b28a975b10baa8098f90e1971868ccdbc9824cd387084e807368f40b99ac3403

Analysis

max time kernel
443s
max time network
468s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02/12/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Atlantis.zip
Size

25.5MB
MD5

1275988e47c7e1c68e8bf1c2b7ed8482
SHA1

be3cddddfe03d800b9a69f04207be17a0d01f39f
SHA256

b28a975b10baa8098f90e1971868ccdbc9824cd387084e807368f40b99ac3403
SHA512

35551b49102fbf090c3b5029a68fed3264f6c47603137a88142ba38ef7e2d26eed344f88b14d457442317e7edc2f732790a5f28c365ec5c0ba07d849735cdd2a
SSDEEP

786432:mcfEg2aesPEkT17FMPq1EXcJpSVRlPVRUCDc41S:mcfEggsM6rMPA/JpSvRUCQ41S

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4920	Atlantis.exe
4108	Atlantis.exe

Loads dropped DLL 4 IoCs

pid	Process
4920	Atlantis.exe
4920	Atlantis.exe
4108	Atlantis.exe
4108	Atlantis.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1592	4920	WerFault.exe	98
1956	4108	WerFault.exe	103

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Atlantis.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5012	7zFM.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	5012	7zFM.exe
Token: 35	5012	7zFM.exe
Token: SeSecurityPrivilege	5012	7zFM.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe
Token: SeDebugPrivilege	440	firefox.exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
5012	7zFM.exe
5012	7zFM.exe
5012	7zFM.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe
440	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
440	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 4592 wrote to memory of 440	4592	firefox.exe	107
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 3700	440	firefox.exe	108
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109
PID 440 wrote to memory of 1496	440	firefox.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Atlantis.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1008

C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe
"C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 1548
  2⤵
  - Program crash
  PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4920 -ip 4920
1⤵
PID:548

C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe
"C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 1524
  2⤵
  - Program crash
  PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4108 -ip 4108
1⤵
PID:340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7d9068-a2a5-4c88-a544-80e79958e8a8} 440 "\\.\pipe\gecko-crash-server-pipe.440" gpu
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61cb36b-56e3-483b-aa6c-d3cab8e20301} 440 "\\.\pipe\gecko-crash-server-pipe.440" socket
    3⤵
    PID:1496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3276 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ba0938-7169-4435-9d9a-723bee4e61f2} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -childID 2 -isForBrowser -prefsHandle 4016 -prefMapHandle 3920 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8258e66-bd8b-4c1e-9eda-06a3c4dbdf0c} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4940 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ceb5737-11ed-4d31-9498-c241cb6e867e} 440 "\\.\pipe\gecko-crash-server-pipe.440" utility
    3⤵
    - Checks processor information in registry
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5044 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6bcc3aa-7149-41ee-bbdb-b63d865aea05} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5372 -prefMapHandle 5368 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21784092-c763-4521-8c70-eb579a8c73a0} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5496 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cfb46b7-ff6f-4f66-a570-83ac752020da} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 6080 -prefMapHandle 6076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53a80ef7-b91d-4528-92a2-c5acf84d78cc} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 7 -isForBrowser -prefsHandle 5916 -prefMapHandle 5520 -prefsLen 28059 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d850b0f-2224-4db3-8b6c-96e23e391c2d} 440 "\\.\pipe\gecko-crash-server-pipe.440" tab
    3⤵
    PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
c713beae3dee9f555d6082c2d60778db

SHA1
b4293cff696ea2956e7e0062f440fd35f5c1805a

SHA256
d94a8696ff8d2bf8316f7acac8099faddda838c1b7b593ff8ec777bd0f6aff25

SHA512
c61c43ef1b298add07a82af3bbf139912248f241bb2c70336b5618eb8bc9b458710b3652531292627b9d0dd4679424a7e4b70090b782831eb5fc77e82c5bbeba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
04025531d7121a9a74ebd0b992e855f0

SHA1
7dec1c4b80a6c6e2e4f3bc5ab86a23b2aab6cdd0

SHA256
22757617de7ed4d084b2c7af137e211d63f18792d63831eb250ac002073f20fd

SHA512
bba3b55bfd8ab9eb1778e9df5ff975a810fc8f52a3bae2aac998e3c70a9f641ac874f14ff3f46e8e10e9eded63fb9eb3b7007f83e9f239611a201838ff3394ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
67fb94adc61b532978b4e803bbb48ec0

