8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
449s
max time network
451s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-11-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 8 IoCs

pid	Process
2448	7z2405-x64.exe
1180	7zG.exe
3584	Atlantis.exe
5512	oRniz4vtL94l.exe
2952	oRniz4vtL94l.exe
5608	oRniz4vtL94l.exe
5700	Atlantis.exe
5688	oRniz4vtL94l.exe

Loads dropped DLL 22 IoCs

pid	Process
2932	MsiExec.exe
2932	MsiExec.exe
2964	MsiExec.exe
2964	MsiExec.exe
2964	MsiExec.exe
2964	MsiExec.exe
2964	MsiExec.exe
4200	MsiExec.exe
4200	MsiExec.exe
4200	MsiExec.exe
2932	MsiExec.exe
1180	7zG.exe
3584	Atlantis.exe
3584	Atlantis.exe
3584	Atlantis.exe
3584	Atlantis.exe
3584	Atlantis.exe
5700	Atlantis.exe
5700	Atlantis.exe
5700	Atlantis.exe
5700	Atlantis.exe
5700	Atlantis.exe

Unexpected DNS network traffic destination 20 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
9	3660	msiexec.exe
10	3660	msiexec.exe
11	3660	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-install.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\examples\twitterfeed.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\example\table.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-install.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\gypd.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-audit.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\index.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\lib\provenance.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\dist\diff.min.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npmrc.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-owner.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\process-release.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-config.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\install.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_vcproj.py	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2405-x64.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\unique-filename\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fs.realpath\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-license\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\balanced-match\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\safer.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\yarnpkg	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\license.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\addon.gypi	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\exit-handler.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\hosted-git-info\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\debug\src\node.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ping.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\set-blocking\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\node-gyp.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-root.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\win_tool.py	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2405-x64.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\request.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\themes.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\p-map\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\delegations.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\signal-handling.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\did-you-mean.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSSettings_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\rollup.config.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\registry.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\large-numbers.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\testdata\media.gyp	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Error-pre-versions-of-node-cannot-be-installed.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\types.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\LICENSE	msiexec.exe

Drops file in Windows directory 25 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DFCA6B7B0E9271AD93.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF7B.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDFDB.tmp	msiexec.exe
File created	C:\Windows\Installer\e57aa8c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFDF2503812ACBB4ED.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB974.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e57aa88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAEFD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF9B.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE172.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD6CDA5277AA88CE2.TMP	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB4BC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB5A8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB963.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE91.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDED0.tmp	msiexec.exe
File created	C:\Windows\Installer\e57aa88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC4F846A6962ECBAC.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB5E7.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5236	5700	WerFault.exe	141

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2405-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 9 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2624	msedgewebview2.exe
4584	msedgewebview2.exe
5648	msedgewebview2.exe
5160	msedgewebview2.exe
1712	msedgewebview2.exe
2952	msedgewebview2.exe
5452	msedgewebview2.exe
6004	msedgewebview2.exe
5780	msedgewebview2.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2320	ipconfig.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 52 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Release (3).rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4484	Bootstrapper.exe
4484	Bootstrapper.exe
3660	msiexec.exe
3660	msiexec.exe
5444	msedgewebview2.exe
5444	msedgewebview2.exe
5160	msedgewebview2.exe
5160	msedgewebview2.exe
5512	oRniz4vtL94l.exe
5512	oRniz4vtL94l.exe
2952	oRniz4vtL94l.exe
2952	oRniz4vtL94l.exe
5608	oRniz4vtL94l.exe
5608	oRniz4vtL94l.exe
2624	msedgewebview2.exe
2624	msedgewebview2.exe
2624	msedgewebview2.exe
2624	msedgewebview2.exe
5688	oRniz4vtL94l.exe
5688	oRniz4vtL94l.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5204	msedgewebview2.exe
5204	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2356	WMIC.exe
Token: SeSecurityPrivilege	2356	WMIC.exe
Token: SeTakeOwnershipPrivilege	2356	WMIC.exe
Token: SeLoadDriverPrivilege	2356	WMIC.exe
Token: SeSystemProfilePrivilege	2356	WMIC.exe
Token: SeSystemtimePrivilege	2356	WMIC.exe
Token: SeProfSingleProcessPrivilege	2356	WMIC.exe
Token: SeIncBasePriorityPrivilege	2356	WMIC.exe
Token: SeCreatePagefilePrivilege	2356	WMIC.exe
Token: SeBackupPrivilege	2356	WMIC.exe
Token: SeRestorePrivilege	2356	WMIC.exe
Token: SeShutdownPrivilege	2356	WMIC.exe
Token: SeDebugPrivilege	2356	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2356	WMIC.exe
Token: SeRemoteShutdownPrivilege	2356	WMIC.exe
Token: SeUndockPrivilege	2356	WMIC.exe
Token: SeManageVolumePrivilege	2356	WMIC.exe
Token: 33	2356	WMIC.exe
Token: 34	2356	WMIC.exe
Token: 35	2356	WMIC.exe
Token: 36	2356	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2356	WMIC.exe
Token: SeSecurityPrivilege	2356	WMIC.exe
Token: SeTakeOwnershipPrivilege	2356	WMIC.exe
Token: SeLoadDriverPrivilege	2356	WMIC.exe
Token: SeSystemProfilePrivilege	2356	WMIC.exe
Token: SeSystemtimePrivilege	2356	WMIC.exe
Token: SeProfSingleProcessPrivilege	2356	WMIC.exe
Token: SeIncBasePriorityPrivilege	2356	WMIC.exe
Token: SeCreatePagefilePrivilege	2356	WMIC.exe
Token: SeBackupPrivilege	2356	WMIC.exe
Token: SeRestorePrivilege	2356	WMIC.exe
Token: SeShutdownPrivilege	2356	WMIC.exe
Token: SeDebugPrivilege	2356	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2356	WMIC.exe
Token: SeRemoteShutdownPrivilege	2356	WMIC.exe
Token: SeUndockPrivilege	2356	WMIC.exe
Token: SeManageVolumePrivilege	2356	WMIC.exe
Token: 33	2356	WMIC.exe
Token: 34	2356	WMIC.exe
Token: 35	2356	WMIC.exe
Token: 36	2356	WMIC.exe
Token: SeDebugPrivilege	4484	Bootstrapper.exe
Token: SeShutdownPrivilege	3356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3356	msiexec.exe
Token: SeSecurityPrivilege	3660	msiexec.exe
Token: SeCreateTokenPrivilege	3356	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3356	msiexec.exe
Token: SeLockMemoryPrivilege	3356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3356	msiexec.exe
Token: SeMachineAccountPrivilege	3356	msiexec.exe
Token: SeTcbPrivilege	3356	msiexec.exe
Token: SeSecurityPrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeLoadDriverPrivilege	3356	msiexec.exe
Token: SeSystemProfilePrivilege	3356	msiexec.exe
Token: SeSystemtimePrivilege	3356	msiexec.exe
Token: SeProfSingleProcessPrivilege	3356	msiexec.exe
Token: SeIncBasePriorityPrivilege	3356	msiexec.exe
Token: SeCreatePagefilePrivilege	3356	msiexec.exe
Token: SeCreatePermanentPrivilege	3356	msiexec.exe
Token: SeBackupPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeShutdownPrivilege	3356	msiexec.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
1180	7zG.exe
5204	msedgewebview2.exe
5204	msedgewebview2.exe
5204	msedgewebview2.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4748	firefox.exe
4748	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4812	OpenWith.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
2448	7z2405-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 1780	4484	Bootstrapper.exe	78
PID 4484 wrote to memory of 1780	4484	Bootstrapper.exe	78
PID 1780 wrote to memory of 2320	1780	cmd.exe	80
PID 1780 wrote to memory of 2320	1780	cmd.exe	80
PID 4484 wrote to memory of 4144	4484	Bootstrapper.exe	81
PID 4484 wrote to memory of 4144	4484	Bootstrapper.exe	81
PID 4144 wrote to memory of 2356	4144	cmd.exe	83
PID 4144 wrote to memory of 2356	4144	cmd.exe	83
PID 4484 wrote to memory of 3356	4484	Bootstrapper.exe	85
PID 4484 wrote to memory of 3356	4484	Bootstrapper.exe	85
PID 3660 wrote to memory of 2932	3660	msiexec.exe	89
PID 3660 wrote to memory of 2932	3660	msiexec.exe	89
PID 3660 wrote to memory of 2964	3660	msiexec.exe	90
PID 3660 wrote to memory of 2964	3660	msiexec.exe	90
PID 3660 wrote to memory of 2964	3660	msiexec.exe	90
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4364 wrote to memory of 4748	4364	firefox.exe	92
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93
PID 4748 wrote to memory of 1496	4748	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2320
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2356
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3356

