redline | hxxps://www[.]mediafire[.]com/file/fu7vj52h3yb7o8p/AtmosphereCheats[.]zip/file

Analysis

max time kernel
375s
max time network
374s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/fu7vj52h3yb7o8p/AtmosphereCheats.zip/file

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Executes dropped EXE 1 IoCs

pid	Process
1252	AtmosphereLauncher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247676544422984"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
1368	chrome.exe
1368	chrome.exe
1252	AtmosphereLauncher.exe
1252	AtmosphereLauncher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 2316	4508	chrome.exe	84
PID 4508 wrote to memory of 2316	4508	chrome.exe	84
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2868	4508	chrome.exe	85
PID 4508 wrote to memory of 2232	4508	chrome.exe	86
PID 4508 wrote to memory of 2232	4508	chrome.exe	86
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87
PID 4508 wrote to memory of 3964	4508	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/fu7vj52h3yb7o8p/AtmosphereCheats.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff30df9758,0x7fff30df9768,0x7fff30df9778
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5208 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5824 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5668 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6084 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5856 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5868 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5844 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6860 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2328 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6524 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7112 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6392 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6404 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3912 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6528 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6968 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7476 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6260 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2348 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6976 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6160 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7440 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7336 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7016 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=960 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7848 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6092 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6876 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7204 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7232 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8220 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7568 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=1120 --field-trial-handle=1844,i,11734882628762789813,13240699374259151122,131072 /prefetch:1
  2⤵
  PID:1432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AtmosphereCheats\" -spe -an -ai#7zMap20746:94:7zEvent498
1⤵
PID:5256

C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe
"C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1252
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"
  2⤵
  PID:4668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8da121b8326f1eef18a97eb59d0ad5e2

SHA1
408632f615ea5ee863c7562105d8536ff7de062d

SHA256
06f284e3c5df4fedd4267c7e8929660fa14aef7400b5f4000109979df29769fc

SHA512
72a08f838371f1ee26357b5104e7f45b4aa0c954554c6e8e877d492c848d82b5f2bf061b4c9d43af1476619ffb911ce19b99f29d0e41be05f3e143df6e2aa1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
827722c286cdeb3e1063e64425b7f0b8

SHA1
12874edea7fa82261aab1f942cc42a3368263879

SHA256
0afe041159341c221e284c29bc10661d24c07ec7ae51958c9145c7ad5e064f55

SHA512
55feda319187cd81ab953278625345265da76421e9fbfd0be31450f63ed3c1c65ae2313cc557c89286a0e1eda6ae5cd98bccb77ff78a520b47ac8ee1033c5e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
988280435fe1b7e855447dc5bdba019d

SHA1
f528acf98ecad38496b8f72cf0d53ad7467e7028

SHA256
3bd2f30174c78061eaf5cd5ce4f0d2690730b891f0d8506f4647b2167a9de67e

SHA512
102b3b8a961fa8f72ab5172e75aa11e39f6d41f2708c7230ab4f3611c61376bdf9a1888079b086b0e524f95bcceee4d2ce771de9d13276b3e753cf5db3030e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9211a4df1e56b6a87aded599e0119f5c

SHA1
ca964a490161bbbf25a12b8185ecc20a7afccea7

SHA256
b009adbc60a51818a8939cfe45dfb553e7ed1e1ef4c50455009e9c6c4c11320a

SHA512
6c040502392bd24976c39b19e15c0ab7db3b7f723a89598b6d728eb90a81c2b0855dd48aef710bfd411264ddd8550ef79925023168f9accb2d91e55fba334806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1712db986352f13eb379133db2532cc6

SHA1
58105fd6f9d2a97442ba27c9f28bae2024ba0118

SHA256
89baecbd12247ff4f3701c2d99c8026f5e2e328384f9df3e5cdfcbf2f9c85558

SHA512
2aa402e1c9d7ea118f0f1095a4fc0e7fc7ff616e39e00b84b44f18bc0cb682e406ad7103e36336cd58c704fa715b9b7d9feb209530abace5b78fd8a192b64a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a480cb87f506d05c267108e9d357aed2

SHA1
1234617658a2219b35c1fac9db059b88a6a45e7f

SHA256
e0b9b7d56623c89733a4d712e5c5a90635761222cc42f0a18ab6001d020a02ba

SHA512
c3e4fb407c72f567d0edef259ebd80ca04747f7f128eb191785675f96deafc69cb0e3aaae39a6a05d3f7bd72f0d57f17ee2431e66bb428fdb1d3945348d5e9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
3900aea32529bedc138191b74d5d093b

SHA1
fa9ad95c85e67863162952242afbb9626d6a0e70

SHA256
7c2a8139147ed16917f5746d4234891ac6148039bd0a6d4ff2ec09e38b2a3892

SHA512
11d30fec7c92a2097e4b327e6c506b634a9a05bc2da8ffa7c01f7c52f3adbc1b4ed79623e90ae5d154077eb815f888d66fd881a36f01d3ed5d10fdfdfb25890e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
a422bc6470e3c1e0462f8560b787aed3

