hxxps://gofile[.]io/d/ZafpA5

Analysis

max time kernel
47s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/ZafpA5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

Atlantis.exeoRniz4vtL94l.exeoRniz4vtL94l.exe

pid process

2896 Atlantis.exe
1404 oRniz4vtL94l.exe
2504 oRniz4vtL94l.exe
Loads dropped DLL 5 IoCs

Processes:

Atlantis.exe

pid process

2896 Atlantis.exe
2896 Atlantis.exe
2896 Atlantis.exe
2896 Atlantis.exe
2896 Atlantis.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Atlantis.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Atlantis.exe

pid	process
2896	Atlantis.exe
1404	oRniz4vtL94l.exe
2504	oRniz4vtL94l.exe

pid	process
2896	Atlantis.exe
2896	Atlantis.exe
2896	Atlantis.exe
2896	Atlantis.exe
2896	Atlantis.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766675370575029"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exeoRniz4vtL94l.exeoRniz4vtL94l.exe

pid process

560 chrome.exe
560 chrome.exe
1404 oRniz4vtL94l.exe
1404 oRniz4vtL94l.exe
2504 oRniz4vtL94l.exe
2504 oRniz4vtL94l.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2100 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

560 chrome.exe
560 chrome.exe
560 chrome.exe
560 chrome.exe
560 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe

pid	process
2100	7zFM.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

Processes:

chrome.exe7zFM.exe7zFM.exe

description	pid	process
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeShutdownPrivilege	560	chrome.exe
Token: SeCreatePagefilePrivilege	560	chrome.exe
Token: SeRestorePrivilege	532	7zFM.exe
Token: 35	532	7zFM.exe
Token: SeSecurityPrivilege	532	7zFM.exe
Token: SeRestorePrivilege	2100	7zFM.exe
Token: 35	2100	7zFM.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

chrome.exe7zFM.exe7zFM.exe

pid	process
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
532	7zFM.exe
532	7zFM.exe
2100	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe
560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 560 wrote to memory of 4536	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 4536	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1620	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1468	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 1468	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe
PID 560 wrote to memory of 2764	560	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/ZafpA5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6b1bcc40,0x7ffb6b1bcc4c,0x7ffb6b1bcc58
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4000,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4352,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3280,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,754720396706629895,2385812111106819479,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:2540

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3152

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Release.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:532

C:\Users\Admin\Desktop\Release\Atlantis.exe
"C:\Users\Admin\Desktop\Release\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2896

C:\Users\Admin\Desktop\Release\bin\oRniz4vtL94l.exe
"C:\Users\Admin\Desktop\Release\bin\oRniz4vtL94l.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1404

C:\Users\Admin\Desktop\Release\bin\oRniz4vtL94l.exe
"C:\Users\Admin\Desktop\Release\bin\oRniz4vtL94l.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2504

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Release\bin\trk30S1JhnwG.dll"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3b0cd5ac9b521fde75eea0424fd9e7a9

SHA1
cc1d216b5310a8c6b41e5cbb7c10804c5b3e2ee3

SHA256
692a0822d6ec5825a5bc9213db93c7d2ede3bd452b9236571ba011a4c2ab13a5

SHA512
ff59bd95b91fe0174f9d9fd71235d99a8a07bc13703dfede5ff3a7ae9bd1d8948d188ad921afc5de92060d96abcd7ff16c97f54b0c34633959757fcc8e306855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d6c8a36764a0d4bfb03fb9b93103fe26

SHA1
ab505c9a5c833d3ad717356fc962469f9f0220e8

SHA256
5f2f91dc23aae2e56e58c8a2811a5c381eb74379295a41fb9e28988632dbbf66

SHA512
e2155bfeb60e4aeb54db6c80f16a930fd60b295465ef90989c9fd1594aa7b075e0e2580328a9f4a6f8102c9fd3ea58b99b1d6e3d9f0cf00df15e7b11a160fa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
96c8a8a639b3cc887fdfec31e7782d68

