hxxps://cheatlab[.]app/

Resubmissions

22/02/2024, 13:25

240222-qpbpnaaa5z 7

22/02/2024, 13:19

240222-qkvlzaac98 1

Analysis

max time kernel
157s
max time network
279s
platform
windows10-1703_x64
resource
win10-20240221-it
resource tags

arch:x64arch:x86image:win10-20240221-itlocale:it-itos:windows10-1703-x64systemwindows
submitted
22/02/2024, 13:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cheatlab.app/

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe

Executes dropped EXE 4 IoCs

pid	Process
2228	Cheat Lab™.exe
5052	Cheat Lab™.exe
3604	Cheat Lab™.exe
2408	Cheat Lab™.exe

Loads dropped DLL 8 IoCs

pid	Process
2228	Cheat Lab™.exe
5052	Cheat Lab™.exe
3604	Cheat Lab™.exe
5052	Cheat Lab™.exe
5052	Cheat Lab™.exe
5052	Cheat Lab™.exe
5052	Cheat Lab™.exe
2408	Cheat Lab™.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Windows\CurrentVersion\Run\Cheat Lab™ = "C:\\Users\\Admin\\AppData\\Roaming\\Cheat Lab™\\Cheat Lab™.exe"	Cheat Lab™.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1614"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "415373344"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "189"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1316"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b9d3f8bd9265da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000488a3b0fea1f07421aab4c7ebd25b3e388614a5c1eaad4d167dc3506952142d110befd8191a4d91a04bd096d924e3dcde42d47fd04665e44dd74	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e5b263b39265da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{00FE7FB4-FF99-44D8-83DE-A633DCA24F0 = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000004b5668d39265da014b5668d39265da01920071e99265da0183c3590500000000010000000000000000000000000000009d0314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006600320083c359055658756b200043686561744c61622e7a697000004a0009000400efbe5658636b5658636b2e000000000000000000000000000000000000000000000000006e1a2e00430068006500610074004c00610062002e007a006900700000001c000000a20000001c000000010000001c0000003400000000000000a1000000180000000300000046e69c171000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c43686561744c61622e7a6970000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000747163726e61716f000000000000000020d47d10345c6941b3a9703e3988fc578bfbf47ac5d0ee11973a6a862b57179320d47d10345c6941b3a9703e3988fc578bfbf47ac5d0ee11973a6a862b571793ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003300360030003100310039003700350036002d003100360036003600330034003400340033002d0033003900320030003500320031003600360038002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000782a7a35000000000000d01200000000000000000000000000000000	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 255c3dbc9265da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "101"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\ServiceTabLoadAttempts = "2"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\CheatLab.zip.fqr7dlx.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: MapViewOfSection 17 IoCs

pid	Process
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3076	MicrosoftEdge.exe
Token: SeDebugPrivilege	3076	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2228	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	2228	Cheat Lab™.exe
Token: SeShutdownPrivilege	2228	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	2228	Cheat Lab™.exe
Token: SeShutdownPrivilege	2228	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	2228	Cheat Lab™.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3076	MicrosoftEdge.exe
4704	MicrosoftEdgeCP.exe
560	MicrosoftEdgeCP.exe
4704	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 4860	4704	MicrosoftEdgeCP.exe	77
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4704 wrote to memory of 236	4704	MicrosoftEdgeCP.exe	79
PID 4568 wrote to memory of 2228	4568	Cheat Lab™.exe	87
PID 4568 wrote to memory of 2228	4568	Cheat Lab™.exe	87
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88
PID 2228 wrote to memory of 5052	2228	Cheat Lab™.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://cheatlab.app/"
1⤵
PID:1680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3076

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:1248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Temp1_CheatLab.zip\Cheat Lab™.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_CheatLab.zip\Cheat Lab™.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1492,i,9143171438855537416,8272685727249952781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5052
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=it --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --mojo-platform-channel-handle=1752 --field-trial-handle=1492,i,9143171438855537416,8272685727249952781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3604
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --no-sandbox --no-zygote --lang=it --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1492,i,9143171438855537416,8272685727249952781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2408
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --enable-sandbox --lang=it --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3308 --field-trial-handle=1492,i,9143171438855537416,8272685727249952781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --enable-sandbox --lang=it --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3528 --field-trial-handle=1492,i,9143171438855537416,8272685727249952781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5836

C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
"C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe"
1⤵
PID:5648
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1528,i,3587116970019924523,9546295467423339154,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:1596
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=it --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --mojo-platform-channel-handle=1748 --field-trial-handle=1528,i,3587116970019924523,9546295467423339154,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:5960
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --no-sandbox --no-zygote --lang=it --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2064 --field-trial-handle=1528,i,3587116970019924523,9546295467423339154,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  PID:5984
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --enable-sandbox --lang=it --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1528,i,3587116970019924523,9546295467423339154,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U2DI4E2V\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2W2JDYS8\7cHqv4kjgoGqM7E3_-gs51os[1].woff2

Filesize
20KB

MD5
d312d179276a175029c56c50e9bc9d0b

SHA1
aa9285dd6183c696fc39ec31c221581e2d4959c1

SHA256
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80

SHA512
12ccc8cad5ad138ab17fc96b97340f5cfddfbe07d29d7f0a1ea7f0b14e4c06d66d9a89a33ca3bb4da1ebf09d1b5ca1e9176980adeb83d59b43ca4c00d99d7d7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2W2JDYS8\7cHqv4kjgoGqM7E3q-0s51os[1].woff2

Filesize
21KB

MD5
f27acc0d33d769a3da576516ca236c41

SHA1
a678c0f6905303906a2537c1ff983258286a9263

SHA256
1f132510bc7b665bbe5fb9227b0d2daafa5513296a72f88f88d38179eded9277

SHA512
afd664cb6623a292dcaf3275cf7f1f653ebdc8da7a627afdf5ef218f70ff4204c255d0e5d39cd9a7fd8dd0cf9ffbf90add35bcb66e72ae477ae7699900d08d1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2W2JDYS8\css[1].css

Filesize
1007B

MD5
228d3514755df2ab1ed347c0aa80abf4

SHA1
4798ac055a7c022348041d9f20169e00bfb835dd

SHA256
229f40a58006f93ccd839749a23d377cf3e677d973575db1858f049868a8ccb3

SHA512
5d05695f1a134dda38c64eb62d08c08b328ad66e87f6ed36e0346efb57d66947dc9f7f72948c5bbfa98788bdc77db833b0f63de67f235d865a3933688237a11a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2W2JDYS8\flatsome[1].js