SHA1
1cc8efa76e41bd85392c5fd44d2907f7399854bf

SHA256
4edfa0f811fbcc142f168980b5c746b96d4ebf7eae055de8ec25a02211b9c9c3

SHA512
27ade8bdbdb9026e59bf938bc165c79ceb19788ac52387699f5ceba029dcbbf295097df79fcfaa02e15094960182ca0da0cb7cda343507c81a265bb2439c983c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f7e4cd25cdd216176753fc0d4f92befa

SHA1
ba20a17a69d53477ec797d646fa7be98a025ef6d

SHA256
56f248a3f39d94e3da100643bba2f53a73d745aed5a1655c027c0d2c485dcb11

SHA512
dc3a39171d9c5796af46f0c6ad221f591f70e526c89b5d4f042a21b281b04cc127796d4f48acbc51a3087d42e655ea4e1d6e1c943a1fb19e7e04be6e945ecfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b5085e0813367b041e0a49364e4f31e5

SHA1
e8b21f9da8ca51e2d4d15b8dd55bcd36f2d40d9a

SHA256
5c0f55f173264e434ed46abcdc62abf972f1c02a04165424ba43909cc1af9f2f

SHA512
7d0562f94b7359d2d542cb7356bc0d90538d4b60b9f191968ab5fc8f5f0da92a1ab814ddd951d5debd4aec2558d69fb0394d604922433ecb7e86bcb1522c4ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6af1740efc5708f9ec459a9dc8dd78e9

SHA1
4507e8e046bd6556e1fec441006bc0818c6de209

SHA256
67bf7f7fb585c8f9cecc1539f21ec618319b4575ac68073fd3e7378e0ed2be25

SHA512
ee5084891a559c8f8e77d2f9b597bdb10ffaec277a6285dc6653b9086d2cfb3f7f2b4bfef2e741a33c75c6e2889af6e248f1d74449360dc39b59ba7b0a5e2338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6fcfff4bfae906d0f04071524b442eed

SHA1
15fb34b3674f5d3493b07a58404e65ca67d5ff41

SHA256
db75a0ffbe44086f0fa55c6a9beee4994129aac0b7ca075e993cd4694676ec5a

SHA512
0d5d03c9baf5127684e4b3d9f2b68d014668ae3cab3e905a2c03f6815d88d22cf9e4592a972209f98a7fdc8e7af3c89b1a86ea2107996b724af3659183b76abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a955016f12a31aff4e8ef530e574d38b

SHA1
f8169c70133d42124638993cde9ad1272791588a

SHA256
01769b78c72ad0949d716f1d786e8297a575658b2eb3a39b387093ecf038f15e

SHA512
63a85e1c27035f5c8290c7c904340bdcd8e6af6df7c9c154bdd15b10f3d9999dee93d85558a974a307dd62a58ccc33b71d4e022286e4b32659df6d6e1e58abf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4aa8f5f001565c644e61deb97ebff6ed

SHA1
5465f60b0bc608328cec6e485ea80caac980683f

SHA256
594562c420a09834584613c534700cb9481d98677cc307a7fd0c14d48dc1fbd9

SHA512
6a931f4a7efeffb4c550039b6c7e9826ee7e739012fe2bcee6727ed0837a9ddd292edf1117381b6e9cd9a38eb4d9a4c6022f797f34a8a91c8302eb4fe69c2bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
eb1e5cf2e0b6ae42f5b75a6cedec14e0

SHA1
003f99dc36bb1a4bc177ddbdf0adf2c727a5885e

SHA256
d091233670dc271e3bca33161e6172d5642a0383a060176e0f96a6c05a053e36

SHA512
929bb923013b2df27c9fad7c7e628496ff90709832ac3e30df890eea122b0d461e69dc2658f24ec90be572da3add61ef8bfb4b225a70ec7139fdaecb8efeda43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
5308d495531d6cc08a542a940b26bf83

SHA1
90c1acfd52fd976020f65b0f7b8c2d41d0fac7b0

SHA256
40a908bf63ab82954838b7be42b21332b9122b605b9e23320b85cd57e194b504

SHA512
9f1257d843a14471f46a1d8928cf2871bd18f7a72782f18b1c38b2c0a44fe2902445f3758f487ac1f39ac58b629d8571c2dc62549565512cd64ef1f3fbf08f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e340dbb3f91c6e62b0ff0e24c7607d72

SHA1
ddcf3c84d4d18f387c29ff363c2b27dce1140a63

SHA256
acd1c012f6e53ba065082d77f622f952babf9de274640ac6a7c3c27b4332ace5

SHA512
90e66eb883335e33550ba23c9fb54f46ef41e8df911eaa4ea3ed091606858129ffa1336999825882170f015db6b9c5604778e0690818ef55d2d64ea4926b7854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0df9d5a96a220900533d3a7233380ff