SHA1
5740f7d8bfa61714d8145e4d5ca7a0db4079c8f9

SHA256
f28667640afe71f9d568cecd74b985f21993e201a30dfdddf588122a280cfbc7

SHA512
2043ad0122757eb7faab95ae296c80db8781ae3fb7c83ea8c81e1a3ba0076abde24ee27ff27fea1d1b7ae309df16feeae298053a36db3c471385f5c4c7d3b414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
2d9de79b51c47e2718d63e8f9cb4d1be

SHA1
8c17d723c0dba688fae411512233c6cde3a01ea5

SHA256
03b14d29ea01ffb85e009246dc7c518d4e014ba8443aea16cf4304786d860761

SHA512
ff990caca239022fc94390d328df336c2bf7ea772ad87c8873ebabf34d34e18ef397cd78d650047c1e5e58892e92ff900204038df6f75f11851dbe58efa56920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2381e838f1d5cd2fe3814826a7e0342a

SHA1
a325221755bdd3e90ca3e06a6873c698decc7ad0

SHA256
c48c3e3d65da213e3479e6139735e024640eb1865fd92189fc495c63b82f0471

SHA512
23897a7adc2322a6ffd956460a0ad3aa79348061c8b5903ee62988f1bc1ae2579f80d3f705867d6b0b827d456f11dcb5a6f16eeaa38fa490bfb923237a71a4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
01b5ac0caba88efcca2fb975a5fb9db3

SHA1
c9b7ee2e99ce1fbf5d43240740f1c80ca26d91d5

SHA256
a02fa24227cfa4ff4a52c4b0246e35491da23bcee1b46c22482dd02a34f0513c

SHA512
4d4fca09bbc81fd5f8ef9ea7e6900d37ef9c29212c0947a9afd6c71619ef77a2727b5d22322347b0d38659817a3f72f51dd8e0a1a3e13f611f8e48e842667923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
601cbeef5711b6bc1a9d2c179de9250e

SHA1
bb260d78208ef418d03665815f8a7b1bee66a32f

SHA256
61a1f893b944a7014cf37da7d8e4cd057d7708eedacda1cb2dced81cb1a9e1c5

SHA512
5d3beb00260c5b51d05c4a08d5adbd938bbffc3d033200d77461972152903169f1856e0d9bd3beb260ab5d936f97bdd5822a60dcfb9e2e39d5ec4f81acdf4454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\Atlantis.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4120D608\Release\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\Desktop\Release\Atlantis.exe

Filesize
11.3MB

MD5
54e52e26d0fcde918064a2bbb22349f7

SHA1
dbdbbb5b56bd96b11fa2858e53cd54f20f2aabd2

SHA256
6468075f54f979aa46a54bc0616117c552d7a3e32f6dcb93b910647ff59e97a2

SHA512
c09308e75c1b7fcfe9931ba16c4eb1de6ae6e9fa0f3d982c2a303c9a5920a0193a04b8aef12b67ee11cf5750c5f040e297c6190411d5a75fca628835e1b03ee3

Download Submit
C:\Users\Admin\Desktop\Release\Atlantis.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Desktop\Release\Microsoft.Web.WebView2.Core.dll

Filesize
581KB

MD5
3d9465d5161ac2ab5a83265935514349

SHA1
5d40047faf2a166e6c25f106c244b5826bd0aad9

SHA256
24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e

SHA512
8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d

Download Submit
C:\Users\Admin\Desktop\Release\Microsoft.Web.WebView2.Wpf.dll

Filesize
81KB

MD5
820de4634735b6d2d9842189cfe71ebf

SHA1
39c1259d9b4cebaaa7a684c6da10d52ad017bd53

SHA256
42e4818adbbef44833dec2c2fcca7b456581f391ba800a834a72c9e5d2dd008a

SHA512
35954de8c6faf311b6118aaf4fa0af9da05de9549a0e5b143ce19586a3826c8daf5f63bc7526a6110700499a8aa0036d8ef7a463dfe3831748dfea4a6da822ce