Filesize
53KB

MD5
7f337c4e9614f7e9aa19466a26319a42

SHA1
26b0941a7908f07d4313de44c1cadc9e4d59f130

SHA256
bb8f9c0b6f55983a618124de792bbc164246852b4b38fa7681d27d651e24bb8d

SHA512
b34bb38c1318942abb03bb51b1a55b62a906f638df0f442438ba6f3ad022d9e0b8de44a6e3ddc694c73a9f169c92454fa496ac127653b0ed65c80d8f324ea8d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2W2JDYS8\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8OPHOSOL\jquery.min[1].js

Filesize
85KB

MD5
826eb77e86b02ab7724fe3d0141ff87c

SHA1
79cd3587d565afe290076a8d36c31c305a573d18

SHA256
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

SHA512
fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8OPHOSOL\rounded-thumbs.min[1].css

Filesize
1KB

MD5
f192398892eeb7ac990444f9f1e281d8

SHA1
b4b2641714533b94057f40287e81a4a9ff4e3251

SHA256
d9571be7f559c3c899e939be3a946d1621e8bb5d49acc225d15fe0614adce1fa

SHA512
ed3f5adc2f0e6e2bd54fcee1bf02b925f5d1097cb2b964739082706673407759baa85e64a6ddbbe746bf10fc5986c5e5d45700ce60a466b4d862c0bda20152f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\fl-icons[1].woff2

Filesize
6KB

MD5
fea1aeac745dbd246870467857e90f02

SHA1
b9f8ea8bd9d496f5706b306bc0e777b6a9906b27

SHA256
343b461359461daad66cca6ae40315cd78bf58ebe79eca9af84596d3d873c209

SHA512
6029dd69789bb69191ade2db5162ade20be8f9d4083879fbe5b9e2bf911a3bf2a60df0ed7ed0b8c4aa5645c4992bbaa99af88e62b6e6e070a35eb634812c25c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\flatsome[1].css

Filesize
173KB

MD5
51cff8a2ae952f20f93fb3dd650adefc

SHA1
a8c28b832f1886b1cd5eff1132638d4157af41f3

SHA256
0a0e38e5fd802e6de1332e55846df1059e3684e5d1e0feaeb578e861354d0325

SHA512
5d36d64b082d0a0b0f3d5bf1faabe9849c3027e8907848b9c34fa55693b4de4558cb87ad6bce5ea23b296287bf2fec7346f3fd221014765c016a0265bbe6c36c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\recaptcha__it[1].js

Filesize
481KB

MD5
62f8ebef9045a70cbc55cfc3cf651276

SHA1
2f4f36540264d65f786b13b34bc042529085f33a

SHA256
cc99e35df4ef286c9214685c924adb3bb0b1b9640634790dc8565feb9925c35f

SHA512
314ba386920260ca222e3ddf3902ddf4c0b16c7090b0e79c799f32de3cb786cd33e1352fa40e2f5abb64b7b4a300fe18bb1342d799ab3b1a49f2616401e52148

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\wp-polyfill-inert.min[1].js

Filesize
7KB

MD5
dda652db133fddb9b80a05c6d1b5c540

SHA1
60c8514c57a5db2980c4b046b0dd479bd427357b

SHA256
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

SHA512
05cb3673448a79aa81887c60a82aba51f9a843dc13ab4fc39b3e6d8ae7d632732d9afefaf72fc3d197c2795a3364fdfd4f83c9b628644d98f1c9017bfd435e62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\wp-polyfill.min[1].js

Filesize
112KB

MD5
9a98016751e498c06d434cc022ca1a44

SHA1
6aa9af5fe436eab9c313de9f0bea072c04637624

SHA256
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8

SHA512
de3bf5e595ed42258fcde6d93ad40c0d9dc8e523f8e01fcc93ca6588588fad07a26d7115c6583486be286a6cd7fa35720091876afb0aaa2de4de58c370151e3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLRKB4HM\7cHpv4kjgoGqM7E_DMs5[1].woff2

Filesize
20KB

MD5
2bc7630144496092dc786ce63109e560

SHA1
723df3658078cfed03c85e47f15fc439eb4331be

SHA256
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e

SHA512
754a5961176362bff5265b0adcb5265635080ca863aa48361b74aceee98db55814fdaf56ed56ab146b896f4454a5f6882d227557b88e06a1b24424a3b1f25db5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLRKB4HM\7cHqv4kjgoGqM7E3t-4s51os[1].woff2

Filesize
21KB

MD5
c3609c36a150ce088ea4dcab92b7c00b

SHA1
0c18236a183e962533a4f61bff3ae2581313561a

SHA256
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

SHA512
ea07571df5c53ee2b776c034e74569d2f5c4e8286e041750d05fde9a2b0fc8297d4b4d03bee4af48adc96f7e3bb9a7d4375d93c291ab1ab13999990beb1a4120

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLRKB4HM\hoverIntent.min[1].js

Filesize
1KB

MD5
8c0498e2f1f7a684a8d2a3feb934b64b

SHA1
76099689ccaee466d4608da621c403b368dcae03

SHA256
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

SHA512
5689b6b18071d6020a8a2733bb9e17c07960d9e65f4012ce93f21347fa24a24175509bca6920fe1b03d66fbc054d718671c23071af115b64000c01dfbea2e8dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLRKB4HM\regenerator-runtime.min[1].js

Filesize
6KB

MD5
fd7ef2e4737acd74fd0dcdc3b515e304

SHA1
0d792b33f12a48ee8aaaf2560a63a5682470645b

SHA256
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

SHA512
3c4358f9605f1cce097f36689099b8364c43cc360c3d4f5ca77be5cee43bb818c6562496f26ad57ce44c34c474fe4ccb6deed01a14ed259d498f5bc17f9532c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2HBY6K4Y\www.google[1].xml

Filesize
98B

MD5
b7577a63c4d11981f685ace809c1866a

SHA1
db0bdb1e37830c61e0ea8bc1a0c77b131e5bb3da

SHA256
8b2b1bea03fa0af21b8097abc975bc4f3409b2746fbffa2556de932f24b74650

SHA512
066579ebc0f408f96c9c5dcd3b6d9bdcacd4e156127fde34aad1a1fcd8d336c26cfe56f663b196e25923481ca750fbdc0522012857769e6ca99ec47ac4d831aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\F74OEQ34\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\FD4FSQ3T\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

