c939f3f3b6a29573d9bfca46e31c43add8502d38fcab0d47b76cf2217850b17c

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Atomic.exe
Size

5.7MB
MD5

5e45294accd779c12d7793eed9d9a2e9
SHA1

e8716349803df4633a19d56a0da7e2f99e8450fa
SHA256

9fa06f7c94cce2db484c156da1283001f07e6283865021f1f1dc9151b2247ea7
SHA512

1150d3fa272327d7fe6676491bf898a6a27082858d7b39fcf2d352048a640b0dc14c8ebdb9aa37d2c59970277afece997b28a68f9164855ff7594ae73bc9e740
SSDEEP

98304:dbbOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlm:d/ObAbN0/

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2097088205-1470669305-146258644-1000\Control Panel\International\Geo\Nation	Atomic.exe

Executes dropped EXE 3 IoCs

pid	Process
3984	Atomic.exe
3744	AtomicProxy.exe
3068	AtomicProxy.exe

Loads dropped DLL 4 IoCs

pid	Process
3744	AtomicProxy.exe
3744	AtomicProxy.exe
3068	AtomicProxy.exe
3068	AtomicProxy.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Atomic.exe
File opened (read-only)	\??\O:	Atomic.exe
File opened (read-only)	\??\B:	Atomic.exe
File opened (read-only)	\??\T:	Atomic.exe
File opened (read-only)	\??\K:	Atomic.exe
File opened (read-only)	\??\M:	Atomic.exe
File opened (read-only)	\??\N:	Atomic.exe
File opened (read-only)	\??\Q:	Atomic.exe
File opened (read-only)	\??\T:	Atomic.exe
File opened (read-only)	\??\W:	Atomic.exe
File opened (read-only)	\??\X:	Atomic.exe
File opened (read-only)	\??\S:	Atomic.exe
File opened (read-only)	\??\U:	Atomic.exe
File opened (read-only)	\??\G:	Atomic.exe
File opened (read-only)	\??\I:	Atomic.exe
File opened (read-only)	\??\M:	Atomic.exe
File opened (read-only)	\??\Q:	Atomic.exe
File opened (read-only)	\??\R:	Atomic.exe
File opened (read-only)	\??\X:	Atomic.exe
File opened (read-only)	\??\Z:	Atomic.exe
File opened (read-only)	\??\B:	Atomic.exe
File opened (read-only)	\??\S:	Atomic.exe
File opened (read-only)	\??\Y:	Atomic.exe
File opened (read-only)	\??\A:	Atomic.exe
File opened (read-only)	\??\E:	Atomic.exe
File opened (read-only)	\??\O:	Atomic.exe
File opened (read-only)	\??\G:	Atomic.exe
File opened (read-only)	\??\J:	Atomic.exe
File opened (read-only)	\??\L:	Atomic.exe
File opened (read-only)	\??\R:	Atomic.exe
File opened (read-only)	\??\V:	Atomic.exe
File opened (read-only)	\??\J:	Atomic.exe
File opened (read-only)	\??\L:	Atomic.exe
File opened (read-only)	\??\N:	Atomic.exe
File opened (read-only)	\??\U:	Atomic.exe
File opened (read-only)	\??\E:	Atomic.exe
File opened (read-only)	\??\H:	Atomic.exe
File opened (read-only)	\??\H:	Atomic.exe
File opened (read-only)	\??\P:	Atomic.exe
File opened (read-only)	\??\V:	Atomic.exe
File opened (read-only)	\??\W:	Atomic.exe
File opened (read-only)	\??\A:	Atomic.exe
File opened (read-only)	\??\P:	Atomic.exe
File opened (read-only)	\??\Z:	Atomic.exe
File opened (read-only)	\??\K:	Atomic.exe
File opened (read-only)	\??\Y:	Atomic.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	discord.com
38	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
368	3068	WerFault.exe	127