SHA1
7a9e0d3688a1a696502f8cdbc9b7a4344366da98

SHA256
ab6812438cdb9c51bffba26ef2a12ceba3d2991311f2206affa6e69db0379f89

SHA512
a10497adff4e0e85e626a1ce00b5597af8fd88ecb4d3c645db92c46cb7145300dd4a37b4297a75bbaf5c6d1a9e1302534e99cc6df304d269cc50f05b9a9c55a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE49366B18\Atlantis.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UDC52UTY0NX4IEKNI9RO.temp

Filesize
12KB

MD5
0af941999c14dc05d7b7564b80cdedb2

SHA1
9ee9f70b6e3caa037a0b859cdaf29107bfddba7f

SHA256
95bc81939d80d57ea9a062efb3b5fc62c41edc903ea25ad3d12748535425932a

SHA512
cdfa7ede8661962c79690ca494a61e25ac1e92a484227df8afc3dae00d622bd8d6d608ac2eabfbb3629117336b004dee790aba634bbbd938b4cbdc185d5a6895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

Filesize
6KB

MD5
d839611426e0a4840d7faec9f273bd48

SHA1
98f32d219743726f08c17459977cb80456713365

SHA256
05cfd53c7d759378006b14c5c7c434aaf05f5431b803741d31a90c7d89c4f83a

SHA512
08e3a5cc8e97ad8a1dd8c8122b3b0bfb98462b719e2d587476e99775783467b866b5e806de58da1b583812aa51c83e73c03aed5bdaf8716fd7cba73b1d24e3e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

Filesize
12KB

MD5
fe620a4f24d3de93a36bf84fcac47618

SHA1
6ca9095e5ec5ad0b5445cb976c7dc110d50e3f53

SHA256
6342f8b3c93c1f5bbcda8dc967d0afa5e98637eeef86c059bd452c7adb1b6dc2

SHA512
74fbd4fdd3e6ad29a63ca2dee578cc425f2412770447c67dafc68d1f3b45df15dbd00d7c332389886b484e184d6c70f6d8c7d7c14d156e0c9647c734c1469a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\bookmarkbackups\bookmarks-2024-12-02_11_lSAOQb2XlvaS2xEwCZVl8w==.jsonlz4

Filesize
1005B

MD5
e1eb80b80ef2d9607dd4646fa9562862

SHA1
5c445190851dfc1515482a40007e848acd295f5d

SHA256
69dbb3c63e94209fb8f72ddd32975d9f3ffd657116b8e2e4472e0e6864a8e884

SHA512
b69cd5e509b7504e0998338e8a6fcd7066e4b4dcdc7f826bec9615fceb56bc5351858297d347b336bc6039f98493408eba303c4e98aa6c02e30d138a30afaabc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cbe1f71dcbda29eb0fdb121039985f58

SHA1
d5d8dae584fbc076a4fc5725565975b093e63312

SHA256
396cad87cece9500197df7a41e8a8e09aead998b7144d364897f44e22805f134

SHA512
ea04257163f23115819c142c62911bd03022e2b41225b367bd6907ad6bb5757e53b0229019bc0ae397440d2ad4f33f156bfe5cda54ca5b7529bdc9cdcd32e0d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4d92a460c4a7345ebc6dca5ab9875ec8

SHA1
263439dce88cab1b31150c43094d9438fe6dc4e0

SHA256
00600a20e3cc9cbe6d55145cfda45f6e58f02b75c26cac470eebfeca91e1de1c

SHA512
ee7bd13423c38d361cc7b80a2606b9e68de166f7402bf2e5e6eb17293ea1646e8d123db292f111d4d0cf94376860af3d3692f4d23a99e41d1988a41166a01399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b41534a9878274846e3ae16146d27a0f

SHA1
6e1d10b6b3a3d57856f03e99431a2649ece174a4

SHA256
ad300d2772838731fc5d8001a8e3d16103e0df0c721da570376e7e7f5e54844a

SHA512
3c8e218b6386a9ea30622218f49afb44d1a675af5a1cf822019cb42f4570f5ed72eb97216218bde79c1071ffd7f5ad47264e94b84f24c1dbb536e59735448ab6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
778fcb67c5d65802fd94ab962451d532

SHA1
a0b640065c310e723c87d91d1f8d13918a77a302

SHA256
c8c8b18cbc9516ad6808e263033901ff444a9d46a2a3034448a9671237f5a119

SHA512
9e8e6a96ef3f766b68e634daaa39ee0e331493658f7f420f2955cc7bec5a31c50407a3d3fc4879aabafb7f7f2b58cb0a2fd81b5119bc02b0e68c268b7e9c2c24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\0bc014b8-1509-4d7a-9f9a-a0f65743252a