Filesize
7KB

MD5
b3ca28114670633e5b171b5360bb1696

SHA1
683f2fb3d4b386753c1f1a96ede3ca08547f0e02

SHA256
a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490

SHA512
bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\Y2FIZV27\www.bing[1].xml

Filesize
2KB

MD5
e01178e95ba7971a6cfde55f1d93d4c9

SHA1
2241f5ce18dae47f0a3138cb2a69bd14c57e349f

SHA256
4e948e877477b07cb3db45f328c68e3fcc083d7d1928bdf02317d84ea80cc16c

SHA512
40818659b4b523ffb6a3cbf435de5da026dc887d93de44be092d823d3e72271092c4d9d4a81f849f020c350dd412f677ac0639115aef3a147572fbb282f77636

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1QIMW0IB\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7L17X8CH\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7L17X8CH\suggestions[1].it-IT

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KG1HMG7B\cropped-lab-icon-32x32[1].png

Filesize
716B

MD5
f220ea228b48b0c3393166e9afb21a3d

SHA1
38c5da733e266a37a778a2fd6ee8ea055619b8a3

SHA256
4a847d9fda075c297f5676ff02079c39efe5b112e6d5729884bd09ff087ba6e6

SHA512
f7a9a0f14243141bf3f6015ad9f290a75061f8cb34a90f05f52d1ded58a14cd0194084cc004a21598b3ef41be6a50b8d673efbaf144689e8cc6bfa8e6fe33a39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YC7QEDKT\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\w8qd4uw\imagestore.dat

Filesize
23KB

MD5
3a4b336a24ba0dc9559ee52634efa4e3

SHA1
8b4fbf43b318abd94b15e1cc050e55ba795dae4c

SHA256
c94aca333e0d1cf48edd551824ee94bff199eea1cbae841c7836cd0871b63436

SHA512
26c28c0a4dcf5e39e5d7f3ba2eac3e80aafc796183d67f7296ba98b653af0ef4bd9a69826b54d719bbaf074559ae2f0944406d7132ee158138975004d7dd0279

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF21F234A457F8A57F.TMP

Filesize
20KB

MD5
183c2881e2b93cd59fc10f49483bae6c

SHA1
333d4b56ec356fd694734f0e537476cfd4648010

SHA256
6b7dd1287c7ad15a3cf8e0f7a3f83083c6e45aed119b5225abba02aefbb274b6

SHA512
3200e08debb44450f6b844c76ad6562714325e553c28e0ea053d37b284f7038502b00e06996b55885fe763b80d3a766811fc59577c192d3b6837174eed4a9eba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\CheatLab.zip

Filesize
7.0MB

MD5
bc15dd8c64292c03e4e06567b60a521c

SHA1
132c60b62eee56fcc15b740385dd085d96aa17c6

SHA256
c6379b1f72c308257a78585b5eeb6b5802c6b7a3a4800c54c3424bd875e13792

SHA512
5706790c8f9701ba33ad8fed31a4efefb9ce57c38f60f231c7c6513da611f17879e077fef08153692c7cf886ad4072be299029cde7afc367a0454b2266fc6778

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\CheatLab.zip

Filesize
6.4MB

MD5
afb1e9f88b884cdd6cbadef54385d798

SHA1
c4ddf271de5226b087a8191b1f33e9ab9c1ab42e

SHA256
d003624e924e04322addac505e420ed268aa46815cd5c07b8df9027f92d7ea2d

SHA512
57219c895a105efdadb2897a6aaa8b39b3a140ae23f5e578aad34de3b855765e90ffbc4ab8c5f5e0e54a3bccdf4d33904c1f23d07d36ace49578cda3a5e15eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\CheatLab.zip.fqr7dlx.partial

Filesize
2.0MB

MD5
326e578e5249e109c211682eb6fe77f1

SHA1
59243cff5d61a9b5be2477ccb4e0d88857e4d209

SHA256
6fb980f4bde77ddc241d045bb7ac3f10444d7b268da3f817b7237c9ebd69598a

SHA512
16b78991cc3833a41ce0863c21bb71a45880fbd7de72ee9972ed7fb082118494dace826a97de1ae34e279b3f06a8bff1ef3d2259d9da99d708d80a87d4b417f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C98BVJKD\CheatLab[1].zip

Filesize
31KB

MD5
d0a221604df38fa0ce40bafab8136cbc

SHA1
16347047e41b39bea2dbdcbd05223af5e06d0e39

SHA256
beb37fb42c85499f9b5d666dd7dd7a779f8ac5d8e38b7ff003e89a4a10d42454

SHA512
a048c06376c7b8eb8fe8160b5e3402970a06fcaf2f2badb2fa6391afe1540a97c8581e7e8b8379d8aafbf3bf0f1f72eeca1c235d2ef466b7c64b652e50a6c128

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
04e1c0fb7c50efaf86ba32ac99af0cd4

SHA1
844aeeaba2b3c0a23a3f3580ee9eafde8eee9aa0

SHA256
59cd12f0b76ce31550e9068fed1da5c917f8b4361ef4f3c62c9522473162705a

SHA512
3394f7025fe90250bc8ae1caeba12ec23019a31c1762e5ab757cd874ff33160b1596be9bb079b5641b7476c306c8ebd520fab5f00a0dca06372c67387f21ce40

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

Filesize
472B

MD5
e716d8e9450ebab432adca26a3eafb3b

SHA1
ea42e5085a1f1b761a73c90619d75a4e07d99619

SHA256
6d34e4860ab70d334df1f53cf2144e8ce38dcb990dfedaf885aab74c7b12730c

SHA512
17da01d064efd3e44368df7d657286068cba6f10b7000bf8f39ea67c7ddd911e286fdf976ca73236fe25add7406af9fee0219c3428ec98a314235ac203910bf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
312B

MD5
17c576a762d1f6e05a81911dd4597de7

SHA1
684b37713cd17ed791afde20a9e298cbae8f04fe

SHA256
f3a51f16e7cf2014426f1fc2fef824cf1047d23a6bbde331dd86e872d102d435

SHA512
a15bdc1cebe8edddc2e3dffdc27a8d8d283a37a4ab03d01522aff56e05696d38a9b8dc03bdf07d044ac10d30ae631413ffee28e25e70dbe6058152e9600e7c86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
14ae2411aed0eb75955bba7325260e71