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2097088205-1470669305-146258644-1000\{C757FF61-7CC6-493F-8171-8EEF86920AA0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2097088205-1470669305-146258644-1000_Classes\Local Settings	Atomic.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
2212	msedge.exe
2212	msedge.exe
1848	msedge.exe
1848	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
4048	msedge.exe
4048	msedge.exe
4580	msedge.exe
4580	msedge.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe
3984	Atomic.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1000	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3984	Atomic.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	4020	Atomic.exe
Token: SeShutdownPrivilege	4020	Atomic.exe
Token: SeCreatePagefilePrivilege	4020	Atomic.exe
Token: SeDebugPrivilege	3984	Atomic.exe
Token: SeShutdownPrivilege	3984	Atomic.exe
Token: SeCreatePagefilePrivilege	3984	Atomic.exe
Token: SeShutdownPrivilege	3984	Atomic.exe
Token: SeCreatePagefilePrivilege	3984	Atomic.exe
Token: SeDebugPrivilege	2020	taskmgr.exe
Token: SeSystemProfilePrivilege	2020	taskmgr.exe
Token: SeCreateGlobalPrivilege	2020	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4020	Atomic.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
3984	Atomic.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4020	Atomic.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
3984	Atomic.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe
2020	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4812	OpenWith.exe
1000	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 1848	4020	Atomic.exe	89
PID 4020 wrote to memory of 1848	4020	Atomic.exe	89
PID 1848 wrote to memory of 2212	1848	cmd.exe	91
PID 1848 wrote to memory of 2212	1848	cmd.exe	91
PID 2212 wrote to memory of 2868	2212	msedge.exe	93
PID 2212 wrote to memory of 2868	2212	msedge.exe	93
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 4600	2212	msedge.exe	94
PID 2212 wrote to memory of 3500	2212	msedge.exe	95
PID 2212 wrote to memory of 3500	2212	msedge.exe	95
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96
PID 2212 wrote to memory of 1524	2212	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Atomic.exe
"C:\Users\Admin\AppData\Local\Temp\Atomic.exe"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C start "" "https://api.atomicfn.dev/api/auth"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.atomicfn.dev/api/auth
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaac9e46f8,0x7ffaac9e4708,0x7ffaac9e4718
      4⤵
      PID:2868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
      4⤵
      PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3280 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3272 /prefetch:8
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
      4⤵
      PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2020845010183708525,6380739791367604800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4836
- C:\Users\Admin\AppData\Local\Temp\Atomic\Atomic.exe
  "C:\Users\Admin\AppData\Local\Temp/Atomic/Atomic.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/activate?userCode=VHHLVZWS
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaac9e46f8,0x7ffaac9e4708,0x7ffaac9e4718
      4⤵
      PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      PID:368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14626203358929240852,14994801553520560677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\AtomicProxy.exe
    "C:\Users\Admin\AppData\Local\Temp\AtomicProxy.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\AtomicProxy.exe
    "C:\Users\Admin\AppData\Local\Temp\AtomicProxy.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 852
      4⤵
      Program crash
      PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f15cc8be9ac8432bbd8ee6b4b5c4b871 /t 4056 /p 4020
1⤵
PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3068 -ip 3068
1⤵
PID:4620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f8cf07ec265f49e7a3b2751ae4a354da /t 3188 /p 3984
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
acdecd605e900167b162e83c8a84333c

SHA1
fba7f00efbc1292cb184fab2b3138a04e9a8e15a

SHA256
ed980bd923d4def316f2f6201f29df0684ff0ebcf5feacc331df741a855693b5

SHA512
be2030ff892dd418b6af56ade35e501dd2df28f59b42c48f16f079a94746ae03d6e181b20eb4fbb5726988cbef51f82bbd3eb788d89a8efff6e9703bc41e34df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
bfd9f439a56771c4e879323833617c09

SHA1
8b502eff735d4238ca1ada16e93be0a47145bbc8

SHA256
1ad875a9261b92ab6f5b80e89317b5e7466bd55dda196b65c2cfb5803af69d68

SHA512
0d5025fd1cefb54f5ea223cd3c9c36a4ace58b2f6b73f133d87c1e1ea25304e765c7ff919cad11f2641d841d97908f3611051716c2012ac060bed0ebf282d864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7f6a4b84d93993fde98d6553834416b

SHA1
4b4a227af10826f5a2f2e9b232ddb0336b3066f1

SHA256
843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d

SHA512
ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3300b8028991d6e234684db7803b66f9

SHA1
96df26150566233e1e0201bf17b4ea896861862e

SHA256
5b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc

SHA512
2f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3a7d4ad330cfae1c25ff8116c1fa9ba

SHA1
3e75346d2982b0b22b345661ca099b50fe61d468

SHA256
47fc9f91f83e4d6b5c7892e9c5ae596878d912cdd8cdb4035426f0e9be984f5f

SHA512
cb3e1cf54399a6c5aad5b93601744fdcfad32a2349d694d1bca69640e250dda3dad0841bf02faba6b4ac0eb82879bb3bcfae7926440322db85a59833cc6f2088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e251eda318af8e9bdfcb9402edb4ec8

SHA1
00b079a153499885b9561fb28c44826493e5058b

SHA256
7e988de251f4eb7fa03cf59a2358631cb9355b38d6be32743ccc324def9aad27

SHA512
c0bc4f7d47b77c378430b8f0ed5ed0a4f32fe8d386282f4e3316203992d3e7dd044060f2360c122ccdc9747251cd890d878e1747eab909ac0b5fb31531b4a310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0eb3805a2b7bed051777528214cf9a0

SHA1
96cfd6c5f89eb7f10fb5ee955d5965c41a20d7ad

SHA256
8af98cf2e025e434b7ce1bf4ba4f9e526a621e5dd10a1009354a45abcea75650

SHA512
b95d00dae82695b6cf463c7aeb731b29af670f177644dbef55c4bc226b31cfde1bb0cbd40dea08e6c6b445aec7baa446151b9556d3bf8a04a85c668b366d2e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
3a713935a5721af1f55758b86f7dfa07

SHA1
4341e3091d9488f320bab2cd617272d8c59b3136

SHA256
e61296b47117f3f95e6a3a3be60f71d195a112e30994d94a2390b7adcfd13126

SHA512
bf077961a50a3cd65bd99766b873e8fff55fbc0f6a0f28b56586598f7d6d8bd8c08140ed989fbbb44cbbbb09947723dc196f88086acc76ce654194f3681a1dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
230717f880a31caf08499dc8d0fbdf50

SHA1
6ba4eae496d2b85a80dd29354f4a726a1f83d2da

SHA256
ae108deb5d00021aa8b09682440fa0e6fe3d7f47d09644d1bc7129c743170d47

SHA512
00519edbe043df72f8180a1a3f2a59139881ce0858ee12b3e5e8192d21c2215dd5ff5c87c289650b75c1014d027a2c5fa2c00cdad9bd158b25ad82c5db24d05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
92e25566cc224127551ea71596202f57