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 882B745FF6486604434793747422A5A0
  2⤵
  - Loads dropped DLL
  PID:2932
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3B018BF8423187501A0C67EEA60B2EF7
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2964
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ED6205E97A875612798278D0CD9AC5C8 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4200
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4920
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca601454-1c34-4034-97b1-cdd29f907abd} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" gpu
    3⤵
    PID:1496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2372 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8bcaec7-a5bc-4396-bf11-5fc08d873555} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" socket
    3⤵
    PID:1308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38d6a7cd-a2fb-4367-a685-df5c10541a46} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:1380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c42bb2-fd84-4256-ab55-e7f21609edaf} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4256 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4284 -prefMapHandle 4276 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36b0c377-9b2a-4077-a5a0-1d76ebbef545} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" utility
    3⤵
    - Checks processor information in registry
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 3 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a638cab-d348-4e90-91eb-2d966ad3fe7b} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b505015f-de28-46f7-93cc-fe6e2db6a11c} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 5 -isForBrowser -prefsHandle 5864 -prefMapHandle 5868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {082a0d79-fd62-445b-853d-58c4e5223ac8} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2736 -childID 6 -isForBrowser -prefsHandle 2964 -prefMapHandle 2732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c47638e-1fcb-4e74-92bf-adc67388f500} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -childID 7 -isForBrowser -prefsHandle 5332 -prefMapHandle 5300 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a981964d-bb4a-4180-b3d4-30511e78aa67} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6836 -childID 8 -isForBrowser -prefsHandle 6848 -prefMapHandle 6844 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58bc868d-2890-4d27-9741-37447ea54d2a} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6932 -childID 9 -isForBrowser -prefsHandle 6504 -prefMapHandle 6084 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1492ee30-e266-4f1e-8200-6f35e7b0abff} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -childID 10 -isForBrowser -prefsHandle 7148 -prefMapHandle 6920 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eee1db2e-3530-45ee-9c78-ee221b9dfc1f} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:900
- - C:\Users\Admin\Downloads\7z2405-x64.exe
    "C:\Users\Admin\Downloads\7z2405-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6876 -childID 11 -isForBrowser -prefsHandle 6888 -prefMapHandle 6796 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ea79f6-6491-4a20-a975-f85b7f48bab2} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=440 -childID 12 -isForBrowser -prefsHandle 1444 -prefMapHandle 6928 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {249c04a0-49e8-43b0-b243-576e38e2a633} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7788 -childID 13 -isForBrowser -prefsHandle 7780 -prefMapHandle 7776 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7df8633-ef3c-4d31-94c0-44fab22df6fc} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" tab
    3⤵
    PID:2252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3508

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release (3)\" -ad -an -ai#7zMap24848:84:7zEvent14195
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1180

C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe
"C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3584
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3584.5176.14646659779746871670
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5204
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad" "--metrics-dir=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x1cc,0x7ff8dbf73cb8,0x7ff8dbf73cc8,0x7ff8dbf73cd8
    3⤵
    PID:5276
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5452
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5444
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2504 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5648
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:6004
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4384 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5160
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4992 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5780
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2952
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4960 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2624
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1884,1601099656930210963,7537818536645228208,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4084 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4584
- C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe
  "C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe" skibidi_lxzp
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5512
- C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe
  "C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe" skibidi_lxzp
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5720

C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe
"C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2952

C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe
"C:\Users\Admin\Downloads\Release (3)\Release\bin\oRniz4vtL94l.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5608