SHA1
93d4e330f521790bbb312df2dfc6d3945d7067aa

SHA256
7b79144305a7e8dc4d56b2bdea10b41166aeed85cc188b514a986cb679d00dc3

SHA512
750a9e21a9f112475caa7634cc5ea9ed33296663a18445cc08746d93063638ad549f89c73243eaf4fbb2fa68e91237c22e979ba68edeaf0a5aa8cf81564b2ce1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

Filesize
402B

MD5
d822243c4b0833d0e727dd612f5901f2

SHA1
6412a7951c4c68723897dbc360b4874d275cbccc

SHA256
5ab4a11fc16d446e1580db42b18f5185a04531be142d5159ea53aba8a1f7c9ef

SHA512
a9fd695b58e5d15b0d66a050642175b670c614f2afa20ae17c3b92d434c15f5eb4d21b6cea03a50abebdd4677f1be24bfc399217b4bf748d92212d3fe3dc8236

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
75b71aa52121557fffb6d055df40f81c

SHA1
c82e7a124ff9f1330d6201b986e5d53e2189d566

SHA256
7ca03c43eec90113d68f074ba3d21e8f58112a3fd2ae2c99c1108b784a005952

SHA512
b30d70da22f2d705ecc3b176d6feb030aaf67d483f4ac3f97aacdb809cf70b40a16bee794de9fbf9ab0a86726218749ff3d3417c257ec928240fb234dd5cb9ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
dc82965b2b3e4db37e8d12985e4341e1

SHA1
b680fa65506d0c4e91a8d8b0dbb1b77296735a5d

SHA256
381f2a99c019fed3c3b80433af29dcdfebb0ed8461167d2f5e3a15f619646d3b

SHA512
4a3e91f5f1858166d8a4accfcff0e9428be3a5a432bb3c4a78d959e8b3756b9afe3bf5fd417f240e2340ee2691adbf35e40045f73b9363eb1fa3cf80231af3aa

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
8.4MB

MD5
154bff3fcf1ed4851809b5e729f4d3f3

SHA1
acb6742c11586bb8d8169e6498e83eb6a436f2ac

SHA256
ff4255f813cda27aaf2d56c085544990af967ed83c61fa4e854d526166e77f22

SHA512
2b38af71b257218d127540367d42d33aa9fb9738bbf5f5b5dc4bc0bbac85899555859b263a18d9b75a2dd4639d8403f6ab7a27d8d3261808fa01df653d3e8530

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
64KB

MD5
618c84f7c0dbf21197f131bbd0ab9195

SHA1
5aafaa689471cfb0080691adf7a89d337750160d

SHA256
9e4de8d4cd084282d699cf53dcb02a558ceb85ff27017f82f11ea25069d06ed7

SHA512
312366efd15261b1623b18a906eab13452cc67e8d96b134352e0c67800599af38c2ee424a1f66205bbbe3165af076d8d785aa451fb3d0f584d847f297e4348b7

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
896KB

MD5
9c945c155937597d38c3646f65518f8a

SHA1
3df56faa791b4ce95536d98215aa0d18db6b9f7d

SHA256
8199b68d72b65b5006b088effc8f6a4d0427403448a3a8a23ef1e5e0fe39d952

SHA512
24cecb207899f7adbf6677f52b641bf477efadcc845edd8d0d49001de7ccf8b6de942f1d719ef00a34046b3440c21d0706d450d07083f97c6861fe2ef5fe6be8

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
832KB

MD5
2a97f7064abcc91e1a7d82e58d8a2fd3

SHA1
fa6e39bc4b727206e70e698856bf4d5de2e0ed1e

SHA256
7db87c1438a6f2f9c07fe97efbe9504c6bd9629e9390a3513886f3086d83b68d

SHA512
45d37ac7d7dfa92ec198fc5a319be0b53235b398500c5623af4f890d66b99e29c8d8c8d3c2ebcbe771ea2e78460f9365290be5924fac8c39b435dc168188c12e

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
1.4MB

MD5
447dbd022d5649449dd2dd8e58f63f40

SHA1
a987c4b601114ef35283412f33c6f5dd22ca2666

SHA256
0d1aa1f1c6ffadadf67a0affd6a370a38b826561c46070f2a50438ce165aa59f

SHA512
050909b2e61f46bdd35a0e3661643f175df82e2be659d135a8c44966a94174bb2894e3d6c95bb42a83b62e418a143c63e750da6170824af37d50c63680e04948

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
1.4MB

MD5
ee3472d842b7f34bc69af902ea8cef01

SHA1
67bc7e08f2ea920717f281859f0ff50f0d807a17

SHA256
a8969713b3f15811d8a922b7536c5d3450cfa541d6e58d65e20e296a15a271fc

SHA512
142b94b30a4fdb6d56eceae2d473997814948d69f6e32c5e5d9204f590f93ddb94289a9d580ae5bd9d9c6d1c5da82f16942a7200632a47fafa894723f3ce6fb8

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
628KB

MD5
e089d9a0bf535fe1417dc194740f98dc

SHA1
18a6e8b77a4ed35ae34e250256798f08c5c45d08

SHA256
ee7ccc1351ecef76f7cb76b22796ff76c677565d9c364f483b80be229c797d40

SHA512
2b40eed085550e4c42cbea4036b07fb84ad75c473c00d2d7d174967fd03030205a56c75b04bbc4c03304d7fb45d5c2a76ee5a6c5a5593259c042810f3b5a2df5

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
1.1MB

MD5
e0bfd33258d30718dc76454dfaba1409

SHA1
f79c1c70acfd9f6d39a17c8c5722b9db7c9c353e

SHA256
3c7c70576f844fe5b18b5c035b95fa4e4be945e0644bc6f258a1d9b232d7d349

SHA512
5cb9eefbaf7fdda4857d12ee493eaa05b8ae70843741a1afb05554f59b11b925c778bb56ebf15896cb079b806200082cd7a8a24f53ce69cb7e72731e24ecfe36

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe

Filesize
619KB

MD5
76f351183f4026bd275fd8f1d0be35cf

SHA1
730328ff5f5e8dd515d51f9b30b8259f750484ce

SHA256
36e54e809d00fcc02fb425b92f909d50be4c99b197311259b90408f9b17585c9

SHA512
4ef8c20d31ee847d35de00c30bdc8a1cead77d5a96ff1ed795be03d26dae889b0111fd2d8facb26c3e824a49e542c53b6f0011784e56aa589452349fbe5a179c

