hxxps://gofile[.]io/d/r6dFxZ

Analysis

max time kernel
95s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/r6dFxZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Atlantis.exe

pid process

4816 Atlantis.exe
Loads dropped DLL 5 IoCs

Processes:

Atlantis.exe

pid process

4816 Atlantis.exe
4816 Atlantis.exe
4816 Atlantis.exe
4816 Atlantis.exe
4816 Atlantis.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Atlantis.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Atlantis.exe

pid	process
4816	Atlantis.exe

pid	process
4816	Atlantis.exe
4816	Atlantis.exe
4816	Atlantis.exe
4816	Atlantis.exe
4816	Atlantis.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

4808 msedge.exe
4808 msedge.exe
3088 msedge.exe
3088 msedge.exe
1628 identity_helper.exe
1628 identity_helper.exe
4560 msedge.exe
4560 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4332 OpenWith.exe

pid	process
4808	msedge.exe
4808	msedge.exe
3088	msedge.exe
3088	msedge.exe
1628	identity_helper.exe
1628	identity_helper.exe
4560	msedge.exe
4560	msedge.exe

pid	process
4332	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	process
Token: SeRestorePrivilege	4900	7zG.exe
Token: 35	4900	7zG.exe
Token: SeSecurityPrivilege	4900	7zG.exe
Token: SeSecurityPrivilege	4900	7zG.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

msedge.exe7zG.exeAtlantis.exe

pid	process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4900	7zG.exe
4816	Atlantis.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exe

pid process

4332 OpenWith.exe
4332 OpenWith.exe
4332 OpenWith.exe

pid	process
4332	OpenWith.exe
4332	OpenWith.exe
4332	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3088 wrote to memory of 3592	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3592	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 3108	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4808	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4808	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe
PID 3088 wrote to memory of 4804	3088	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/r6dFxZ
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff6e146f8,0x7ffff6e14708,0x7ffff6e14718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,13903148703322410949,18200106346355103078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4312

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -ad -an -ai#7zMap15889:76:7zEvent18424
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4900

C:\Users\Admin\Downloads\Release\Release\Atlantis.exe
"C:\Users\Admin\Downloads\Release\Release\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3071eb8181fe3e985cd5e87aee7ab208

SHA1
986e1a34b0b78e8edd5c0a3ded1a8951fa35798d

SHA256
935d6ff420144e093160ee09ebc91762104ed2d002e1c06312fa88b33f3aeb20

SHA512
91541201c7e48a00095e9c2c5c9b7d1edd52552d887f4b3cf675bc85dcea3e02e87528ad8723446f47c5284b5f543fab588e0d0ce28a41d77078325f6d8b6f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
863B

MD5
4b94d78e71af0d9335ce669332678495

SHA1
d813473d3891a7c318f844a8eaea0e3a1050ca91

SHA256
d94a751fb1c7e10cdd4dec4ad1ecd7aaf7ad13e942b1ed4535753f3dcabe1310

SHA512
c298c970a915b99a4ffc523f3e2b28f7593da69f276a0b875eb6c3670d7558fdf63da09e760b6e385d6e72589ef4a6d9946715b7453a22891f97558ddd1a92fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dd3458c4b7f6d2062cdc5d55144f6df

SHA1
2bc989bc210caf1b4155a62451eb71ce43014bd1

SHA256
c207bd628db1fa5e1aa840aa154d950c06013cb6d98e9d531b79770ae8fe5129

SHA512
f598d22221ff4597bb694d7edc1ed2da0f56f723b677ae05a894be9297d2565404f970ebd8f804ae86f54ccdb83b503139e906f3cf5893852b9af0e5e85e6dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5c10ade4ce011d1519968a8afcf629a

SHA1
b95b6d5e7adb98e27b03b268b6b86bcaedab0757

SHA256
e5f92a3aa6823eb405c9cfa1fae3a22176b2c034fccf9aa6469ad097b7a64bbc

SHA512
176dad57c44f7315079a54544936c43c8e554efbf8d44f6df1bd7456bd3bc84b96869bc073bdd433311239fee86bf5f715b5a51b9a4f1551548a1d3e09d9253c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc7453401f3016cac8089a894e2e56dc

SHA1
b0ca3ee753a293a8d1936dfbf86933ee6e65a622

SHA256
1b3f5e06255d9bb0a917ff6b8e9b94029714a423a7995758801dfffee2acd441

SHA512
d3746ae61cfba2c5171a2214eea63454447acf400e3b8b116c61b6e7cf374abd8de91d63fe4348eb1c8cf749a39a9f148bfb039d3d467a1a5d61425eee5296c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af4f78eb16c0572d32aab6be0508ffbc

SHA1
2a24b71c3ba5028e6cc42a195859b85403aa7d35

SHA256
309049b49997f9cd95edd4d4c4e17fc9b628e1816d3e5c079a9d879aeaea43b5

SHA512
74bf33e8d72e5846326994d24df943d86c4fb2e7505bb79c1024194574ccc10201f3a7a0799fecaf4e19347eb8dd77ad69ec785aa181a15680b5d6cf20126f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3cc74617c784012703a49f82832a5feb