SHA1
3aa1acf6356b39707fb76a1ff46863f4f677701e

SHA256
b66f508aeda366f45259828e937db87832e521c47dfd9c080a02066ec08048ed

SHA512
a2d7b55e153fd75b69f7e18924b953df412e44aa96ae2f063eef5d6772bab3545c00161fe559710f9f90af8cf4fe5748579bb22bd817baf58c4ce26a5671ec61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
98c28ebd7d34587721d97f3859fcabed

SHA1
c046315517990b391a8de878152923a8cdddb863

SHA256
6619da024ec37e48588579f3ac80929813ad9dd0544f9f1abda9dcb1a90e48df

SHA512
2bc1044f608084862e3e7ba0b98f4afc588b0f472c7b9d52e506d63e3f65db5e6b81a5755319a056c7245a0fffe300098d0bcfb4c13dee4a0df764e681053c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
047e79b85a3399e5a0f15927bbe9751b

SHA1
74ac756eaecf0b9fcfd36dc9674891b07c167246

SHA256
ce62b4f5a746572bb78773f312a18de86e2c5f5abf0214c61feb3a4e3e423159

SHA512
ec39e7560425c687fd5ca03aee9c35d1181292e009ff9328df0e85799a1c93c3beca4da2178611278bb8593cc7403483299ffd80d398d5551cf504f5e042c31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb68c92b6ea124984eec89e17b2b2486

SHA1
5f316e3b42a11f4785af5be47f7c5e605c43ac22

SHA256
7e1bed4df5e00c9096d3c5e06d7f46918a63ecc4d9e9f7a02481503e2b4f808b

SHA512
d4979fb5cf63e7e95f0925dbc57e161ae219ad7f6d09db9dcc345b5b740467e8f486462804b0056e675be67b18acb8eba30a870f2c63832fe4a8dc5e7cf9516c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d19488f3c00f5a9d9786fa3792f24026

SHA1
aacbc7c509e557b1f22b39fad5847b2968620218

SHA256
4e6f675393506429b885c7923b9ce83e91d5dbd08cf57dbe20b31adbc6ca634b

SHA512
42aa1f107641da2a5ded10d9e3b33efde86d06a5b12a356e59272bbfd391de902ce19e1939583f3d1b4eb31651c07218926e695affdb1e8c6858bd630abfcd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67256cabea10f1425bf51543dcc6d97c

SHA1
4cdb8dfbfc2e999248740a3ef6e736409aaf964a

SHA256
41e2f0b4dfbf45609dcca35fb476d8378beeafad8f61accc07653c1afc5528db

SHA512
de76a956a7a60670758552c129a516b9e26a136098a288f1daea41cc4755c47eefc8c20f5ac1961cf25dcf7fffc451b6b0f1fdc40b4296c2ab2c92eeb53c8db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
52b60877bf7a56c142b2ff45d23c6202

SHA1
e0e7f28cab881f27299e5e2ae9669f2c73a8b606

SHA256
d6a78ca8b6b2a48966ec3cc6bb2e8132280d5f324743338398cd4d1abac04aef

SHA512
c9b3efb0b4e490b59c85e28ef22555f630fe82231c3dd8cec7d3e2217324c9d48c2a7efb0ff191a3d89dd49e47ff2f02b6351ea0babd91ef8200e38ae0dda0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e756ecea4789a0d95631762a466252b9

SHA1
c6264fc4e112e9e2736be0b8b51dff5b8f915dc0

SHA256
294afada14ccd07d2b43fec5f39e5a29ef5ad1f27603d3597a990bf78a7e0af1

SHA512
4dd428376282e9c692f1bf9bc4d692c399483f68b601face66132e243ed1efed05a69cbd489fdd9bc81adee1c05a32babbde8f7b2973d2565cf6147ecb155855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f97a6b427b11151ec5733011a962cc98

SHA1
58b1771aea4487cd86332462f2ebe8185a93e9bb

SHA256
b1d3d01b95bdd820d1984d4014decf6ce94f39ad9669bdbd970a77016fb41988

SHA512
8eb2723183ecbdd81e1c730f402750aa9ae191d8fdfa7b7bd6bc8eb7166ed55830c695780a0727e339d7646c275aeaded417ecd0fa431b85ac0c647b9bff5031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d01cf4d05b8f929c10cc584bb5c4ad6

SHA1
93c77ba9fdf56ea10de206b36a61472a1d8a0823

SHA256
d564b5c007ca5a6f6362f10e7141d719d9b5be03df8ac9b6a201dd77be020da3

SHA512
abca69ad33cb415638cd46147e3b8705a05cf54d117b3f61446094dbebf3b70b7092676f60d377412293ce73fe4ba1fe4a33f854439d6fee25dbe3b57d26cffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
88af0d3ffff92df6d07b23de920480f4

SHA1
2390de32cb40927d0477ea71723ceb2910b04717

SHA256
6b5946cc169a79dc1a7781a90fe74f56e6f5ccb523ced4ee24cd16bd99705508

SHA512
45427fd05f20a43379796f5046c77ce5d76ecc8b7cfdcc3bd1b75f494bd35bfd3d2676a892c33de1b7a320b0058df5cbc5f531e72c4b3110394f439df08e2872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6411b21d9220f0c0bb15658148814a92