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\chrome_100_percent.pak

Filesize
84KB

MD5
85109316d6d579380d79fdb519ce5765

SHA1
450e146229e4cc915c8945f75ed940334c697686

SHA256
8d10e201a5fcc37024febf5c4efd54c51beee4cfc74b7c15e1907dffe11d1217

SHA512
44408e831d694cee6552f367ff112903eb5d910dbf48a4704928e8b266fc86df3fb0d58e00ac9a1b5c4a76f4b7f3d4d622fe4abe20a43bc5b3cf2cc0600e19b3

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\chrome_200_percent.pak

Filesize
59KB

MD5
02d6e557793f90a3b86e4f6d203e98c1

SHA1
b859143dcac76b7f4ab8c71cb8ffb481eda0ad89

SHA256
3d43752a53665f62d4156872cbe257c00b28bfd77a34123dbe2372f2499e75b0

SHA512
9d5b130b90f54ccd9fdb316d29dd904b853a6b5b55deff1ca51a2d0ddaf3f87d151dee33a99f64f21f472f76cde99b2a292ca9e21b85641de08e0a141076f6ab

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\icudtl.dat

Filesize
5.6MB

MD5
e6ea8118a09cef6b9b1acfe735a7bdd8

SHA1
c523102d774c715f331b69b244ac8ce8a77a53f9

SHA256
0175a3b5e5b02df3480b258e0598df16224e96366eeb10198cf4bf3aeefa840b

SHA512
1a750118205cf942bfbc52e3b6440bcd33f2bc3bd792c8095f2a68af24f9a693905b83ffa7dc1ee791806abe094bdd366a3ca5609983c3b2512bcf97ee145039

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\libegl.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\libglesv2.dll

Filesize
576KB

MD5
4fb42f7c5daa0ec719f542fa58ae61f5

SHA1
16a7cce527630d89a4ac3316b2092c21059a01cf

SHA256
297b51cc239493969bfa0feaef1305ae8640a21921113f3da11f87af7396db88

SHA512
4944a11aae8a79ac0359e66319d82043e8f52607263bc401547afe1bd344d7f6ba48ba4140240476b7095376ed6348b758b3c654de7018e4d377f068c65ced82

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\locales\it.pak

Filesize
78KB

MD5
82ea0ff43146f6a02c0ef7df711957d5

SHA1
29c895909da09704a5a419a943e464e0681fb46a

SHA256
6c1b3cd55e4f7e417a126aafb99973e239fb1afce18d00e5a0232eb1f7fdc166

SHA512
68dd4cae8007f835af3d4f3d4e0a16a81458ab450de5b97c9cba3db63f78bc78aa7e6343ed12c37b47dfbaa3679f865fe236bb440bab9a61e9364c38c8e97588

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources.pak

Filesize
161KB

MD5
e6d809a5b4e4dcc51ef1f7bc4c229bf5

SHA1
7df31726aa933fda26de65b3441cea97b677cc1c

SHA256
06241e4d2944b0335455ec1d2473d500a873163fa568d35651ae79f9f108317d

SHA512
76588d9f70d7d902bacd541e3817b0e1ba2e829e6dce2fbff89cb38ee87e01970d7781010308f1558d5da703feda96f63062411b77060ad552142127ac87a544

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\icon.ico

Filesize
18KB

MD5
b01beaed315437254623e08fb48e711c

SHA1
6eb1dc29e044491564a403f9381d0978d6d8b569

SHA256
61053f4ed7cd19e47d84b7e541776e5e5a453c7f5221e1b47d3b67e23ccd7d14

SHA512
cfbf53813f6b43376e979d144a6a23db4b4f59ce8f77b3acc03e262fb016c33cc8bcd62556f12ba31125f03114b8a5f59a5c0fe309b7fb95b9c4ced4b199da7c

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\lib\main.js

Filesize
496KB

MD5
7327af37c332ad146899073ec665a18a

SHA1
d35b0c9187a674bbe16687dc7c857d65b94a6f36

SHA256
d6d58a6a98a77a3c0cdb45e642d0a5d125ff3d75bb1f42e7803d100a9160dd05

SHA512
39d35e82d355b573e7ad153b2f4a36b226c39127bd19c48f722b670813d86adfc658563afa53c4129289ad397985f801020daf11174f7df850ea622cb0356435

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\lib\preload.js

Filesize
12KB

MD5
cfd7e6489b0d63738319982f68ff935e

SHA1
d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

SHA256
d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

SHA512
9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\nativefier.json

Filesize
952B

MD5
fb0b69b215e5b9ed69f129c84c9b12cd

SHA1
709a0ee18ffb85cdb7c6a77c1cd2f8389c6a984a

SHA256
f563d249353a9ec119fad6a054604bd81369afd2407786d7b5a38f8ecd8c4a94

SHA512
21d64dcef554375f85b43f4d9a5497275e9f7309d5eb9be85a7f3e01f257591f3603ee48baa82b6f7d65117a8db303e957279efa3827a919c18e0c4af63c615a

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\package.json

Filesize
599B

MD5
9ec8f68e413743c64a1433ca5a3801cd

SHA1
56bac55a14adb9f0f4717b239ab113078b556ed3

SHA256
b0a4c7f727deca794c724887a4e6b260e247141db51c6cdd26eb4e031d6c27b1

SHA512
91e1688b139fd6f40a7e64823b77aa10c929515d11228a8bb9e232fa56840b624c3c086973ccdf8308911ef4e49512f2d9c38fc365fd70baa48596a60b3711e0

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\vk_swiftshader.dll

Filesize
512KB

MD5
f99d6d89a8953f57a9e171a015a62d93

SHA1
dce2a8aed3a84fc31c8600a788b6b03f4c29fad2

SHA256
b39135b17c61c4b03f5eb9bc0b9dacea8eda9cb345733a75cfca6724173c2be5

SHA512
998d7b8ba3d8232e84602ad8b9c8a2665aaef9e243f7756cb646de8fb0774f1d06bf1f5842984da0a9c7e4ef1cd36c3ba886fe218948343bfe9cd9cd6be1a9c5