Filesize
982B

MD5
40a165aad4e558a307441a1b0e0966dd

SHA1
ddd42703f1e60cb3e4db200fdfab05f5ac5be0b6

SHA256
7c96cfce4c5c012636de1b88951cb5692efca96272e467b4ab3b7587d45915cc

SHA512
ef8a31623ace9c93e92db57f5868659dbc98eb8a605c5da64ede185ac07ae9f29c1a717c529eb8fb5c7836f424a9d88d8f5183456e8ba8b6c4171ba1c3ac65e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\5067ca5a-1dc2-4c67-b89e-6ba54b757625

Filesize
671B

MD5
103624264402dece2e2b4aeac38f1ce4

SHA1
05b2d813f7291d16a19f78c2396e4681e35e2838

SHA256
411646b8de4ee447d75ca290480973b0bacdb9a137feb57edf55be55ae9508d9

SHA512
6b3163f3a3097d12529341ddf53f4df1083b443ed4a4e9533927da289de14dc7392535be79c6285611c17b9ce5c6324539784ca1e7dd2aade260a61a34b9c03b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\df5a7208-c733-4d19-9ad3-376659c2ed5d

Filesize
24KB

MD5
7bb573abb5ac94a722244fd17cf740e4

SHA1
0aa83d87d131df7c8dc7a9d3e4b03d3bfbab5c79

SHA256
1fbb19950b5e5562cff306b217f114f20d7715934fb5c0e7c6377c5146425d70

SHA512
e609282d2491de293e6df3de95205994341e3b8a2d2dbc5969d921daff3ca60b7fc4a114bb52d7fd1ec06296c7db259fc5d3a2dc51afaabaf51f34c32e1c05a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
12KB

MD5
0c8dff9ac2fa7d253dc050712862ec3a

SHA1
a508503e5a8f273f6da53b1829c5f23f98797432

SHA256
7135a9a4365fffc77b9208a85a47bd9a5a545ef9c1bae18daf4479307241e5cf

SHA512
96fdcc44458b6e7d845650ff3e037e21585c6da4694d02859f0f3fd790df2f5e9168923830d72ddf34da0b062ff8c70e098200b973266c5140f286e2ff8f3b5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
10KB

MD5
bebfa2825aa22328e2aacb940b6cd5fc

SHA1
e83b1b5871754a157fe78a4243f43df9e64983a3

SHA256
aa4e2688da544ae178b34baf97b79bf09c6e65617d62dfabab0b21b845ff3ee6

SHA512
27eb9082d62cf271a09b88ce7bf091f4b6b97b5499785a7ca78d9fa0e4db41aa9e3d5d3e4aa09c9a1da4d2d70af083e48b99fd697bfc56cf0a9ea6e86fbaa666

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
11KB

MD5
06fcb7d613e9f1dd2de7fe5c33eb7c4c

SHA1
285cd5c34deae583c48513f58c85c4f6a978b789

SHA256
40bea46d72c8123b5a872a58ff1ea9f99ed0d6c9447c1febf58bb3a1433d3016

SHA512
bda525370eb957471146383cc76d18efe7fd54344cbc0ee91e17240f237d9c1f781864420af7b09f5d3c367ddb8fba743f58d3294190d3aea89c78876a8a402a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
2a99de5a4df7c2c2df20aa7eaecbdff4

SHA1
58bfddc829cdce23ec56be928172d411993a0d0f

SHA256
64552572715732c724132dff9ea6d1696bfb2c0038f3b1891f11d64965dfac3b

SHA512
90edec9dea60fbf5897111cb9e3e05aeadbab6060be66a94e0e6d8f9979c15f5b807c1bd63d937a7eb87bc4edfb1583bd9e7bc9b9cbcb97db58e978d6a090936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
77c91aad6eadc101b9e6785a69e51ebb

SHA1
54cbd1d9b0d31cb3cff9dab7c1016208f09991ec

SHA256
b3c50a7bd50c1e3129fc5a08dc274b02b2b16bf99b42e4455507890cb8654f11

SHA512
182071b62947c1df3c21a6a1c65034a3559bec685785ff5aa233a89939e91ca00bd7609a6b07abc23d42bf1cb66851046526a67e9b297012cac69ef6e0850f9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
756aa8a59ac99ca3df45ee299d109767