SHA1
3d9144c6dc855be6f25078813e7890028463bb19

SHA256
b754854cc320db03c49ce2730d9124fb9c60946d6ad228bd15a29ecfb9c0c80d

SHA512
2f4defeeee354b29a0ac51949d8418f1919d7e116e94eeb38df120aa1ab17befeea26efc40208e3d5e2b21959475952b783af43646b0cb66592351537341ec4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d91379eb39ac1f8de6bc12d7845c8ddc

SHA1
6a586a819eac33755b7dc3b876775d54367dae50

SHA256
bfdf4aeeb2f2e325bce0a6c56992278fce7936a970029954e9d9b65cce1c3ea1

SHA512
a7e26414e4b4b77da3770ff9aa9b780a1598728003ebc718a5a9d929dd132cf733a3b6419d891db598ed2a2513ef0b899f6baefcb53ef6ffbf3e95b8611e4dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
256KB

MD5
7368469776be0a09161e11002451d6f4

SHA1
1de9aea2f8d2acaff678d7c8360145f472fbed68

SHA256
9fd8e268dcc84a4c471db0d20c646980e1cfe3f3702433866c5ca0535ed1fdf8

SHA512
1314d7174e131c00050d07ad99c7e502beb7fdb65eb0671d50ec5e01e3aee860a777342cd9f1ed436ef518f56d3e2941a3eec7a3f55da01bcf8f2b3d8330addb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
7f00d2250062e1e6a6207f6f526b7960

SHA1
4f7120afb0a143eea31000ebf4f2147f325f8536

SHA256
a91369366e5e9775e1d9dc9ff2c06d2705acfc7197993759db1c89f8c9a02184

SHA512
ad5272dcdf65246b432b834c6a7ff062f9e7afc43f6366ff53d6653eab78a13f0d278cb9e066051e17bdc61b97114ff4ff99dbc27547cc9c1f595d1b17eb72ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
1ed9ea3a615f6d464d15e213cc53f075

SHA1
ac2ec42c90cc8e7f6b954e250ed19fe86ebdd977

SHA256
58c9ac5b08bae2d7cd9de95b09970c00cb367af82473022c00dcddd76c4d95cc

SHA512
b1a215ca5a667c0b053fcae919bdfd7d491e155cca8ac75b2449a6f866debdd8d78d6193a9cdeffee223cadc56ef2c3b2dcfaec3a4b878942590e2639fd47494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
acab11281eb534d7371b6dfeaaf1e2a1

SHA1
d32920e0d30ff4a1bdf34edbbf7768702b3240a7

SHA256
175c62a6850e779882ef69255f11c41afbe35790ada3e9d2754ad5f3366532b1

SHA512
064c0bf8015dce863e667d30b77064a5e9b6dd22b4536b90f3d9c57cc2e979bb53a335a55d3076b105ce40286ddbbb7bc1c9887c7909856a1048fdbb244e445e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HZQLIVA2\390ced5cbb910257428c882ed25a3ea4[1].png

Filesize
35KB

MD5
efddf7dcf7f1af389f4e234e0513380a

SHA1
83b6a13d8e18a10e702dbba70f39bf23349c1e7c

SHA256
2b1fa09781a2d94871162606ef5566e9ebf31e594504c3a901c107233c37c0a3

SHA512
8802effbbaee33f558f03bdb44b4d53ea012501f0235324d6090162574d5f721e392471118ed4c0351c6cb9eb53dd713db4edf0aee40d3c9b4c01a6e8528c48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AtomicProxy.exe

Filesize
9KB

MD5
3fcd6c5462874cacf05c0eacba3efa6c

SHA1
75b55aa7405d2231045c379b12dbe9479dc59504

SHA256
a66361d55c121289dca2800b939277f52d4ffd74b11f741654a2b073f34872bf

SHA512
a12a249ef2abcdffd731fbd9326a5511b7f34bfeb0e8c6bb97391dc2d78e15bdc3a4b7dd4485562ddeeecc5833248e5e5857972207e33edb59cad560dac6ca42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Atomic.exe

Filesize
150KB

MD5
03b6aa6303e7dd5baaedf675fb81317c

SHA1
805c893803985574534d5fd21ec1c94b8a812385

SHA256
ccde6a4f3af0615e8ba82fc7a0c369a5e0db4769375b50a59bd01ba548dff24e

SHA512
af2812738e2a768af5f266be6971ebe5469101bcb496474ccb230ec12f412f8e48ff79aca695ca7ad83aa18312433689b27440a9a2374c4cfafffb82c0e38bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\CommunityToolkit.Mvvm.dll

Filesize
114KB

MD5
7ac2b027eb351ca135449e24e94b1d11

SHA1
c3cdb35de3112e54dfb20647b454036aadf020cc

SHA256
9084d77034a588f44f065f36cbf966bf8e8c47e92721a985e4999135b70a3b5f

SHA512
aca29671061f19f38a38d9d6cabcf657166d5224e516bffc5404ed9c21e279b55a54f07fce47529e2a54cee3585798b14aa148e4c21cfd2577fabb9941a99100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\DiscordRPC.dll

Filesize
82KB

MD5
a1a4002c481e5828c9bae4b0e982bfeb

SHA1
420708b18a503b398eca8a4edf2ce203fe26a620

SHA256
63ff1146555876002518d6a77092a553151c9d1b749dec37a6b80e5233d2db66

SHA512
30573b33aa38ff910baf0fd33c701a8f5e58cb093f010e2fc321f3c6203c75609f1585e34118d1a9db3b4beba7b2f82d8303bdda76e2fdc48c087d3b8498f778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.Abstractions.dll