C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe
"C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5700
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5700.6040.15554349749478648917
  2⤵
  PID:836
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad" "--metrics-dir=C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7ff8dbf73cb8,0x7ff8dbf73cc8,0x7ff8dbf73cd8
    3⤵
    PID:5992
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,15728408954990930610,9572644648855764281,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1712
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,15728408954990930610,9572644648855764281,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2016 /prefetch:3
    3⤵
    PID:5948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 1936
  2⤵
  - Program crash
  PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5700 -ip 5700
1⤵
PID:5592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57aa8b.rbs

Filesize
1.0MB

MD5
65a593b74e47b811d4453391314c1887

SHA1
9c0f4cce83511e7eee02359956c4614fac162381

SHA256
b42dab08a62f54ee2f7ace7afe0ac07cb388eb1c5b70fb1b5296014ef522b91a

SHA512
1b93c5a46156daf3a0892e8a183463729f7b9e57e6dd7a76436a3457431aea62f0a2401156198a362598c232c141a5e8d124337d232b1872051a2aa05230df78

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
2537a4ba91cb5ad22293b506ad873500

SHA1
ce3f4a90278206b33f037eaf664a5fbc39089ec4

SHA256
5529fdc4e6385ad95106a4e6da1d2792046a71c9d7452ee6cbc8012b4eb8f3f4

SHA512
7c02445d8a9c239d31f1c14933d75b3e731ed4c5f21a0ecf32d1395be0302e50aab5eb2df3057f3e9668f4b8ec0ccbed533cd54bc36ee1ada4cc5098cc0cfb14

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
691KB

MD5
ebff295ea5bb139eb04c699e1a52c286

SHA1
4d71053397304ab545f246ed6676d5927691b833

SHA256
835d114678b311e938ee235519be252b38f14f2c5117d3ee3b905f09f0615f94

SHA512
4320277436d737efb3ea04515a52ec86102a02f840b2f16d8f27673244124e149f01eee15870448710ec015c103a83f8bbf491f9928dbc1bc1b55236da8473b9

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
8272a32e869a53ab58288d4c459ffa2e

SHA1
fc9ef5547ff55e5c5f0122c3fe0ad99c9bf29842

SHA256
f8fd74c19a8ee861d34875feee04ecfd9838763a334ae0353a06cc7de1f1a004

SHA512
e6b2c74dfbded30da986c6e20e81feaf19460a33d4a740879b199401f003c95771f221a4a3392ad9c4a9ae63d8ca167b8982ffd1a2111071f371127641a172b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
7f36c4e358a3498479019c4d9dbf8d03

SHA1
4ced89a7b34d85324bbc60cd6dbb4f471293cf33

SHA256
2825de2b658d668c6af200d9bd03e7603629641334cf3f0856eed025d6bfe63d

SHA512
11bfab36f0854c94973ec1039c8ddf970674a5ac9a89a9a4afeb150f56187df38d099079227d03e7a20ff03e1f5b9f2a94b355d75b0d73aa7710b1d422cdc7dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\DC904F6FE13AF2FDD1A89E5DC2045B0E5EE12A27

Filesize
224KB

MD5
4607b0dba0a2644ffbc84df2f718617c

SHA1
0c15510526240b17db64c6e973876b95fe44e5ee

SHA256
1fb83878b08738282ceaf30e4d049ffb667ee52f8c4d1c81c03bc70b060ff2b1

SHA512
9c6a565d97545cb0da86171275e1656badd2fc504e72db3ca28df3a4aff66a7e310b36ceb7412b790a16b7b0d92c42500ef2f85b22870e13c19b57049d51385e

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
c1f737b24d67709620a9d8e5551abc30

SHA1
2c25b6aa7263f4dc8e868c3fdb77ca4903dade31

SHA256
07d88174359a564eb74c9fc796a873d81ed1068b8e094c84647eb108ce57e818

SHA512
0f34198c9a375373534625294e85b112809092fcacf05bfd6279d7b4103972d52666770a680c74ddfa005cad80416174b779ad9a85fa9e15feb135566cea3d9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UTX4D2XYBZCF1QOR7BUA.temp

Filesize
20KB

MD5
8a1442ca68ec8d6a24aedceb38ecb68b

SHA1
f1effbbdc5898562f878e8c00e7938cd23ca2ef4

SHA256
0aeeb7bb4a9a3aff1f666cd9305a9c1e48b822c5de16e5784624d942d53ff5bd

SHA512
7815989fef15fb767559e0fa919740490cdb437165c50addafa109a9b2e94a61896a4e1554df4f0bbecce8e43a036b50333fd100fcb23134b1140e92cd0183d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
10KB

MD5
5a09d8db5031b2fad0b3434717edcb9b

SHA1
f43fad5461b346fe6597f8fa04bdca4659e5ea14

SHA256
ef62d8c1026b379c62b500f6431376c7c9e3cf9109408987411ed6c9b41dfb05

SHA512
f40919cb56370d820b31452c4eac6ceb653a5aecf375bfd69533017aa380618c5888426e7bb7e78e088c164dda82970068791ac902fc3f2e62fc859ef7e5b20f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
26KB

MD5
e4bf577ab401ff2f329b02536b6c0678

SHA1
c6784a80d3aa7d3ac1a03b7296f324121b443ef9

SHA256
9e64ec9334ad0c60d4e6ec81027d9b9d9cb9b06d640a9a7b584f041015e6e905

SHA512
bd76de8696e8e564643e4a3a6e38176e8bda94f20ba97dd8f78d9c9481ab8380ecfe174753d381d250c20e2c370d9ae656326fe313b43c92121c0ec3f1590e9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.bin

Filesize
22KB

MD5
a5a3a75711a3bee99c91ac0baa67d910

SHA1
5db2be67a38c3e06c21263c87d1994c0d83f8bc4

SHA256
f6bfdd4ac9a1cffd44c4a91fd993ee76f5b0281ccda457da0132b1523ba60bea

SHA512
74519887c09af05cc4f7be973f61ecf39ddddf63b417a80c829b508201012fefcc0ddf9588d9a9fcaa78887c57e318ddab33eae81c437be81db155ab7d0607b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
52KB