SHA1
ecf7d10b1b80bbf1a6dc27088e117ecb91a5d5e7

SHA256
6170acf06e6eed1ec4d199d9840a11e325e6940978f21ee8c73c63def0930edb

SHA512
f97faf2d26687b4f9fb2685514c8f1a88277474c1a670400e67902655501b36badb0c1c01d3ddd3f5b154ae0651d8e5ebf383ec1a57d185fd7f91ebb937cac55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a1bb54a24b31a2d2e6cdca05539f24ec

SHA1
a8d86a81932d37e52fcd63dbdf7b9020f868f070

SHA256
22cddd8cf8fa5558a917a50f67aecdddf173c96222fd9fa04512179341f880b4

SHA512
94ff2ce9b162edc4da923e531041ea56591bd9bf80eb1434bdf849b3362b23cd432dc0401e7e3748fa74b5187b3bc45ba9443470e7745e99def8bf774105670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
eccf1a4b9fdd59f180d1f2c775caec87

SHA1
a7629e730c594cd93abe7a7e94d148de764d19db

SHA256
54c9845e73330867ec35942724e81f5733f458791e727f030c962537623d7c2f

SHA512
447fd53c89364d1321ab755caadd0ffd6c65688068f9fbd3a5353664f93afe49731b05adf7351eed702f77367641ff5a78299fe5c2b1d7c1d67cc5617ce76169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
c7c108b0a91088355f843c262be82e85

SHA1
a4e6d41ec07ef9154b54cc9a1eb22ff2723aca92

SHA256
44d6e2cbe068d55ffff50eb7a6071446b43f4003a56ef9a6d12b277508a83a03

SHA512
031a458f6f44503ec3d77724fe569497bc766644169dcf2ad5f324793763f7ab65a86118207ca3b215dbc37c6e1db01042722c133aa7b46452cc73ae520c62f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
18e63c018759786ebc263fadea476b74

SHA1
a72da3aa07f262e587f86c81e675444b70ca1ae7

SHA256
3e6699b0db0d79a95cdc65cd2446946ffd1834a3026e272dee348aa3790ebd08

SHA512
aa6367b84783a7224de7b2ac5dcfef46e804d6900158f705a58a679127ee9a96c384877197f1071c1353638dcc18d117ec0bc96cf52427a1a603cec1afd3a6ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
c9a41cb2f6e38f4f0fe69b656beda43c

SHA1
757def97778d2705e6fe03e55838f76c4036fb48

SHA256
ee50aaa3a90cde5df3d13f545df1be930df0b8dc464aca591ce59be184851095

SHA512
c9e7e091534b408e65fbf636835852f6553087b4a6acd3cdf812c8b6ac6efebdecd150a43f12acb1672ae0b7c61580b88a06c7a4834e43a0e368912e2f7b592f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573d09.TMP

Filesize
103KB

MD5
72ba21ed4e75fc4cdc4add297582b959

SHA1
efa79ee0aafea611bc5111b5ca4dfa7d257ee7ee

SHA256
0b0b88a96df6de13991d6e42d548159b103da82ea7a6dad392f63e6d851965a0

SHA512
4f1540ca827cc6a81c70d03b923e8f5254576e69079a7d00df46e6df0e3518c5f5f76ccccc1cf43a3a82096fb315f675497537d1939f3ae22a0f570ac407a88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\AtmosphereCheats.zip

Filesize
14.3MB

MD5
f651a5ad7a3c8db4cf2b09b67002df7f

SHA1
9373619452be670d10995c972012f294909f71de

SHA256
462ba6a1b67a37b36f9c5767c5a49a6bd60163aaf513545db32c8da769896ac4

SHA512
5db94c14325f2abe30d95dab5ccc6566c2e76def9fce3a1bef0877a5072907a1621609f75ed85f1af6641507c02c336f1e80a06df8d9196a893cd2456cf0dd6d

Download Submit
C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe

Filesize
678.0MB

MD5
c0a23fc2f3be02ecd3216f00a1e697ec

SHA1
9ae2c732a80885fe338769ac943aedf383192aa8

SHA256
2cb2cd62abf5fdfb68d1c9d1861d24d48a39aa7f451db249deefdf9b7c2bee9e

SHA512
b4cef2ab54649a8a91f4a8612df9f9963058550cce2a48799478056376c58315047452af136ecfb451f9541a7a89f4379f33506c882f9b7217e3cb09b59783f5

Download Submit
C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe

Filesize
678.0MB

MD5
c0a23fc2f3be02ecd3216f00a1e697ec

SHA1
9ae2c732a80885fe338769ac943aedf383192aa8

SHA256
2cb2cd62abf5fdfb68d1c9d1861d24d48a39aa7f451db249deefdf9b7c2bee9e

SHA512
b4cef2ab54649a8a91f4a8612df9f9963058550cce2a48799478056376c58315047452af136ecfb451f9541a7a89f4379f33506c882f9b7217e3cb09b59783f5

Download Submit
memory/1252-601-0x0000000000690000-0x0000000000ECC000-memory.dmp

Filesize
8.2MB

Download
memory/1252-620-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/1252-621-0x0000000001710000-0x0000000001711000-memory.dmp

Filesize
4KB

Download