Download Submit
C:\Users\Admin\Desktop\Release\bin\oRniz4vtL94l.exe

Filesize
5.5MB

MD5
cd619b48a24f37a95b3538a652a43169

SHA1
a3cf1a3659a8426837c2c2820fcf218286660ba2

SHA256
2889773b59c514f4fb6c106179729084c3897e9946e0ba344548edbe2f001dd4

SHA512
ef0b6451d9f39afcadbf99ff1576b7bf7a810cb6cbfa83b0a6a80cf0187623923690a08396d88ed3770f79a11924d91602c635d18b6922178b7df3c5eb9a5f91

Download Submit
C:\Users\Admin\Desktop\Release\bin\trk30S1JhnwG.dll

Filesize
2.4MB

MD5
edc9b41274367149401062c8b15e26de

SHA1
8a14e8257c948c0de09b5366fad584d32d8f1e9f

SHA256
2f697d261b1a5c21ddd8abf4205a9772aff17274851effcc61d601622c1d0a15

SHA512
e4203bd521a5d5048b9a2cb43b1c23fa273612286ad9bb6b3bd5e63958b9a90450e7982ca2acd90623df6a3d79a95d5f4f243aecdad8ad0ba70df7d239323aa4

Download Submit
C:\Users\Admin\Desktop\Release\runtimes\win-x86\native\WebView2Loader.dll

Filesize
113KB

MD5
a362185b50f302563ef03ee1cbf68fd2

SHA1
2c68639cb53fc995d38ba632e77b6a2abf2c7f51

SHA256
cd5bd9cf068c312ecc6ce09e1c413b68ba12393581ae3869daef6b22f70a0cd6

SHA512
16660e2f6e9d7b633256b00b7425ae6887080f776a83b28d2bf8af4e15988645dbaeea71df701d45c63a40d72e5565c1ba8e38ae3676a7503521867395166f4b

Download Submit
C:\Users\Admin\Downloads\Release.rar

Filesize
24.1MB

MD5
00163d7601fb2b3ced07a16d6efa1c7a

SHA1
d589bb88b280c77a7e3be490ba2e851aa7654d4d

SHA256
e17ca68d20ab7c58da54971e4e1f25b769966caddb3cd74bd37af2d59eb3f7af

SHA512
fe33a218808f46d15cd63d3723d286fdcee5c55413022738545655ea1d5f14287fd1e9cb0778bdf7599cb449f58441e287f370828e990018e833e64a720a157c

Download Submit
\??\pipe\crashpad_560_LCJOLERCLHZYMDPE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1404-1048-0x00007FFB79DB0000-0x00007FFB79DB2000-memory.dmp

Filesize
8KB

Download
memory/1404-1049-0x00007FF640300000-0x00007FF640C56000-memory.dmp

Filesize
9.3MB

Download
memory/2504-1055-0x00007FF640300000-0x00007FF640C56000-memory.dmp

Filesize
9.3MB

Download
memory/2896-1030-0x00000000009D0000-0x0000000001526000-memory.dmp

Filesize
11.3MB

Download
memory/2896-1042-0x000000000B840000-0x000000000B8D6000-memory.dmp

Filesize
600KB

Download
memory/2896-1038-0x000000000B7A0000-0x000000000B832000-memory.dmp

Filesize
584KB

Download
memory/2896-1037-0x000000000B6E0000-0x000000000B6F8000-memory.dmp

Filesize
96KB

Download
memory/2896-1033-0x000000000A850000-0x000000000A85E000-memory.dmp

Filesize
56KB

Download
memory/2896-1032-0x000000000A870000-0x000000000A8A8000-memory.dmp

Filesize
224KB

Download
memory/2896-1031-0x000000000A310000-0x000000000A318000-memory.dmp

Filesize
32KB

Download