MD5
0cfbce3d00654019e0df3a6254bd4b70

SHA1
5f8debc8223dc979fc319fdb1343713a2731bcac

SHA256
5d71028f2f0bd0d74be28963e9a925bd09264812d3d51bccd7567382d79c07a4

SHA512
a3fbf8a3e44df044192f24b4223b9dd4f804beb81262a6a0f91cf75e42c08279e6a6ab23004e8f13042142a5cf8faf471cbdcfa083876d83ade9c8d96c909528

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
20KB

MD5
5c556e596a8d059d55be13b1e231e1f5

SHA1
d38bc84398ac16199b384f5e0551636d83edabbe

SHA256
41d6337ea89a5be8d6acca9c5138b4bff08a1249b83192d3e8410560febb3e6f

SHA512
08f3eca159cae5895f48158720d6e29defd91a194f311136a91bdbd48196c6c02f22b74b3bc47de26114d435c7a00b4673fe16e9dd9e6525d936e4fd542bab85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
5b1ebae761004e0e7449f0120b124a10

SHA1
35e0bc63c1aa8e5bcc4b634ac31463aac68f66bd

SHA256
6487d581e2c05fb668a07b9bccfcf34ca20eebc81d866a71ec7524317f52dc76

SHA512
5883eaa2b2a0e26188e17860473996b00bd2528a4588ea96330c70fa983684ee2e2e81482364895e4763464f89d08194a6b22a2ae0a543438a7b4027dafce35d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
ee632eaa33b2500862bb342a02090947

SHA1
77439dff8c2cb0c61eac9b7f2179a253c4eecbd3

SHA256
b266a9d3ba0a4cb0d3a47c184eaa34c6ed54e62a364a425457a422e15d8f991a

SHA512
e5e9c70bb6c3060c25641d4cd17d24f30ea309aa576bec8dbe02e30a38fe2ae0e0508feb7be363922f43892b03da9a9fbf3ff8a6c89d1ee6fcf9ad7cb1ac076a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\0ca8de02-f886-481f-b73d-2ca99a37275f

Filesize
4KB

MD5
546ae4f000e52857fbaac20e6b63ef96

SHA1
e328509a060f0c52da6cc1935a352e8dbd1ce4e5

SHA256
06ffd1b22b06704b1cd65fabc007e77e3bff7503db2e9ce8aa2d97e15183508c

SHA512
4458c982e45c6f37f6b7fb689201ac2e746c4ae13aa57aafd666f2e81b8232fb1d5f0ba3fc517bc07ac98b6c040e936b7f2d08693c3db4a955b891161d43002b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\416ea274-6680-49b8-a35a-33b3aa9a893f

Filesize
982B

MD5
c3b9a3b119bec83c88451ecd813e9086

SHA1
5e5a3b60f2cbbfbafd145edebf68da6b2a2ff39b

SHA256
94edceb5511dff6efd84900777d8424e9d978150dd473c1b531885c4109ff9ac

SHA512
36179c5e8a4c2d0c4428da34655edccee179b82459088f86c5542f0ef6b35031d148285f60258327fc9ded3d70458536444880f648eeb6b4bb7eb446dac4b172

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\4c0d07fe-db93-4237-bb34-06678cad366c

Filesize
847B

MD5
7dd193e04083e5988bbea55d9c5266eb

SHA1
0e919ec86a8968b95b434915905694e0017dc59e

SHA256
7398a1885b0b303a06bee4fbce1646aeb8385da464dff5ee735e14c43419bc1b

SHA512
a2616b1ab9fe2a7c2504bfbd24b32714d9163f5a6457cbef468c511401dbce83447a75515e4cca79bb0775f04c76bf6bda979b4a7b524ec805efaedea26df5d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\4da622df-1a39-4724-a279-16c874d31bd0

Filesize
659B

MD5
8d8a6e27c0e05249682d474ab23dd31e

SHA1
a303634c4951b196ac54866d04036a5606344ec7

SHA256
d02e92f5c3859c5fd42d2ccef3f8e0eb134620da5f9cfe0e4540f30ef317f26c

SHA512
f83ef9deb8343facf0b1f3c7b62ce884d70e8fd7b7b4c03b18a11276e04736f1f7f78b3e6b339a08821adb677b936473457c17b71751b3bc21087068e3be4169

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
423e38300adecb4b6824622f9bf903b4

SHA1
a2d2eb2228d555a615763fa2fa2fca193b2283fa

SHA256
285e885a130c1b4ec5dd39815f7bc1b7be6b42987706e70030b454d1322ae2ac

SHA512
86b01352cee9086687756be8525aa6a0e60c3992efac5d0aa3893c1bfe5d02537d3de74c532b4a705378077f17d055d0f47364415f54721433a9643b14025fee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
11KB

MD5
96fdd80cd0be7f61a6ebb2061aa684b8

SHA1
25c2a917390d7ca2f8a1f31e1e991d91d0f9e2b0

SHA256
9b6b5bb646d1e589da2e0e09e4ce474a16e54f3d029261d42d92b372ef2a4f2e

SHA512
b7553dd83bfbc506014475dfb0844ebff2a273b8b6ff9c3eeb213e0ce4ceaaed1e69b0bb788ccf6d41bde6b5a604a125e2230e942a455f1f2213a0afa3243325

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
11KB

MD5
dcaeba5a8735d33127817203e3ff8a6d

SHA1
154449c32f2b9ccc886dc84ce36a3e019e78cb47

SHA256
a7b368b4589d96a37abcb72528b7fb49f5872810c7d99c9315eee0f7ea5ac58b

SHA512
bc2882bf8f1ed39c17f019ffa3d4a69d04839cc50792a038d4905267c4725593a9d1d7a13d828da2e04449480249b864cefa4599a10b688af194f51781e05999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
7c55dccd10496abee9387744dbb934a5