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\data_0

Filesize
44KB

MD5
49bfbcfbf8ff1d25bfcd142aff91581f

SHA1
0750329272999a687273a12a3089b90c689fac26

SHA256
d8357b296072cc882a2c008f907044d595eaf21a0bf649080b7e56ac95bede5b

SHA512
9c851ae1066c323e68106c1020c405ec1485711a19bb9eb58c62925f58fb5cb8be470467be770bcb3c26306ef5fbfeadd921fe9ea633ceffff49d4a122aa5020

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f3cfface631608657489542f6546eb6e

SHA1
4645ea3bad90fc42821245fdc55a914b428b40e1

SHA256
3a58635a0bfbc538636cee4724edb7108478ba120437459c4f7980a17268894b

SHA512
da54581ddca6e1d9ca025bb9fd689e82f69b5d681a18476e2e32b00721be375f197b40bd45a42b6b08bd4799aeca14e7d03ada734a692badaa93bbcfb9ce9965

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
619a1431a766a372a3e7062191bf6f57

SHA1
dcaa9e78a86b7b5787087e8aa543d094bda71ae9

SHA256
663e42729d2d82b3ff1e38656534cc9006a92af4ff1f0afa5d921f533a36359c

SHA512
885d1ea5cb883df4f7f32a58163e71d2efdfc5dca1ea99c8d9056ee02d7081366664bb3862b672aca0e509836ec805b6eb6b0974d58aebb2c70cb6268336f6e0

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\data_3

Filesize
1.2MB

MD5
8a092edbc5bd2111a704c31a3418d095

SHA1
2664959797bff3db3ff015608db7027d70c69ed8

SHA256
127ac5b5e9da4dd746a79c5e672485481d3add23290a5862eddd4f50c7501bbd

SHA512
2013dee1406ade289e480a987ebe07472980b188fc320f091f67e24d29e98ab8fac0938175bf18b4a898d47c5c8b3138d827669a4cdb7e45aef6a6f1b97d9326

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000001

Filesize
30KB

MD5
72994747eacb27cabe3eae5749e4c145

SHA1
3e07e4a3ae1e546ad35d47963e164ead69ca61a4

SHA256
3fec28e0709a04ebfe1a1fd403026e0beca558933fdf252179a59691ebd19e8c

SHA512
40f7d676f333eba9f19597e100fdae4445b4adb38eb780711ce2712d9eb413ae771e8c6bf7ec493ac0b060302008ee3052da3b2584bd5bf49a6a9ebd06ecbc7c

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000002

Filesize
960KB

MD5
970bb3ec3b388214a78efde7fcfb88a9

SHA1
7b6be7756ac21103dff0eb2fe3a598b9ba6ff88f

SHA256
8b83a0d4bba4cfcd4a4e7ee89b703014a00a5c08e721e568a5c552a732827fff

SHA512
f1c34da8403578a7a716b3f54df358713717ce3c91dc47823056663734bd2847574401b717f31babc9592cac81615e034e64ce961ebc495b7d8144ffa4c88523

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000003

Filesize
30KB

MD5
8486bdacd300e68cd28de94187f8e5f7

SHA1
49d77ff0bd7957107f8bb75b52eaddf44e8d1243

SHA256
6338320fbdcc0853abd5399ced3596d4a0247aa0c1f044e6058c2407034d61ad

SHA512
05391d0e66d2f624f2d1c6122d1ae3d7a8ce612055048b2a599f3eb07e0db8384910fc9a71520eca704e7cde5cd3bab092d26cece84ae7ebb108a13cf387e51a

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000004

Filesize
16KB

MD5
d557b5d59c4df63493d22cca41480867

SHA1
9305dc63d585efe2f863195d158c1653011d3b10

SHA256
fce53bfcfab1dc752ded04759a76d38e4b42b345916932be2d132fbe8511db13

SHA512
ab21b2883ad36a26d4ead6055c9bdb0d9bf92e0584295997bbfc89d0ca8d7b62ad5fe0cf42fc92ef0dbb5caef1b9fdde3c4d09aa00325bc07b109cb05e7dcc07

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000006

Filesize
29KB

MD5
6d973c8b7e2439d958e09c0a1ab9fe50

SHA1
05ae0830200c20b9a2dfd5a825adc400481a60fb

SHA256
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894

SHA512
058982fecc0a8c10f16fcd8f42a3d25bb6da2c8786d4232bce76640b550b7624395c4dc679507f369eb19101c479700c26d459f232319213647e56385d2c011c

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
0d5682f6b871d0820b20f2045491e3ee

SHA1
15639d51f5ce3f05365883abe454351ce8a879fd

SHA256
2984027b5f568bec5e5442990b02cb536f1cd6d69ca7951627186d7531f35c69

SHA512
5f0cbe6b9613f655491c18e7b3bcec684cfd8ec71855aa7e647d6ddcf08f64f12ff19e6713a7e1092ec594d19bd67374eb7ac33f0ead2fe7a72ce6bf8d768824

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Cache\Cache_Data\index

Filesize
256KB

MD5
e9d758da718b656ca5479ad4774a4a12

SHA1
f529eedebb59b12e439791354bb5ef0b51e481ea

SHA256
da3670830446ef727a515ef623335141dd07d8cde62fb50bb13d3294e753de8c

SHA512
ea9bfd4e455c9b5a4cb8de805061db4e65e7e5023e537b6444d8c254d6bb385ed9f40d6c2e950ebb668d24c33e00b87791a32a7d31a7606746cfd032e35559ba

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
968c7bf29af4657e0306f9c04a78686f

SHA1
a30d1ebce80ed119340c14bc66c46aff001cd2ef

SHA256
d6be3f988648fee205f5aa21a078ec14f98b7410ab5c584b18700ac21d07f426

SHA512
444105923ce054fbabb2ba8925097f13cf9d14eda6e0aaa4fee4bc81ca6b2fb7511a884eccdcc2eda0edf1d6f38abdec0d23f6c22ef285e1c799cc5e259de493

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
bf0aecf1ea5f1d4d8b3c56aabbac60b8

SHA1
ca26e931ea292828a295d17ddf2a0aca0f1bb546

SHA256
359b009fd8fe344181f19b50d613647c5445de5d772663bf52786e1aad7b7d11

SHA512
db713c6f1d5693c6aa5bd4ff3683ea79ac5a40819a413cf276d82e670cd7b75fb75f1011e251de944756ff3ff1bf7e5cacec34b02a884350fa4337c15c8cbdc9

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
312a27d524117adac3d6194444f5646d