SHA1
496a4c07dbb3eccc48ffe85cd9c07804432d51ac

SHA256
19cd7c2ba606d62306ce3fe0916073bf3dc9575b35c2ece50d1165af650eecaf

SHA512
1f3a5df966b7c36d905c4e7e324a5ece1f6e6721a2519e00c746ce9159b61ac52a93df195106dd7a3a614c5cb3304f5a46a59ba7a657d364e1631c38a8548f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8273c11e19a827240ce27627f2a4bc90

SHA1
1cb346008f2dc9f0f970e92840b27dc7736a2112

SHA256
8685ecbc15ce33bfdee09fd8c0abada2fe4b42004d492718027c4f87c96a468c

SHA512
5be463d610e71902674d081ae3bcc71ead0e594c449dd1fae2b7060d71db4aefb17208d2f6f5acdb67f97099bd7ab50dc7d7bd53f048db3ee2bc6ec35ed44bad

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe

Filesize
11.3MB

MD5
5961654e85bfaba8a9ecf3bf2bee24a9

SHA1
bbdd2ae25b31aed0e8b219d014be1faf01531ac0

SHA256
62bb9df5b11f8f8bc9f82e6e3721f3f668f99735f3eb1fb469e79ce4d9789b26

SHA512
b66541da4c915978ecf6cb2c1756414c2d6767b27871c64c7a7b916e2630ca0acc6878a2047cfc8fd0028bb9fcdefb288215568acc7020f40091a21b9c275295

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
76e89acc92b39d563144cad49075573f

SHA1
55694a78ddf706a28956f60458251287d923ba4c

SHA256
3ad7e01d40605709a39e940a455c89ebbdaf8d1e038e22bf6da27660525e3a49

SHA512
3a578e7657b0cc8b304b0e76553b7928192c933e3b616e99a4dff56c96af69513065c3f80057e88ab3030e25f1c367efe7e882f9a29aeb468dfbfc58cec8e911

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\Release\Release\Atlantis.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Downloads\Release\Release\Microsoft.Web.WebView2.Core.dll

Filesize
581KB

MD5
3d9465d5161ac2ab5a83265935514349

SHA1
5d40047faf2a166e6c25f106c244b5826bd0aad9

SHA256
24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e

SHA512
8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d

Download Submit
C:\Users\Admin\Downloads\Release\Release\Microsoft.Web.WebView2.Wpf.dll

Filesize
81KB

MD5
820de4634735b6d2d9842189cfe71ebf

SHA1
39c1259d9b4cebaaa7a684c6da10d52ad017bd53

SHA256
42e4818adbbef44833dec2c2fcca7b456581f391ba800a834a72c9e5d2dd008a

SHA512
35954de8c6faf311b6118aaf4fa0af9da05de9549a0e5b143ce19586a3826c8daf5f63bc7526a6110700499a8aa0036d8ef7a463dfe3831748dfea4a6da822ce

Download Submit
C:\Users\Admin\Downloads\Release\Release\runtimes\win-x86\native\WebView2Loader.dll

Filesize
113KB

MD5
a362185b50f302563ef03ee1cbf68fd2

SHA1
2c68639cb53fc995d38ba632e77b6a2abf2c7f51

SHA256
cd5bd9cf068c312ecc6ce09e1c413b68ba12393581ae3869daef6b22f70a0cd6

SHA512
16660e2f6e9d7b633256b00b7425ae6887080f776a83b28d2bf8af4e15988645dbaeea71df701d45c63a40d72e5565c1ba8e38ae3676a7503521867395166f4b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 869237.crdownload

Filesize
19.2MB

MD5
91091e51b6d67d7f20adc20403677671

SHA1
a3d0a4cf9ee3ca0302a36430117494ff22aa67d6

SHA256
4e49d441f723fe62674ac9a653e049873e286749f92c3fea4487dd7c9d93f61a

SHA512
feb38097cc28e22abb1a5e341a22194fb382e7cefc8c5fcc45b2060280c9b6502ab9c8c3f360f4884d389511d71a6eac7a0d23da96ce3129c9870235db1266f2

Download Submit
\??\pipe\LOCAL\crashpad_3088_ZXBFHPNYGSGGGZLI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4816-995-0x000000000A7F0000-0x000000000A828000-memory.dmp

Filesize
224KB

Download
memory/4816-1000-0x000000000B660000-0x000000000B678000-memory.dmp

Filesize
96KB

Download
memory/4816-1001-0x000000000B720000-0x000000000B7B2000-memory.dmp

Filesize
584KB

Download
memory/4816-1005-0x000000000B7C0000-0x000000000B856000-memory.dmp

Filesize
600KB

Download
memory/4816-996-0x000000000A7D0000-0x000000000A7DE000-memory.dmp

Filesize
56KB

Download
memory/4816-994-0x000000000A850000-0x000000000A858000-memory.dmp

Filesize
32KB

Download
memory/4816-993-0x0000000000970000-0x00000000014C6000-memory.dmp

Filesize
11.3MB

Download