SHA1
2dad17f9a7376853e21a0d27e440b8b2b6459b7b

SHA256
6143509601e0e655100c7d659af4899cc970f150c3e60e83d5ad8f233285d7a1

SHA512
9c5a746ba0e92ed8d72a5760d6c6e521898880e0d4ff6ed89f0046b8cf483f1a587cd4c3f5e47788018af04ce432e9ab06438624d10a71f62df1de1d9bf0100a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
091d8b15302e54608457ef196dff0274

SHA1
0d371d470fa65df0d848397cff65c69276fcf51e

SHA256
381641d61f4695a869e2dc313a4147e03e6eba2d33712b82e90b7f321b330091

SHA512
18204c7dfc2b5b589f6de7a9c224676a413e63e32b0bd570c1834b37f79d85e579787c460b048258ff98115f03ec7f34fdc091806039eb454a86661e5cf2da59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
1970d926bc034d265ddf7b094d50805e

SHA1
5d52002ee02bfa57fb45464d30c271730997c0e4

SHA256
cc5c014f798ea5d9e26836eee9536e21d81fac6594e18aeef68bdc74c6f7a7ab

SHA512
54481488e3384af72677781d9a0429e1012fa3201ddbf0f5fd29f32f02e1edd7f2b7b994a3ae87794025e6d56b4153dc5cd17da7447bfcc0c4d0546ca2b2c495

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
5a05cd358ac3a227fe00d79554509811

SHA1
713e80e018a28e45f6c1c1a76af238a1ba222a72

SHA256
aaaa0c72db410803df96056d0f4287a8c887c4a5a9c8d500390ee00adb0fbd0b

SHA512
6beed8a25570ece02d83ecc85818d74976958b5f96669cd0f36ebdb78fbebd07248e9ae063ee9a3ee753367592c1ae442c2872204b934c28d7f2dd91886982fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
33f4fc0663402a4a66a6ca607308b0fe

SHA1
798b940eadf30b30f6c30cc6ce96187db8b7617e

SHA256
4d163585847513d890dcf4d687b178479317882aca65451ce08a67786e22960a

SHA512
5e96bea8c48a00a1fa793a32344318282e616bcf38152ec234c973d3cfa7ede2c6e4dfcfef2519f209d5346585710b3ceabc2f6a027d37b06d4c1f870fa78b0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
c1eb994b3fe5c15670938686917c0cca

SHA1
f9b9c9b2ae7703e8a476b3f99da39085da868a87

SHA256
c76622b411e04fb7f9d513369d631fc53f57e6df7f281539a18bbea3dfc98f69

SHA512
3d496bafcbf6e1c40637e36c0875cb18cb53860e6e761de9090b511350a0a72b6a6fc29545102dadec3a7d663a6eb17b7c1c8f46043d282bbbdb940a9b219583

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
750f926a38212a71639499d9a10e6b6e

SHA1
2e123743418d1b172fa75b9ea1250b230052f6ea

SHA256
fb5c8f734343fc157427df08127a0874aabfe91e095d8462d4bd3209686f7481

SHA512
15d44e9d020a4d0dc3416317917ee03fb286743ed082f73baf1f106800c0daa6feb6233b2f2f2bb36c682b197fdb6f766c812e1681b57b0942fdf483ef0dca1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
e5753ed551201becf6ef5a6654af7b02

SHA1
2475d099c77e4409035576cc0b8f771ce84b239a

SHA256
aca5c21f9e12c4e0f2f21c0950be27fa8411ba71236d51659cd859dab76f91d4

SHA512
e17f137255c3b768bf9d6f71bd40c7a49fc81207603982fb9b8cc13fbe106b045a9147a9d7af86dc6ab06268568fbd40b6ea26baa01cb7551a238a5f7e14e67a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
a4a5e18ee37d2ffba2d0a1c993aed1e6

SHA1
f3da2c9fa9e9e2639b83a679f283e3361adb8136

SHA256
18d4b960c7545f33a1f293e4223f9590ca6e03ebb1d0727ad146130af629cef2

SHA512
b274d21bf6e5207b0d1946ad7ad15d164498ec72ecd46c2b7ede4c65a645b96a42b3cbf4838a6c7847e73212dcb0630330d71462e35314b4a5dd682ded04fcd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
c3142889a781942dbb6fa9a859e00aa7

SHA1
ec97ea97668ef040aad36db1a214c55ff608f114

SHA256
48ac0749c97fe49d4b4d09bab95c79ef8497e27ca0fb6cae996ffdfaa2b1b0ef

SHA512
501903b81562177a1182bdd63a13d3469f4e514580373dac96d8e2c8ee473c41234693e6cccfbf711b385d3fe8e069fff1e63393c1d4c4b576c244dec30d459e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c099cde7e7e02fffde96b2953cc312c8

SHA1
be0c80316b964b5a748958b9625896bb9c942597

SHA256
48d9143625956436a5995cdbf2b1d31f24acb692e45ed968a44e33492fb5ef2f

SHA512
1e515ef77e7ce6478e79fe6bda1a105217741f822823040768f4cbbc2f48d26febbc6c9839be80de6e16f3a849fdcfcb5e97fcb92874aac919eb13a6c23094c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
61ef62ff6209b17916e898157aadfe42

SHA1
e459f87acc8b24e47837021b555fbbef63205536

SHA256
4f363fd779af39bae46aab453b596d0c20bf71f280f371791e6c6ad6b727ba2e

SHA512
1dcc542ebd7efd2531dbac003564fa7c69a372fa33869f66d74038bc7d8826b0866d833d54ef848373a0da5c010ede4888040b172750f3396d57155094778a05

Download Submit
C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier

Filesize
582B

MD5
bbc0c1704040317705c5279795c557d8

SHA1
4c2c5848640d15017bfc80a7953e3c4e82796f27

SHA256
ab17d9d4b8d32adf59f98a2f99b49d7b77c9129d0b96ebe8a0c7d9114a682897

SHA512
8dc9d5b419b4f3492e235303cf169302c7738a67ddd419348ac54a29933ebbb58a48f371dcaf4b33fd622a985df2f6d4ef4b21b8a75c7918fbfbec621033849e