Filesize
28KB

MD5
5edcf3dccef856711d35e0afdbdf6d0c

SHA1
fefe0a4870d36814a45f8e9c63530f1963cd6c0c

SHA256
893f042b8bea61e3e56091ee6167af61bc38a39d35cb1d0f9b222aae4493146a

SHA512
de9b23363d5fa78b45c96295713e392d24fa8b0d5a78cf6d2a2a8d04a071fed4f52f4b3559e36c829cdbfcb318c2a81b0df3cc3d46eea766c88afe5f16de5718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.Binder.dll

Filesize
41KB

MD5
d41951bdad8d83b9390fc92547d23e78

SHA1
3dc5a3dca8e4fb332da12d589d1c02c5eae9c271

SHA256
f98b9f2ddf18eb91abca271ee6c01bfbe13457bf5a9e4183a2c797b49d242e93

SHA512
70489e7600a12dc2c7583f797a5a1109525b85fe196ff9c2535a05aa55641012555d0864631d5a613eae06593ebeb98ba6b13a9b03568e50e2978de9698b4599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.CommandLine.dll

Filesize
24KB

MD5
7cb6f1a3b905d9368cf709312e2b1c7b

SHA1
a146422c835dfa329787379fa6220976071737ac

SHA256
3f19e2d4e5cf55e638e3ce004cd76969239aad0b9c26810f7c30f836de56700b

SHA512
acb16be04830090d2f66c5d309f2e00b013ba297a9eb079594f46e7cb9554a8447b7722a563f9c64a0cda71fc50d6c1bbd837103ced95478cadd949f6d506227

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.EnvironmentVariables.dll

Filesize
21KB

MD5
7e850f02e1f8568dd99c416cae20321f

SHA1
e5981dc4199f1b03e2d9a69c0c035e25bacaed4e

SHA256
e4df59c4cc9f011e19acceb60d1072659cd23780646cc1fce32c74fe62d635c9

SHA512
c7ad12548a53acf82c6511f960454c04e295565859e197be863e671d19041dc510e5433fb0e4d53d7b28ce344ce673e3c3821b734e9967ee9f10bd7d92153bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.FileExtensions.dll

Filesize
27KB

MD5
4a64ad42d976dd0d7a2978293f0d3af2

SHA1
781578f91fd34b51a635e2a2456bd4eecb2b53f9

SHA256
88d03448574da6e677994939beb887a43c23fdb060f135d9f07db4152c9fcae8

SHA512
86fa6cda93373e2c85d2b8452834154b88b7c1a968366fad62324cf42ea775b81371ff2ffaa7a28fdc45b8413da4bbfe4330a05b8474ad935ca1d630e099c7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.Json.dll

Filesize
27KB

MD5
4a16bbc52e03301291d0b460f89ec3ce

SHA1
c4130184ca592ea7875ffc7b0c9e4a9bc1ccc136

SHA256
02add20d0f0583a04d47baf02c3b32284cfd25903a78742dc15ee41f9022750b

SHA512
587ba999e1720b347277ce22a4339f852f48478d7d456aefe272d94749d008dfdd96471bfe70382dc32aa452ee887d8a2802fb1a97e9cfab2aa1d89722b1bec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.UserSecrets.dll

Filesize
25KB

MD5
7f02f7738b71e561a29dd27ba2055b82

SHA1
771c6bc540f7d2165c237233639ed85a4a8fd542

SHA256
f9cfc0338a9b66371054184e40f34ec0c1289fc96e3ed484973b1a792e049fc2

SHA512
8246912a1724062addbe40ed9fcef4bc03b34053c8d26fe37609fa24bd5a9841eefcd2c5baedd010179727582515665d01a4ef5b779991ef185138a813e5fa39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Configuration.dll

Filesize
40KB

MD5
991ee31ef4e5138a558b096249c65e1c

SHA1
3d89f910e18773882c34f8e86c4ed0bdfe49c420

SHA256
c301bfcd6a6a2baafd81425be273c7f29afe726ed6b6bed54202aa7376860b2d

SHA512
b11618ef12f725259173b1e4ad776f44b5d4530209af62289798d4fba9f307976c61bd5a5c2762d262b513690a406e43b1bdf55507d42c2b04a6d41e29c1a9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.DependencyInjection.Abstractions.dll

Filesize
44KB

MD5
6c8655836651933ffa4c253b5fa72939

SHA1
b75730d6c1ef5e0ca6d7f7a1a5ee540aee940836

SHA256
087813b2f9350b8c2d31e5bc9a5410fab198fadac87bb1269f41de6e6ad7ee62

SHA512
afb2a83b58eab2eb00116ad790110884d53391e6a88cca3fa7bb8bf8837257db1aebe07af63417a23e4f37aae9dd217a2b4a58a8f25528c7559ef31582babe42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.DependencyInjection.dll

Filesize
83KB

MD5
d73fb559b01aca341a7750ddf3f6d6eb

SHA1
5f62514899132aed440854e599b742683bcea1d5

SHA256
f8fe8bedbedefe0fab7e68c48f508d486b42258e16c09572886d7293507bdad6

SHA512
65ce8faeb54f2f25af62deab7a0c0ccf5efa9cec5cbd7049f34608dcae4b2a6ac04026c6889e619527b8b65cb194fc98e01861fca7e740904ea12ff9932b3209