SHA1
e3b63c9cbbb3ef28d42ca4206cda4ef8e5e557d9

SHA256
5e994313a7036635c490d1b4be88fe8fe596e14940663f727e3943a22fc42ace

SHA512
439d6c27e69dfd35083f361c7abf9f862c0c1bcc54505dc663c46d450dd4767cb95ce10edf8d4e9eb2022c3214158e39d8f63983c2863fc046ad57b0b7802841

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Dictionaries\it-IT-3-0.bdic

Filesize
184KB

MD5
ed91499bf2748250ffc356522d051bee

SHA1
3865132608ae3456e6b29db0b569157fcf72d6c8

SHA256
1c6bf568bc41b6a146068ff80091f547a416a109f5a534327d403f5312c32d6d

SHA512
2d992f86082365a6479acb68dcc3d78b0ecbe50a3eac376af3d92e80327711835a2eaf0108b157cda2b4678e97bcfcd698b49d1e7f07077a3fb08b3f6d95f37f

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\GPUCache\data_1

Filesize
264KB

MD5
fb772ae3fd3b4def6de965a1d9d7ede8

SHA1
b157eea6ee5b0955c711b2a68a800f376acae72b

SHA256
7238fb36d0960006d87ab6b426d6e7e698bb6c97041de2a79ce08a18d213984c

SHA512
0301730b8a44cfa2f87bd34301cb7358d0ae62150726f0100e2d46885a0496cb52f7abd1cbd8bf5fc250b7197125e290d94015260f7b43b9c0a19769c2f87211

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Local State

Filesize
389B

MD5
9349e55775af8858d9730890597ca8c3

SHA1
72d685af783ade321bed4035a6a53e084d256cb4

SHA256
0947490251505e8c84c6c4653da3fc0ce4fb6157d73db83d6bd4a861d0e9fcbc

SHA512
ed9fdeaa089144b7661cdfffb2f89453d9a0cdaafb44e07b2502d0800c32f17360190978fa0d3bc80492183ffb3c37443137b3bc17b44c785b209986da922909

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\Cookies

Filesize
20KB

MD5
a5b55ef875a290f8739655274b5cfae6

SHA1
18e4b908037bacfad929980a55c866526140ee4b

SHA256
3c6e069a7df07ee5eca265821545bd9b5a0be65dca21805d42b10133d12916cf

SHA512
58a6c9a5a09599fd6aace62805be2fbafb18c2de395c4f3f02653e2efa2217c96e6f177f681d53a779cef9d097e3745897c2247be8fd527f838cc4940d565c67

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\Network Persistent State

Filesize
2KB

MD5
e1a80cb55dd734e0884dc9806d566256

SHA1
7ad4e461018852ba7876d5336a83ff3842f6b8df

SHA256
f14ddb5c0de8c0b11f44408021bf291e9865d0f0cc3d0e6dcf2c194a77d4af14

SHA512
a338c0bc1387441fd7773e962e12c2ec4eca79f06f69d8121284062236f40156bc7e8acb623b560442321f4f915a505c7255d49003bd5d4396121c0633618803

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\Network Persistent State

Filesize
2KB

MD5
0f4a5a296681f8ad947f380adc2fd72e

SHA1
ec548a5fbaaa254581bf286675636c6f6ef179d2

SHA256
09f4db312337b6973b1bc67c6c34d9c595bb80623907ffbba1cc04085724ef98

SHA512
b1f655c82ec6110230df4dbb9b8d3f31833ab1a642a4c24031d1c88d26499491c08d8deb03bde5798b0970c0c193e873669e10c24d183382ab86baf4e54fa210

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\Network Persistent State~RFe5b4310.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\TransportSecurity

Filesize
533B

MD5
6e4495521ae5a0a31fcbedc246045491

SHA1
31f998260d561ca902617594cd763ebcb6c38c75

SHA256
fbd259ad1a83742174bf9e2415ad6a80e2071e9098416d83cef02fa5eb407bf4

SHA512
ba9736f7b41852c8df5e27cc3a1018235628edf7ed4e58ebbeec983221cfce53b9112211dd080f14baadd969598bfe897ca823abb08fbc4cefd2cdc048d2b7b7

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Network\TransportSecurity

Filesize
535B

MD5
3311420d1f64bfdcd9ddf20ae2cd5322

SHA1
65212d809481da5ab74f93080611a4f6ee3c9714

SHA256
5865a01f6097da0680fde8211bc63aa8e2796d9a683f2dc5308ec142aba6f65d

SHA512
136d79f939ebe92542b20271d5ede2d87c024efadd92bd9bd110c8039df2a05d72fe0971ff63ad17264492e1eba089cba0227c5e727c4bb3458c5eb8fef4fa7b

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Preferences

Filesize
54B

MD5
200a8e5adee99b45598c6e525d4f92c5

SHA1
60bb397477fdf37a50b180d4bd42309f0d0fe6b3

SHA256
16c892a64ad5f7a88e51a9b1028567b7818470734172cf9182f919a83e8d07da

SHA512
8e31feb87a55da7d2a5903d9df3357b5566bf46f0029e879e066584061965ed5e0f5f24e4c54f09d30a2c1809d06a4c25e466335696eb60fd879934b16be9402

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Preferences

Filesize
83B

MD5
e6e67208eb9e63d303ccd9399d57414d

SHA1
4c878219c0c5c4785b56b669eaa4a392f0570c11

SHA256
1ab59fec32adf12447286d25342c20b18d9b54f3a72252e43926d1cda1d6808a

SHA512
637c27b6c8251c30ba750a91d985152aa54b16cbbc36ac4c7b61c6a3366ce070c73f2080a79b63d06af7993c3baa1fc5a7f534660dfd85b3c67fdbf0d5569ec9

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876\window-state.json

Filesize
137B

MD5
802c0e6d211918eb778230fa5e0c3605

SHA1
60d1373594259cb5d88b9e629db128a9a4ab227b

SHA256
7970be9507cd0aa9ef53f39fd63580f2d11a0234a695ad18c6a499ab69eb2eda

SHA512
7c6340e59d479c2cd7b8e6fe57448195dc4e0b1c3888015ffb066562b3d52764a9989a96ad952d2161ee1cf7688df29697ae35bee7341e742917b151b9d9287a