Download Submit
C:\Users\Admin\Downloads\7z2405-x64.ihUGrhcT.exe.part

Filesize
1.5MB

MD5
c73433dd532d445d099385865f62148b

SHA1
4723c45f297cc8075eac69d2ef94e7e131d3a734

SHA256
12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

SHA512
1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

Download Submit
C:\Users\Admin\Downloads\Release (3).RVfTPDdB.rar.part

Filesize
24.0MB

MD5
190b1b8dcbc620264f62b8e13be814e7

SHA1
8f7eb581a188163d13dd72495c204954ae00eefd

SHA256
1c7a058cfa88b9f1558fd3a9135791633ea24ae930af56750fc56b4d1d54e140

SHA512
5eeeba1d1ddb565961b4babf191ad0d15748bc85c7ee75b3f77c3e6f2f33690d67ec9d791d0a4644ad7a42d32517a0874806177d60d682869d9d0e8d30fa6d71

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe

Filesize
11.3MB

MD5
54e52e26d0fcde918064a2bbb22349f7

SHA1
dbdbbb5b56bd96b11fa2858e53cd54f20f2aabd2

SHA256
6468075f54f979aa46a54bc0616117c552d7a3e32f6dcb93b910647ff59e97a2

SHA512
c09308e75c1b7fcfe9931ba16c4eb1de6ae6e9fa0f3d982c2a303c9a5920a0193a04b8aef12b67ee11cf5750c5f040e297c6190411d5a75fca628835e1b03ee3

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\BrowserMetrics-spare.pma

Filesize
1.2MB

MD5
1045bfd216ae1ae480dd0ef626f5ff39

SHA1
377e869bc123602e9b568816b76be600ed03dbd0

SHA256
439292e489a0a35e4a3a0fe304ea1a680337243fa53b135aa9310881e1d7e078

SHA512
f9f8fcc23fc084af69d7c9abb0ef72c4684ac8ddf7fa6b2028e2f19fd67435f28534c0cf5b17453dfe352437c777d6f71cfe1d6ad3542ad9d636263400908fd2

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
0e293766f5899bb0b766fb45e3d37f5d

SHA1
80cc275f845cc606a11af48dfe6a27745e829413

SHA256
5a35b11524c0c3d7d55f85bd18f45d31265476db953d894e0a64cc344a60f6e1

SHA512
f79364477f0ee839f46a5ad43e3157e9cfb59ca2ab434ecb4cdcd045656c7b7544675a687a2cdc7ee34c09d7c6a9dd83647d519870d70c277b9e4a359fd194c2

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
d2854001780e9f18c81dfcaff9b0302a

SHA1
ea963f873b5dda16bbe24edcf47357e2f8d3344f

SHA256
7ad36160873aa1bf9298f86643ae4741a305f6c9d62e7edc6c37ac2cf9a9f2f5

SHA512
13bc7352db6e61e8bc5c7e5824fcb2d7d532d00def2e181ba5428adb56246d9859aac09d114b514cc29645e0779215fbe5731f9e0726dcfc8a6ef11f0aaea850

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
c6dc5dc5275ecce92f1e5e818c1e6872

SHA1
26b9e2432ef267c671abde7452e1eb1c978524d1

SHA256
6073590e97fb952cd52494022c338126a8df07faa9aa8ebaa206941a12acc500

SHA512
53a74b23c5e67bd030d2f225931b92198426df52b235cc225528d59f61f6679b5d2771fde294cc221fa5e095505acac487222c5f81141db9627bce9feeac5984

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f5de95d4a8fa03c61cada5588c28d904

SHA1
d70091285a89b826021e5d12061a6740dd9318e0

SHA256
00e752902283f712e214496f2ad3812b8ec20dd1508e226af7177f91e4163f34

SHA512
b550008971c5e435844ee238877c4bf3b038a17b9a8471dc268e80e412be0e935efe250de96b851f459fae9b46f1bfa837dc526197e8a83c7098a5102469d0b4

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\00230f62bd1ae13a_0

Filesize
371B

MD5
19efbfaa1226df4ff57195142c212605

SHA1
104e102a643c7db4f307cfde1f1c3814f4f3702a

SHA256
bdb3b470c734216d5283a113eb357db6a23c4d2550c72ec8c4114d4cfdf3f2af

SHA512
dbeef7c656745672817f6dbbabf052615b7e11275231a78474d7d5ade05f042782af680cf77e5f4d829a811f4b016a323ebf1b717d3e1bcefc1e70fcf42509c3

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\006a2c4499fa5bcf_0

Filesize
337B

MD5
0aecfeae6ea4b6cdefaafb5eef6c137c

SHA1
bca29321246d34395b82aeaaea36ad3a8dd6779c

SHA256
2b96793604e032b17addd80aa4b970e9bc531c071658937c7a983a0213ab6faa

SHA512
ade41fdb08e22807289cc388558546530624b4d75f555d4eec98bcb233e73ee44a9fa91de5c972a32af8e9feb279b4a29101a4f70ca9bb7ef9162c39f16af80a

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\0178e10a15ed756d_0

Filesize
354B

MD5
d484dddf2511dda81e0d545f56706d46

SHA1
f3f945e5fc3c86ee4bbfc8288d614bd7f7c8a000

SHA256
331bb509de73fc86d1352ea0a6e059764d69e150857e7f2005331460bbd38830

SHA512
f7a1f05e81e0e1ad80cf9d3b602fdcb466a94d20082ae3145a6f7c075f45730751ebe793e45fd073fce3561fb13668fb31010a24af3b2eedcb06056fc8055861

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\064bce544ddd31a6_0

Filesize
360B

MD5
ea83f546ff9a5a1c2bfa1a264983ae02

SHA1
78d91416dd02c7c4145ada6d1583e554699018d9

SHA256
fa0089b349d13411380998f52c2dd33bd7557496b318716627cd1d56d3d2c3f5

SHA512
c94bf3bd1ca4aa72ed1313f46bdc3bf9888870c4f3b7573db75d0af3163a30c0e9cd35f66a4a2162e5a33c2e80a4d92faefb3ea3c5377b8a476445d5aa588c0f