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.FileProviders.Abstractions.dll

Filesize
23KB

MD5
18bdbcd81e202d50fa251034ee531f47

SHA1
555dc7e687f53dc572d770ce173f3eaf2eb59d1b

SHA256
dfe3b756a0f39c2f67d8aa3dfdd66731da39f2e7f0ad67db06e8ca767f43cf30

SHA512
311a85ee2f5c91c979f1d3cafcf172599d5211c2324722806919486363c341bf790caaf4f31e6da9f12bba45f60b3e73064b78fe154d3ff2f4357183a92cd230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.FileProviders.Physical.dll

Filesize
44KB

MD5
6d658999a4b887297d190056d0790eb1

SHA1
ddd29180cc76d436d1bda57c2649b5baf57ca9f8

SHA256
8d9fb59cc6e16e74c51cdf6cd7595c31234139378dcce1e12400db22b7d6ec22

SHA512
624cfb63a32495f30284fd33bb6652f5b3bb5a1b651b2ed2f04905f308b92f22a7ce675ce8a81c293c745904c46501f0290f1bff30b72ce2d411af4f78403989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.FileSystemGlobbing.dll

Filesize
46KB

MD5
4aaa5041bcbbd5e6ac621e7c9699fe9f

SHA1
75721c9ee70cc2010b3ded83318641624d19a725

SHA256
eb04945d8de802dedef7c75c61c0939c8041f62c48125a906c55e9671c610e85

SHA512
29ffa5ebe6ca6d8548755275a5162501e56f84cf47b71552b4df30a2ba3b2006f37f661995b8cc1f29fcc2a4cb6f74d203828f87bdb0e981807b919867215e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Hosting.Abstractions.dll

Filesize
33KB

MD5
1ec99b8661d3b197c76103aa9532c8a3

SHA1
98182c9f50aecf922a1cea2ecaa9bf9033d793b1

SHA256
42fcb2974c24e42cda05c9744c8aaed9f68c344bdf8a64b9343aba980f374caf

SHA512
37facb164b5dba8406f4dc1090f5f906ad35f62ea3cd184ecc6847820aa3799a6f91a83db3fa747c616fbde99184fdd249efd33cef5d97839d01a5044a4d788d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Hosting.dll

Filesize
65KB

MD5
6bc2b764dbed0715c382f5a2231abb30

SHA1
f62476822ad8e0dbda6856c511fcb21f0c79c02e

SHA256
1c1e90c8974a95a28d8f2ba9041fc205c968a499e915deb00f9457d5c6b5c11c

SHA512
70385d93f1676a88535ee7dc5e0adbd847d80390b6604cd2873dd937e9fb9060b148c7671c57ebdc69a8721f93bbd6b0c456147ae0bbcad7029cd66191006d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.Abstractions.dll

Filesize
62KB

MD5
5127ddc4377a4fec97eac8e991477d00

SHA1
eb1c84da67d382390397e30fe801a38944bcf48c

SHA256
b4bf70c7e2aa5ea0090e13817b895339259cc435dd16d8bd32ce4ebd85de4a3c

SHA512
86904ac640009cd7f11c1694e3ccb96f482cabb7a098498e9a76f84fb87060b01c6e7d1f73cd8451f031dd4a88dd802b715c337d58fb47b1f1cebabe4dc735a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.Configuration.dll

Filesize
27KB

MD5
d42b6103f2b52f18a5546fc00739c47a

SHA1
d01952845951070511169a66b0d077f456ca119b

SHA256
90a8b6846771ab397033a38a32bd0834c2655439b3d58a9e1089b8aa3afad705

SHA512
900c693cb41b9f92af60c8e97fb2cab32ea4e45bdc47f3ef2e708132f7aa46cbe3427d23bbb8c4d7f1e1be1656ef5935104b93b08324165e36cec743a7cb674a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.Console.dll

Filesize
58KB

MD5
cbaa927e4a480e065a9c92b11a8e6d31

SHA1
98d57808e54523ec487c0e47dce5bbc5f630c9da

SHA256
7e7c49147efaca9b5482ea65e9d2dbd41dcda43e380cb5b512a1d085cd98b6c6

SHA512
5ba8a05bf4942149fe3d65dcf910b37ec28ef717bdab94c3cb5470dd37ae88f4edacefba1438654bb2775688e3edffdfa8b56bdd9e4fefc01d0ef1009e55f804

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.Debug.dll

Filesize
20KB

MD5
014d6876cc322a90e34e89dfcd4d574c

SHA1
7bf604af2fe1412f400d6b6323b2098df44052f2

SHA256
3414477fb1b8b5bcb6f1439f868fe99b2ca0dab40dcf8b1e65cf97f2f698fa14

SHA512
677f19c83779def1c36023ce5442b5d9292c99f67a2db26316bcaa857cb71917365045b1e8b4b3cbebc8a16c376c8337b9f346c9d1e5293f7176a94c4c440732

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.EventLog.dll

Filesize
25KB

MD5
d9707e34bf8556adeb8fc92fa823b5f7

SHA1
e2140a0a15a650a366c16d44e8a831f35ac1b4d9

SHA256
b346dcab4242055cb6fee52451c051e47b47988d4708abca4f134df5c339232a

SHA512
ec7ef660d5c358f06e615e8ae86773b3317638b721cd2d6d1f06f4183827fcacc65f0978d12640f5d30edf7e104843ebba79dd13a4a10e5f3818a3bed270cc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.EventSource.dll

Filesize
34KB

MD5
84de86beda49b7c390ea24a41d5d476a

SHA1
fa7eb64778ca2082adcfb02e08b97447c5c40621

SHA256
9f7cc1120ff91343d600f371ddaf4933601ffa9636445048f96432e1ccc32515

SHA512
0700d19b8a9f630978a1bd98b4b57c9a64bd335b7ad57721bc5326db6e10768d5d4827b4c2ccdd5835a13632b3f3744dc1de72b0bda42d9542e8156d56ec2cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Logging.dll

Filesize
47KB

MD5
3f6480b7c509fc21aaf73c32b9ff7aa8

SHA1
c623ba7aaf28dfe6b54fc0ad43c6eba912c6b336

SHA256
6833a9076b9a4bb4195c87cdac7ccf4b99b86d1fc848a08e074d668d1e03530e

SHA512
d8ce36217497231facaa58fd66c560de785521c86b04233de20d7d25446c74d9d75504d24f5f691058773cba62381ffa2eb66f2254caeca3287d883888e80586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Options.ConfigurationExtensions.dll

Filesize
23KB

MD5
cfe09d5db428f456541ba4caa6888b66

SHA1
d52da1aa9b011f1206ee6440e2a2a245c8b76118

SHA256
3c227ac499857cc556a02feaa843f2a711521cb324290a6a2b230227e42db48c

SHA512
df398f1c2bc2c5cef5934636eaf55179214ad70fbb7008c40bfa0bb8aad742e29d44727cd0f0e7f46ab2fbf2a0d01bc2368c522fb157719923d3231c758f72c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Options.dll

Filesize
60KB

MD5
fabbad7e03b813ee84732f720501e457

SHA1
13558249cc6d53454f0e0279f855b25929793628

SHA256
3d1868b20095d34cec3f762619b3663376562466e5067f9b8025ca20a492cf76

SHA512
684e6b6e3b49b2c089a8b9811d43df5eb7363a7dbd3a5164b85971b8cc1a9095a495242c45868a20259acbb7f0dd2dbc9f46e9284a4f5c4a0826c59f841b6544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Microsoft.Extensions.Primitives.dll

Filesize
41KB

MD5
3ba07a6760be077504734e9c0be0cce3

SHA1
a51acea6a9183d6c73dcedb5b0536f2a5efd5f43

SHA256
8578454489a439d5debd8a8ca9844b3b38076563eaf195cc5ed4bd27a8c54ea3

SHA512
1e3ab31b03826f634271246505f72fa4cd16eb0e23ca71bca1eb5a398a3229df6bfe87eb1b6a30ea2e0379e33d1f2af951f178f950c0a520b07740ab11c8b0ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Newtonsoft.Json.dll

Filesize
679KB

MD5
916d32b899f1bc23b209648d007b99fd

SHA1
e3673d05d46f29e68241d4536bddf18cdd0a913d

SHA256
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661

SHA512
60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\RestSharp.dll

Filesize
186KB

MD5
74f7189e0d8462b4766ceda305b5e6a8

SHA1
27bc0b6410917ddd63b3a61230e61ee56b85886f

SHA256
44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640

SHA512
22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\System.Diagnostics.DiagnosticSource.dll

Filesize
146KB

MD5
fbe4619a670361040f56b7c70f2a237a

SHA1
d4dfc8e03ebbdd097f0a190c9d688037dd756bcd

SHA256
bfdc357ea5088a265da201aa6492f6fd04f1a94c68db90cee965d1318cb5745f

SHA512
7e30e2b3254973e6b59c1411329ad7e71746252662d4fec33b1bf8b92aabaaac8e40ad57d464b353c2a488427ff131e52e56f41b3336aaf8093495761f25aa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\System.Text.Json.dll

Filesize
530KB

MD5
b7bcb19ea0110c433799412df9ab7c8a

SHA1
0c39979d5a017e7c46169cc9fbfdda4448c33fb5

SHA256
a6cb476d20369516d882fdd0f318a7fe9eb694c166dc9f2089e99b4c27f17ac7

SHA512
234522a56fc47894a8f63a467f7fb7c44285ea490296bfef893d1ae1533571f312a8bc5e9d586f19e5126c87f23e7bbc993dc04347f996f3a7fd0f19cdd874b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\Wpf.Ui.dll

Filesize
4.2MB

MD5
d79295df5ac5f149ec2d9cbb70dc3780

SHA1
b975dd660e9b2af11c70d2b5065891deaea24857

SHA256
38b8ccc856250c375d1425508479f56210d0b354025dcecce19dfa5610ba0261

SHA512
ae59fcd4ca2b2499626aebf35f77c46e3c958c66f74c439af4991d3805909f50c6dcaa0cf5bebba976c502d56eb561c6c1509a4bd0a1a4d12d7da50cc45a80fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\nuclear.deps.json

Filesize
35KB

MD5
8250ca8691b56617d1f276f33afb8a93

SHA1
532c6d982335dec13bfb6dcadad3bc6d18d5ced9

SHA256
7cb45a0c4d3820a74cc03e4f7d79687080ab630d3d34125e6acf1e46cd302cfc

SHA512
df63a90003267e647fde0f41930cd592c121e597c33a799dd0e3421cb4dfb570fcd361ffcb84b7ea1b9d75c946472e481ec0a7617d919fde9e525aa92804b2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\nuclear.dll