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\d3dcompiler_47.dll

Filesize
576KB

MD5
da6f229e4f1aa8bc1a4e5f837f6d8420

SHA1
9cc36322e8566ea1669b9cc8ecaf98c95fa717a0

SHA256
c611c5c4d583b40ed770a08f4f58980f435853615bd71dc6ccac54534ee48e0f

SHA512
ad8e292452152e79b0a72b933b711a5bf7a5f64141f28aee98a3bfddc078e3602cf4bd59170319c67b136e32667a90287c57a282cc887f494e68dd8dc1a68fee

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
896KB

MD5
f91b8427eb2886f1f0159d3e2025fae3

SHA1
6ab8003be8ba5aaee216805971c2ef129355ddb2

SHA256
4e676dbbd03114b8dc629b4a277150437e0dc8a4c58661533afc1d50f4566f3a

SHA512
d8f1c094cc17fbbc82a7d8db502566396673fb5b030207aaa698a6f782b10a22bcffbdc71e18fb2072a7398cf887c053119734b8deac21eb147ccbd3bab9fa80

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
460KB

MD5
ee69fde7627c98576c5449ac4e825e8b

SHA1
66c7581f23f81171db6dd66d5906636c699314c8

SHA256
b299a28394bcd4310400b769393b8c685638c1fba846f17a37041387b66d3ce3

SHA512
efbec184e855a9fe15f921e7fb6223f1f2527ee1a7e424db45263679181ab3e32cd410887fb7f1ef6e9244a393d7441e01cf15c58ef4198d1664564196ae993b

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
535KB

MD5
558292ff1a74946c26d29ca5a6e12ecb

SHA1
5f99d107cd193f1b7ec88830d6377f8add4ccf40

SHA256
4054b2fd08622f2c5f03f39eac1e959ae30cd9eb032b6593fc4640327c2231d0

SHA512
29c7c0a4b7e73718f16f8a94b3c2a2a9f8e102df2e5bfeb2808a56ea022980990cbeb9a4210293b4eec28da78ff2023941836f2c47bc030e721b5860fe71acc7

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
453KB

MD5
b993eadc3ca5dd577edbbb5da550df11

SHA1
0639406b7c42fe841e649268647b0c94a209ddab

SHA256
4dd4ca1ed3f2ed1e3da9c0f69d27bf7f546acb5ac54c674d18064ac069d07304

SHA512
5589e198b58fa8adb40b3355e1205ec44059bd90ad97d933da8a79e79db8fc0397dfc19431e5abf1a00fd1674b81af02486334f9ace59185bda33b640d28bab7

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\libEGL.dll

Filesize
448KB

MD5
3eeb4d2bd53651d061722a38ec668206

SHA1
188509145fdb8f7f4b5e9e87c25953ce85b486b2

SHA256
dcdfdbab7a24b41b14d94c2f6366353452122b5477ff8059d305af00db36df33

SHA512
26d9a929d7fe5f43337e7b3a7c91480fed986fa6f1b64f1db826e89730b12fc2540f0ee521263d5c8b1d94f624f3455fd70bbf95390abb992608d1a629d2403b

Download Submit
\Users\Admin\AppData\Roaming\Cheat Lab™\libGLESv2.dll

Filesize
512KB

MD5
c1fc2571ff1f2101653ca4eb7f861744

SHA1
cebb3ef658bf5263eb026bee60dbf1aabc907a3b

SHA256
533880ee9e1320d2d623e9147d0af9f811a8c9fa349420f999a52da9eebf665e

SHA512
780d2feb22c0dbadb7529d92190fb8417345c0f3769111c9f92f8cdff17db43c30b34f0a7ff6c39e4f8f283f99eb7e3d89bdf5f90e1d4538a94f8a0952c6a856

Download Submit
memory/3076-16-0x000002C9F5400000-0x000002C9F5410000-memory.dmp

Filesize
64KB

Download
memory/3076-35-0x000002C9F4CA0000-0x000002C9F4CA2000-memory.dmp

Filesize
8KB

Download
memory/3076-0-0x000002C9F4B20000-0x000002C9F4B30000-memory.dmp

Filesize
64KB

Download
memory/4568-1152-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/4568-1159-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/4860-53-0x00000252F6670000-0x00000252F6672000-memory.dmp

Filesize
8KB

Download
memory/4860-232-0x00000252E68F0000-0x00000252E6910000-memory.dmp

Filesize
128KB

Download
memory/4860-61-0x00000252F6910000-0x00000252F6912000-memory.dmp

Filesize
8KB

Download
memory/4860-253-0x00000252E79C0000-0x00000252E79C2000-memory.dmp

Filesize
8KB

Download
memory/4860-251-0x00000252E73F0000-0x00000252E73F2000-memory.dmp

Filesize
8KB

Download
memory/4860-59-0x00000252F6750000-0x00000252F6752000-memory.dmp

Filesize
8KB

Download
memory/4860-256-0x00000252E5F10000-0x00000252E5F12000-memory.dmp

Filesize
8KB

Download
memory/4860-55-0x00000252F6700000-0x00000252F6702000-memory.dmp

Filesize
8KB

Download
memory/4860-57-0x00000252F6730000-0x00000252F6732000-memory.dmp

Filesize
8KB

Download
memory/4860-246-0x00000252E7360000-0x00000252E7362000-memory.dmp

Filesize
8KB

Download
memory/4860-63-0x00000252F6930000-0x00000252F6932000-memory.dmp

Filesize
8KB

Download
memory/5088-173-0x000001E312000000-0x000001E312020000-memory.dmp

Filesize
128KB

Download
memory/5088-185-0x000001E3120F0000-0x000001E312110000-memory.dmp

Filesize
128KB

Download
memory/5088-170-0x000001E300660000-0x000001E300760000-memory.dmp

Filesize
1024KB

Download
memory/5088-167-0x000001E3004E0000-0x000001E300500000-memory.dmp

Filesize
128KB

Download
memory/5088-96-0x000001EB7DFA0000-0x000001EB7DFC0000-memory.dmp

Filesize
128KB

Download
memory/5088-86-0x000001E300820000-0x000001E300840000-memory.dmp

Filesize
128KB

Download
memory/5088-83-0x000001EB7E480000-0x000001EB7E580000-memory.dmp

Filesize
1024KB

Download
memory/5088-79-0x000001EB7D100000-0x000001EB7D200000-memory.dmp

Filesize
1024KB

Download
memory/5088-77-0x000001EB7CD30000-0x000001EB7CD50000-memory.dmp

Filesize
128KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads