777DD0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077F5D0 | 0_2_0077F5D0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077DDD9 | 0_2_0077DDD9 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007655C0 | 0_2_007655C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077C5A0 | 0_2_0077C5A0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007C5592 | 0_2_007C5592 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00762D80 | 0_2_00762D80 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077DD80 | 0_2_0077DD80 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074DE60 | 0_2_0074DE60 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00781660 | 0_2_00781660 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00789650 | 0_2_00789650 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A4640 | 0_2_007A4640 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00750620 | 0_2_00750620 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076FE20 | 0_2_0076FE20 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074C610 | 0_2_0074C610 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00760E10 | 0_2_00760E10 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007A7E10 | 0_2_007A7E10 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074B6F0 | 0_2_0074B6F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007666F0 | 0_2_007666F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077D6E0 | 0_2_0077D6E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007786E0 | 0_2_007786E0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0076C6D0 | 0_2_0076C6D0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007576C0 | 0_2_007576C0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0077AEC0 | 0_2_0077AEC0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00765EB0 | 0_2_00765EB0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00783EA0 | 0_2_00783EA0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074E690 | 0_2_0074E690 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00795690 | 0_2_00795690 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00782E80 | 0_2_00782E80 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00759740 | 0_2_00759740 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00753F20 | 0_2_00753F20 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007C3718 | 0_2_007C3718 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074BF10 | 0_2_0074BF10 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00762F10 | 0_2_00762F10 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00749718 | 0_2_00749718 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074A700 | 0_2_0074A700 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0074D7F0 | 0_2_0074D7F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007907F0 | 0_2_007907F0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00766FC0 | 0_2_00766FC0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00792FC0 | 0_2_00792FC0 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_00786F90 | 0_2_00786F90 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0079FF90 | 0_2_0079FF90 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA665A | 2_3_00DA665A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E06E pushfd ; iretd | 0_2_0078E06F |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E861 pushfd ; ret | 0_2_0078E865 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C03E pushfd ; ret | 0_2_0078C03F |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C828 pushfd ; ret | 0_2_0078C82C |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078B0E3 pushfd ; ret | 0_2_0078B0E4 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D89A pushfd ; ret | 0_2_0078D89E |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C150 pushfd ; ret | 0_2_0078C154 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D952 pushfd ; ret | 0_2_0078D956 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E926 pushfd ; ret | 0_2_0078E92A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078DA86 pushfd ; ret | 0_2_0078DA8A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E345 pushfd ; ret | 0_2_0078E349 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078DB46 pushfd ; ret | 0_2_0078DB5A |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C3EA pushfd ; ret | 0_2_0078C3EB |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078B3E1 pushfd ; ret | 0_2_0078B3E5 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D3DB pushfd ; ret | 0_2_0078D3DF |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D4DE pushfd ; ret | 0_2_0078D4EC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078CCB8 pushfd ; ret | 0_2_0078CCCC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E4A0 pushfd ; ret | 0_2_0078E4A1 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C488 pushfd ; ret | 0_2_0078C4BB |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D5BE pushfd ; ret | 0_2_0078D5BF |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078E6F7 pushfd ; ret | 0_2_0078E6FB |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078CF67 pushfd ; ret | 0_2_0078CF6B |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078D759 pushfd ; ret | 0_2_0078D75D |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_0078C752 pushfd ; ret | 0_2_0078C756 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 0_2_007ADFCA push ecx; ret | 0_2_007ADFDD |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA80C6 push edi; iretd | 2_3_00DA80CC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA80C6 push edi; iretd | 2_3_00DA80CC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA80C6 push edi; iretd | 2_3_00DA80CC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA80C6 push edi; iretd | 2_3_00DA80CC |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA9BF2 push edi; iretd | 2_3_00DA9BF8 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Code function: 2_3_00DA9BF2 push edi; iretd | 2_3_00DA9BF8 |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: global block list test formVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036CB000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: - GDCDYNVMware20,11696428655p |
| Source: Amcache.hve.5.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: CheatInjector.exe1.exe, CheatInjector.exe1.exe, 00000002.00000003.1594521169.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1413332602.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2614095844.0000000000D99000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1544263244.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000002.2613937125.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.2228764180.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1513425489.0000000000D96000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe1.exe, 00000002.00000003.1387743522.0000000000D96000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
| Source: Amcache.hve.5.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
| Source: Amcache.hve.5.dr | Binary or memory string: vmci.sys |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AMC password management pageVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: tasks.office.comVMware20,11696428655o |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.comVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware20,1 |
| Source: Amcache.hve.5.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
| Source: Amcache.hve.5.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
| Source: Amcache.hve.5.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
| Source: Amcache.hve.5.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware PCI VMCI Bus Device |
| Source: Amcache.hve.5.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.24224532.B64.2408191502,BiosReleaseDate:08/19/2024,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware VMCI Bus Device |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: bankofamerica.comVMware20,11696428655x |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
| Source: Amcache.hve.5.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual USB Mouse |
| Source: Amcache.hve.5.dr | Binary or memory string: vmci.syshbin |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware, Inc. |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: discord.comVMware20,11696428655f |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware20,1hbin@ |
| Source: Amcache.hve.5.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.5.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
| Source: Amcache.hve.5.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
| Source: Amcache.hve.5.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office365.comVMware20,11696428655t |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
| Source: Amcache.hve.5.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office.comVMware20,11696428655s |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual RAMX |
| Source: Amcache.hve.5.dr | Binary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93 |
| Source: Amcache.hve.5.dr | Binary or memory string: vmci.syshbin` |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
| Source: Amcache.hve.5.dr | Binary or memory string: \driver\vmci,\driver\pci |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: dev.azure.comVMware20,11696428655j |
| Source: Amcache.hve.5.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
| Source: Amcache.hve.5.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
| Source: CheatInjector.exe1.exe, 00000002.00000003.1451506965.00000000036C6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\CheatInjector.exe1.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
Edit tour
CheatInjector.exe1.exe (PID: 8744 cmdline: 
conhost.exe (PID: 8752 cmdline: 
WerFault.exe (PID: 8896 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node