Filesize
1.1MB

MD5
0d1adf6735e5c6ce072b2b4f0346c254

SHA1
5f6f573740b7b64d7fbfd7747439cafd381cfbcd

SHA256
bc1624995d31a13600a18894dc177f27e10684ae9cabdcdc220ecb1173e408a8

SHA512
4e0d6ff5a32d4f41c641b738dc184ec8b0454e1ad7ee3eb52b4709bc2ee1e9f7b04c2578b7d346705c9256fa57658abd5fb1033a97c5634807b9e40051e5cbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\nuclear.dll.config

Filesize
2KB

MD5
aae973ae8f673132ba4a6cffd35a706a

SHA1
fde16cbe3a9f0a01987a1e7adb11be87bf5655b5

SHA256
3e0757922ee16d95c882f2feb966900a25625831ac372b3015318a82dedb0db1

SHA512
14f0b26abdedcb12a7a58ba456786c763aac14415b318e80391251cb444e0f7f74c4dd9f85ae800684ac01b1e5d83acfb3d2ac6b46dce55805f394862efd2ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\nuclear.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Atomic\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll

Filesize
139KB

MD5
62c63c04c6083330d020cf855c85002c

SHA1
abfd4f92b132ac47e9b049545be242f86f9a389e

SHA256
fac816ca0bd5d9c4a17693b37575a5aba901d993133b61d7344b597472fa0c26

SHA512
afa4870e91b5528001b6a4019b068aacfcaa8040bb492c12b1dca9b0cd236d847b376d77b6222875eefe0ca377babaa541bfbb19f0165fc305775c36134a79a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\discordauth.json

Filesize
178B

MD5
5022d1e1bdc6600e258e01c37ee55ee3

SHA1
2607c8e862ca05bde58e42308d133d9962e7ba71

SHA256
d1be01e85578758f03abeeaa24ca12063c22e526b714492811416655d3044f8d

SHA512
67b425727df4e94ca5e8f2ab930a8d40980a1cff090c07c9fa8cc7916e3047010c5b6601e4e3cf74b87de9e5c0cd64e81a3a932e83b6181f356e4c71ccfc67cb

Download Submit
C:\Users\Admin\AppData\Local\nuclear\nuclear_Url_bhxwvfgylukrlfkkesisvnojz4cfuqh4\1.0.0.0\4h4lhwh1.newcfg

Filesize
671B

MD5
bfbebc14d1b0a449764b7eb4ab91d9ea

SHA1
f0953dfa7fc2e02884ee3ac880656882fdc01e8e

SHA256
293104f7dd02eb371f0b9cf22cff43435d757d6de3a7bb759ad8a6092ded02d5

SHA512
1e39ca1b689105b18b808c6f95a24e52daffc5b9da262049aacff2393d69aece836689e532876101298928909e7c2b601f47b778f2f42899960df49763ec32a8

Download Submit
C:\Users\Admin\AppData\Local\nuclear\nuclear_Url_bhxwvfgylukrlfkkesisvnojz4cfuqh4\1.0.0.0\user.config

Filesize
539B

MD5
89bde10b5133d126903627bc1dcb883f

SHA1
8b8ac1fd5c7635bd2143ac1b6307f0ae8b6f7f1b

SHA256
27a91b8f6609cdf8065697d2bf7ce67ce9beec14538cf1d2ed50ec36b616bfc1

SHA512
0f474f65a678a88e28c3c436374aeeedfeb5fbbe5fa9b662fa109ac42c70857dcb6c0ccb9082d3ecc8f6d04d6393d12d86dfd7f35565cd735c054274f04ec1c0

Download Submit
memory/2020-743-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-741-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-747-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-746-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-735-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-737-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-736-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-745-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-744-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/2020-742-0x0000021F060B0000-0x0000021F060B1000-memory.dmp

Filesize
4KB

Download
memory/3068-777-0x0000000074510000-0x0000000074CC0000-memory.dmp

Filesize
7.7MB

Download
memory/3068-778-0x0000000074510000-0x0000000074CC0000-memory.dmp

Filesize
7.7MB

Download
memory/3744-774-0x00000000004D0000-0x00000000004D8000-memory.dmp

Filesize
32KB

Download
memory/3744-775-0x0000000074510000-0x0000000074CC0000-memory.dmp

Filesize
7.7MB

Download
memory/3744-776-0x0000000004E20000-0x0000000004E8E000-memory.dmp

Filesize
440KB

Download
memory/3744-780-0x0000000074510000-0x0000000074CC0000-memory.dmp

Filesize
7.7MB

Download
memory/3984-492-0x00007FFAB2C40000-0x00007FFAB313E000-memory.dmp

Filesize
5.0MB

Download
memory/3984-614-0x00007FFAB2C40000-0x00007FFAB313E000-memory.dmp

Filesize
5.0MB

Download
memory/4020-0-0x00007FFAB2C40000-0x00007FFAB313E000-memory.dmp

Filesize
5.0MB

Download
memory/4020-495-0x00007FFAB2C40000-0x00007FFAB313E000-memory.dmp

Filesize
5.0MB

Download
memory/4020-38-0x00007FFAB2C40000-0x00007FFAB313E000-memory.dmp

Filesize
5.0MB

Download