a2afe28c0feb23b1b68f2f6dd99e34f75a76fc0a577ab9552a02e9162da64aec

Resubmissions

14/07/2024, 12:44

240714-pyhc5a1apl 3

14/07/2024, 12:40

240714-pwgzkszhrr 7

Analysis

max time kernel
299s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 12:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Cheat Lab™.exe
Size

87.5MB
MD5

26617e8192950714d7d9c7548fbc262d
SHA1

49e1a27d74017d04623a5401cbdd203a87dde7c5
SHA256

2b32d8616ebaa2e748977dcdc8cd8ced6dfea14d0025bd1494b8dcfd34694c69
SHA512

3ea57b4f855c882d5fd474357132bbc823784b2202ea4be330c16f3729e83d1beaa7e470f7861459c7f03d2eb1f8d27e89d8c26e3e937ec15d15c40e844ff1ec
SSDEEP

1572864:oFq6qBAr8xoTN6oRGl9ipf2ouSYrZ9Q9G3ax64AbjuYruo4qn+:oc1BvoRGl9ilHuSa9+0i+uotn+

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	Cheat Lab™.exe

Executes dropped EXE 6 IoCs

pid	Process
4872	Cheat Lab™.exe
2220	Cheat Lab™.exe
5056	Cheat Lab™.exe
3212	Cheat Lab™.exe
908	Cheat Lab™.exe
2868	Cheat Lab™.exe

Loads dropped DLL 11 IoCs

pid	Process
4872	Cheat Lab™.exe
2220	Cheat Lab™.exe
2220	Cheat Lab™.exe
2220	Cheat Lab™.exe
2220	Cheat Lab™.exe
2220	Cheat Lab™.exe
5056	Cheat Lab™.exe
3212	Cheat Lab™.exe
908	Cheat Lab™.exe
2868	Cheat Lab™.exe
2868	Cheat Lab™.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cheat Lab™ = "C:\\Users\\Admin\\AppData\\Roaming\\Cheat Lab™\\Cheat Lab™.exe"	Cheat Lab™.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2868	Cheat Lab™.exe
2868	Cheat Lab™.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe
Token: SeShutdownPrivilege	4872	Cheat Lab™.exe
Token: SeCreatePagefilePrivilege	4872	Cheat Lab™.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4872	Cheat Lab™.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 4872	1140	Cheat Lab™.exe	86
PID 1140 wrote to memory of 4872	1140	Cheat Lab™.exe	86
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 2220	4872	Cheat Lab™.exe	87
PID 4872 wrote to memory of 5056	4872	Cheat Lab™.exe	88
PID 4872 wrote to memory of 5056	4872	Cheat Lab™.exe	88
PID 4872 wrote to memory of 3212	4872	Cheat Lab™.exe	89
PID 4872 wrote to memory of 3212	4872	Cheat Lab™.exe	89
PID 4872 wrote to memory of 908	4872	Cheat Lab™.exe	91
PID 4872 wrote to memory of 908	4872	Cheat Lab™.exe	91
PID 4872 wrote to memory of 2868	4872	Cheat Lab™.exe	109
PID 4872 wrote to memory of 2868	4872	Cheat Lab™.exe	109

C:\Users\Admin\AppData\Local\Temp\Cheat Lab™.exe
"C:\Users\Admin\AppData\Local\Temp\Cheat Lab™.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
  "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1640,i,10477170566214767006,3667980891307239487,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2220
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --mojo-platform-channel-handle=2012 --field-trial-handle=1640,i,10477170566214767006,3667980891307239487,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5056
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2344 --field-trial-handle=1640,i,10477170566214767006,3667980891307239487,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3212
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --app-user-model-id=cheat-lab™-nativefier-330876 --app-path="C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2744 --field-trial-handle=1640,i,10477170566214767006,3667980891307239487,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:908
- - C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe
    "C:\Users\Admin\AppData\Roaming\Cheat Lab™\Cheat Lab™.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\cheat-lab™-nativefier-330876" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1640,i,10477170566214767006,3667980891307239487,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Cheat Lab™\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\icon.ico

Filesize
18KB

MD5
b01beaed315437254623e08fb48e711c

SHA1
6eb1dc29e044491564a403f9381d0978d6d8b569

SHA256
61053f4ed7cd19e47d84b7e541776e5e5a453c7f5221e1b47d3b67e23ccd7d14

SHA512
cfbf53813f6b43376e979d144a6a23db4b4f59ce8f77b3acc03e262fb016c33cc8bcd62556f12ba31125f03114b8a5f59a5c0fe309b7fb95b9c4ced4b199da7c

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\lib\main.js

Filesize
496KB

MD5
7327af37c332ad146899073ec665a18a

SHA1
d35b0c9187a674bbe16687dc7c857d65b94a6f36

SHA256
d6d58a6a98a77a3c0cdb45e642d0a5d125ff3d75bb1f42e7803d100a9160dd05

SHA512
39d35e82d355b573e7ad153b2f4a36b226c39127bd19c48f722b670813d86adfc658563afa53c4129289ad397985f801020daf11174f7df850ea622cb0356435

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\lib\preload.js

Filesize
12KB

MD5
cfd7e6489b0d63738319982f68ff935e

SHA1
d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

SHA256
d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

SHA512
9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\nativefier.json

Filesize
952B

MD5
fb0b69b215e5b9ed69f129c84c9b12cd

SHA1
709a0ee18ffb85cdb7c6a77c1cd2f8389c6a984a

SHA256
f563d249353a9ec119fad6a054604bd81369afd2407786d7b5a38f8ecd8c4a94

SHA512
21d64dcef554375f85b43f4d9a5497275e9f7309d5eb9be85a7f3e01f257591f3603ee48baa82b6f7d65117a8db303e957279efa3827a919c18e0c4af63c615a

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\resources\app\package.json

Filesize
599B

MD5
9ec8f68e413743c64a1433ca5a3801cd

SHA1
56bac55a14adb9f0f4717b239ab113078b556ed3

SHA256
b0a4c7f727deca794c724887a4e6b260e247141db51c6cdd26eb4e031d6c27b1

SHA512
91e1688b139fd6f40a7e64823b77aa10c929515d11228a8bb9e232fa56840b624c3c086973ccdf8308911ef4e49512f2d9c38fc365fd70baa48596a60b3711e0

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Cheat Lab™\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1140-0-0x0000000001780000-0x0000000001781000-memory.dmp

Filesize
4KB

Download
memory/1140-287-0x0000000000E90000-0x0000000001174000-memory.dmp

Filesize
2.9MB

Download
memory/1140-19-0x0000000000E90000-0x0000000001174000-memory.dmp

Filesize
2.9MB

Download
memory/2220-299-0x00007FFA63180000-0x00007FFA63181000-memory.dmp

Filesize
4KB

Download
memory/2220-367-0x000002E6E5F70000-0x000002E6E601C000-memory.dmp

Filesize
688KB

Download
memory/2220-376-0x000002E6E5F70000-0x000002E6E601C000-memory.dmp

Filesize
688KB

Download
memory/2868-389-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-388-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-387-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-399-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-398-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-397-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-396-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-395-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-394-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download
memory/2868-393-0x0000021C0F830000-0x0000021C0F831000-memory.dmp

Filesize
4KB

Download