Summary
- Executable name Bang_Keyboardtweak.exe is distinctive and not associated with any legitimate software.
- SHA-256 9ee8d3d053d3891c480dd591cbf54fbfd336d976d61fe38d705ad22873f02144 provides definitive binary identification.
- Prefetch entry for Bang_Keyboardtweak.exe is unambiguous — no legitimate process uses this name.
- PcaSVC execution record provides timestamped evidence of first execution.
Overview
Bang Service TriggerBot is a FiveM triggerbot — a cheat that automatically fires when the crosshair is over an enemy hitbox. It is distributed under the executable name Bang_Keyboardtweak.exe, a name that references the Bang brand and keyboard hook mechanism used by the cheat.
Unlike cheats distributed with generic names, Bang Service TriggerBot's executable name is immediately suspicious — there is no legitimate software that would be named Bang_Keyboardtweak.exe. A Prefetch entry or process list entry with this name requires no further investigation to flag.
Sample metadata (IOC)
Name Bang_Keyboardtweak.exe
Type TriggerBot / FiveM cheat
SHA-256 9ee8d3d053d3891c480dd591cbf54fbd
fd336d976d61fe38d705ad22873f02144Behavioral indicators
Distinctive executable name
The filename Bang_Keyboardtweak.exe is specific to this cheat. Any system where this name appears in Prefetch, the process list, or recent file access logs is confirmed as having executed Bang Service TriggerBot. The name has no legitimate counterpart in Windows or any standard software package.
Keyboard hook behavior
Triggerbots typically install low-level keyboard and/or mouse hooks to intercept input and inject synthetic fire commands. During an active session, a keyboard hook registered to Bang_Keyboardtweak.exe is observable in System Informer's hooks view.
PcaSVC execution record
Windows PcaSVC logs the first execution of Bang_Keyboardtweak.exe in the AppCompat database. This entry is not cleared by standard user-side cleanup.
Screenshare check guide
Prefetch — Bang_Keyboardtweak.exe
- Check C:\Windows\Prefetch for BANG_KEYBOARDTWEAK.EXE-*.pf.
- Any match is definitive — this filename has no legitimate origin.
Process list
- Check Task Manager or System Informer for a running Bang_Keyboardtweak.exe process.
System hooks
- In System Informer, check the global hooks panel for any hook registered by Bang_Keyboardtweak.exe.
File hash verification
- If the file is present on disk, compute its SHA-256.
- Match against 9ee8d3d053d3891c480dd591cbf54fbfd336d976d61fe38d705ad22873f02144.
PcaSVC / AppCompat entry
- Inspect the PcaSVC log for an entry referencing Bang_Keyboardtweak.exe.
Browser and Discord
- Check browser history and downloads for references to Bang Service or Bang TriggerBot.
- In Discord, check User Settings → Authorized Apps.
Detection summary
Artifact Survives cleanup? Check location ───────────────────────────────────────────────────────────────────────── PcaSVC entry Yes AppCompat / DPS log Prefetch (Bang_Keyboardtweak.exe) Usually C:\Windows\Prefetch SHA-256 hash match Yes (file on disk) File system Process / hook (if running) Only while running Task Manager / SI
The most immediately actionable indicator is the Prefetch entry for Bang_Keyboardtweak.exe — the filename is unique to this cheat and requires no additional confirmation.
Defensive material
All indicators and methodology documented here are published for server administrators, DFIR practitioners, and anti-cheat researchers. This material describes detection techniques only. For vulnerability disclosures or to contribute to the research corpus, contact security@clubhouseac.shop.