SHA1
6c2578ebec6e78ab6a7dffa94ca462556b1e813f

SHA256
0d24683e81d21bc50100be648bb4d368fa39c83ab0acfda88a4f04b73af8d0bc

SHA512
94fffd113ec4c98d0e48139d0b2b3cf20d1fb2943ce4f75a061c9053d633c50b5a5384f7666056f151c7dc9de754736b5d1d1c8ce83bde962dbd587854088587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8e1cbf3a04e715965baeeebf78bfa9ea

SHA1
d53d7d04ffa25e27b52b2e8acbf87459fe87d766

SHA256
e05e84d699c44135a2cd37f6711b3ef84fec647ef32218a525692c4d28557b99

SHA512
5a0814a438f7832d5413cc31ffd054378391e4d1365d22697c2555e9b998c968246dfd5c7a38094e3c7efbf265a2055c5816d652ba870941590b07a005e6e9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
82d87ceefc3be382f7eac879ec543087

SHA1
8458ee23e5c277f949074a6e9a1331acd0c5ab50

SHA256
ac2e7f8c865d34d7d3dbfd0f495e30fd978d2993cb501754540de01fb0b7ae14

SHA512
a769d5e718a35a13bad9e500950591af578b25db526c7f69e5fecae213e91fd43a75fcdd1cd3959b11815fee8fa66b3ee199ee8522f98812de806012a3d8f0ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
a6d4f5aafd86a8a54b8d7e8b3e4dfba7

SHA1
68f477b6a0bcd52880897e269ead05151ad176b7

SHA256
6b5e397b6fc054094478e510360fa1fb56deaecc1a90bcc57e09325958efd26c

SHA512
9f35afc97a0895fe1a596c8007a7b443c726539ed262c7903b50af67e965baf70476828652b375884efb6505cda7a09944c78faa78bc04f7f0a80f8718570904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
60066a845bee8f6304f6025ba90bffe1

SHA1
5f3f7f136f8682afbae4b66a92b6a918ae137365

SHA256
61ccd5ca44f2d98c745a1ef1f5b7ef136bd8e126e6e16db8c1435be672e6a8a0

SHA512
05e39e8e7702e0a4526cbcfdddd605d55df610883355919febfe79909ad175526321ebaab7fcf9ad4c9c252ef99b296ac7a4a6fbeca241cc6edf8745677ac701

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
e9b66a84a0dffdb6b04038183d9c8425

SHA1
a2636c868573590332cb71f00bd1847e43974918

SHA256
e5a5e34c21a0253c0814e774c91b14399897ed5ce41608e5d4a130aaa972ab17

SHA512
72b128828e0517bf1613eb58d13bc24a87fba907ecc4f11b1ab7b84807698159fbfc2d739ae2f3ac9797b3efeb73ac82862f8317fbdf4acea5d31f27d79558dc

Download Submit
C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe

Filesize
11.3MB

MD5
29e2f5289bff690abd5bb1b81f2630e5

SHA1
76c1f2367b744b31867841cd4c02c498ca893cce

SHA256
6bf31ea1c96b5fcf173ca859ee94a854511bf10e1d1efc6f3283338d24e929e8

SHA512
adf7552f6b67a8f740240693edfcfa6190815c082412cb73014e43eff34df5483cd0a89810bb54663dc418dc1645e8e734289370ada967389485362ff022318d

Download Submit
C:\Users\Admin\Desktop\atlaaantis\Atlantis.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Desktop\atlaaantis\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\atlaaantis\bin\key.txt

Filesize
32B

MD5
81dcdfc40e71d5028b3bf264f156f79f

SHA1
98a3f55337980751756c4e00b9c7c172645e37e3

SHA256
dead8a3815e1a34a80e2a7405e86d1b15a939c9076a2c5114fb6ceb8463cba12

SHA512
c85abb194a7dfdcabde60474c1049a952709df04cda58a8045cba2ca9675651707b8c471b16a299ab37c1f920e5d44de9268a0bdc5615f80d6b39ced9b83ceef

Download Submit
memory/4920-499-0x0000000074A1E000-0x0000000074A1F000-memory.dmp

Filesize
4KB

Download
memory/4920-500-0x00000000008F0000-0x0000000001448000-memory.dmp

Filesize
11.3MB

Download
memory/4920-505-0x0000000006CC0000-0x0000000006D72000-memory.dmp

Filesize
712KB

Download
memory/4920-506-0x0000000007080000-0x00000000070E6000-memory.dmp

Filesize
408KB

Download