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\07579e76b2b36565_0

Filesize
345B

MD5
7751d2a87a7570eb0b22a450d6fa3f0a

SHA1
c780dd76f2fb38570a358ad6ae64c60ffeeaf0de

SHA256
9059d2ddcffa26ddf36f26eea371451b5b427b6f8ff02cfdc99ccc2d8edfb0f0

SHA512
e423bdc5232514023d2747b89dfcbb910ed61a40402de102f23c61fc4db9f2b4e83546fab7a12a76475cb5e4baac475460cf6167c1ee167e743bc42d625a90ff

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Code Cache\js\0ce38540d6099cdb_0

Filesize
350B

MD5
214e0f88b66fa057bf7e4a271ad63647

SHA1
85dde96f8638f1b77f21b46ffdbe890bb2054897

SHA256
e3ecb85a1c58bd7c3ec88bbcb28a5d26743bb7b775cf6cf21e95b33b5b052a12

SHA512
99499f200cc666ee83b12bec0ca82aa2e4c9c775fa829d392d41f39b1b97e07f950bee15859c7165d553fa3b79c076a69d351894020ba491f746bc8608c230bc

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f4c4d155a1086c79e3227c636bd7e21e

SHA1
e0bd306ecdbc4895f438477058377f8a31821608

SHA256
94e99ce8c899b8c1ddc273490f2e4cae2a5505b21b21c1bd3ca068de97733eec

SHA512
836736178b492cae09241b7b15c96c99a353fd2a909267f764cbdc763bbdb1940dac71d5b91bfff40e7bee3a95932c818881fd224f061252ca4fc333c2cc5c58

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\History

Filesize
184KB

MD5
065520f00161049f21b016a59b9c391f

SHA1
102a5e16194a6e59878c06648c2e8844a1e9949e

SHA256
29b06a5c22f2732f945ec146fa0fa6460537b7334f3f81a985678c2147af3a63

SHA512
ede3a91de58fafaed96812fd94ef444c56673eedc89e2dbe8cabd78127461780664261e1c859bd6045ef4e9b18d05828582299c2004b370bf5cef7cc0c316653

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
193B

MD5
18d8ae83268dd3a59c64aad659cf2fd3

SHA1
018c9736438d095a67b1c9953082f671c2fdb681

SHA256
d659029d35adebb7918af32fff3202c63d8047043a8bdf329b2a97751cf95056

SHA512
bb0962f930e9844e8c0e9cd209c07f46259e4c7677d5443b7aee90dcf7b7e8f9960c5e3fcb8a83b9bb40862fbe0442c547083a9fd421d86674b88b2bebbeb2fb

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5b1b64.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
087727d85a49279923264b16636d5919

SHA1
37f2c603c21ec276ef463853325f811dacb6d02f

SHA256
4d58381ee0560a45a9808e9c18f791076f65f0b492f30c8017beef33bfe3e250

SHA512
ecce224dbc0e57800f9cd9adc4932fe0da48c5ae54668a8b9fdb1e133829935ffb2cf8f7921d3d07197a396a967bab07f1dff469abae68723d8fb2dc56aa8256

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
13f568d779f036df0ce027fb6a8bcbf1

SHA1
be032ac03065ff66bd4f7663c19c831b52a76c73

SHA256
f206b58dd9ddb63306010caa8da881545325c6374b28dca487fe13138e25ca32

SHA512
62ec1c412f2047fb3e7fd57369a2d3240eb42a6e36af5976c6cfb29a1cf1a38b709b6e774fbdd501601575e350596cc6cc380aa62c3945de6c5f2c622adfa749

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
63a7a741ae1a3822d63f42da478d3afa

SHA1
5f8dce054c9671ae4714d8fde270ee439a1840a7

SHA256
93cfc7cad3c09678665a278749032dd98e918f046fe70826b26d68f9a5d01537

SHA512
8ec83060acc8404146ca937ef7bc7991e92b2d4ae4110e29bda3cea9be7d3ef4b5ce87671367c0ed8ce1ff16d3463f5e578395f954276c286a5396339532d11c

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
9KB

MD5
c5ffee57757096c84cc3a80bbb2e2356

SHA1
45d44b0c2665274c12cf23c56c6c4ea4349e0dbb

SHA256
6cd28030c2baaf40863bc723bd89f1a245f4f4030a5e551d98dd350aa6ad9124

SHA512
39e9df1d89f72c3003c8f51df9b5c2086695faa371dd5b896ad9955f92736cf7665ba2ab98aa89888596dd2f26ac889d0611efaf29c781572d0ae750b07a55a3

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Visited Links

Filesize
128KB

MD5
3da69d9b902347bf5c1046181b6be6b2

SHA1
575f64244229d01e2d1da4c36161a97de1af00a6

SHA256
76d73ede4a48245a5048d6c06830eae1cba9fafb195fdf63191ac9cf471fa1e6

SHA512
679c73a15ed569c3578404f81b9d445ea3b09d76ccbb937973a41c5bccc912b07e33ac627121841160b7b5b0523cc92943149a18e94815a6638b0df5c302cd46

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\Web Data

Filesize
224KB

MD5
4d3f2fba9fb4df4e7f84b76dfd7b51c9

SHA1
21f556c27cd8431690b5c7967f00606c30c20e1c

SHA256
3f8d63e11d84b6265155e33e8fbd6e20e15e764c0f6ed7eeb4e1a5f907193c8e

SHA512
c6b3897585b8e22f013c06afb6f57119d187f6b8497d2c6a58e53df6fad36b83d0554862878b8ef1afb97f87090111c46c8ed7ec22afbe621cb1f685b975ccfb

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
6dee7634c17c77ce0c72b0b653e08646

SHA1
c202b21e9d5e7c5eeb2373945a11123f51c6d5db

SHA256
3b784632d63707e805d0844d9ed396a0dd4fcd55030a8a1452839dd8933f094a

SHA512
513d03bbef5d544b41c8bf126ce86efc115d82f76d90b31db3084a49c7ebfde8bf05c5632c2b1cfbe5798eed68b5b67b245bbcca6d99ea5419595ed76cb8178f

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
1d5385af5fe24b05ae248ccc448bf212

SHA1
0da8d554330064d15d6df9f09cae63d9f82ae71a

SHA256
6afa7a9e56ce49b516f6ba43dc45bae672274ea61394643c26c36baa56bf9ede

SHA512
fe9a38c9e39d4b981d06b843a085a26b3aee93fc8331ad7a2ffb00265d8a75073c0c820adb1e78b888528df498f72922b3f629563f1853212292febe317300c0

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Local State

Filesize
20KB

MD5
cbe8a89d8d31f9962df065217724e29f

SHA1
0ab25590bbc74a7fa0cfe90c157f989aceafc7ce

SHA256
fb433823f6667b44f9abc30ae82649606426db721fb3203d39d2061c60be9b4a

SHA512
0aa0282a251450b72680b07960c70255c62a7ecef0acd5f4e93f952aa2b6b5300d695be2f98f3b78268b7be95ce5e394c0eeac532618afbe8418547b3fafcf1b

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
aed321d2321611ef1df5f9b86a78ae1c

SHA1
42133104d7e6006b9d8c98b7780ae9a5d9e2a8d8

SHA256
103bdc5832eb645a6cddf93c25864855d17701581fffbbed0f962a037cb1ff31

SHA512
842131003accd67e37bf8f6b43b6458ddcb3a37569b546c7c36139443e5009f25a20ec432e65107355f293cf9277358e17332a17623b5019a5c2d66c1d83a599

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
cb6b8d99fcfc33f37cf3754eb6a5b114

SHA1
2955dbf6b5112fd484c52b005eef09495fe26102

SHA256
98b94f78b3a1ad098662587d5ab5ebb3767bbe8c9c33535879681cd473fb144d

SHA512
c0fe7f964cdc93d1e9f0b397a683992eaf91534b06faabd3347b85648b3602c3193d00eb1098b179f78ca7d858f99dc8de8ddbcbaa3e2d545dfd1cf8d2bbf0ab

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir5204_703668447\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Atlantis.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Microsoft.Web.WebView2.Core.dll

Filesize
581KB

MD5
3d9465d5161ac2ab5a83265935514349

SHA1
5d40047faf2a166e6c25f106c244b5826bd0aad9

SHA256
24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e

SHA512
8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\Microsoft.Web.WebView2.Wpf.dll

Filesize
81KB

MD5
820de4634735b6d2d9842189cfe71ebf

SHA1
39c1259d9b4cebaaa7a684c6da10d52ad017bd53

SHA256
42e4818adbbef44833dec2c2fcca7b456581f391ba800a834a72c9e5d2dd008a

SHA512
35954de8c6faf311b6118aaf4fa0af9da05de9549a0e5b143ce19586a3826c8daf5f63bc7526a6110700499a8aa0036d8ef7a463dfe3831748dfea4a6da822ce

Download Submit
C:\Users\Admin\Downloads\Release (3)\Release\runtimes\win-x86\native\WebView2Loader.dll

Filesize
113KB

MD5
a362185b50f302563ef03ee1cbf68fd2

SHA1
2c68639cb53fc995d38ba632e77b6a2abf2c7f51

SHA256
cd5bd9cf068c312ecc6ce09e1c413b68ba12393581ae3869daef6b22f70a0cd6

SHA512
16660e2f6e9d7b633256b00b7425ae6887080f776a83b28d2bf8af4e15988645dbaeea71df701d45c63a40d72e5565c1ba8e38ae3676a7503521867395166f4b

Download Submit
C:\Windows\Installer\MSIAEFD.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIAF9B.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIB5A8.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/2952-4548-0x00007FF723AC0000-0x00007FF724416000-memory.dmp

Filesize
9.3MB

Download
memory/3584-4436-0x000000000DD60000-0x000000000E28C000-memory.dmp

Filesize
5.2MB

Download
memory/3584-4348-0x0000000000480000-0x0000000000FD6000-memory.dmp

Filesize
11.3MB

Download
memory/3584-4351-0x000000000A2F0000-0x000000000A2FE000-memory.dmp

Filesize
56KB

Download
memory/3584-4350-0x000000000A320000-0x000000000A358000-memory.dmp

Filesize
224KB

Download
memory/3584-4355-0x000000000A360000-0x000000000A378000-memory.dmp

Filesize
96KB

Download
memory/3584-4360-0x000000000AAD0000-0x000000000AB66000-memory.dmp

Filesize
600KB

Download
memory/3584-4349-0x000000000A380000-0x000000000A388000-memory.dmp

Filesize
32KB

Download
memory/3584-4356-0x000000000AA30000-0x000000000AAC2000-memory.dmp

Filesize
584KB

Download
memory/4484-32-0x00007FF8C1C50000-0x00007FF8C2712000-memory.dmp

Filesize
10.8MB

Download
memory/4484-1353-0x00007FF8C1C50000-0x00007FF8C2712000-memory.dmp

Filesize
10.8MB

Download
memory/4484-1-0x0000019C99CB0000-0x0000019C99D7E000-memory.dmp

Filesize
824KB

Download
memory/4484-5-0x0000019CB6410000-0x0000019CB6432000-memory.dmp

Filesize
136KB

Download
memory/4484-4-0x00007FF8C1C53000-0x00007FF8C1C55000-memory.dmp

Filesize
8KB

Download
memory/4484-2-0x00007FF8C1C50000-0x00007FF8C2712000-memory.dmp

Filesize
10.8MB

Download
memory/4484-0-0x00007FF8C1C53000-0x00007FF8C1C55000-memory.dmp

Filesize
8KB

Download
memory/5452-4385-0x00007FF8E0B10000-0x00007FF8E0B11000-memory.dmp

Filesize
4KB

Download
memory/5512-4522-0x00007FF723AC0000-0x00007FF724416000-memory.dmp

Filesize
9.3MB

Download
memory/5512-4521-0x00007FF8E2CB0000-0x00007FF8E2CB2000-memory.dmp

Filesize
8KB

Download
memory/5608-4554-0x00007FF723AC0000-0x00007FF724416000-memory.dmp

Filesize
9.3MB

Download
memory/5688-4824-0x00007FF723AC0000-0x00007FF724416000-memory.dmp

Filesize
9.3MB

Download