hxxp://atomictoken[.]net/downloads-2[.]html

Analysis

max time kernel
161s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/03/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://atomictoken.net/downloads-2.html

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3268	atomicwallet-2.76.4.exe
3652	Atomic Wallet.exe

Loads dropped DLL 8 IoCs

pid	Process
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
3652	Atomic Wallet.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2332	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548232929100767"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
3268	atomicwallet-2.76.4.exe
3268	atomicwallet-2.76.4.exe
2332	tasklist.exe
2332	tasklist.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4652	firefox.exe
4768	chrome.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4652	firefox.exe
4652	firefox.exe
4652	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4652	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 456	4768	chrome.exe	90
PID 4768 wrote to memory of 456	4768	chrome.exe	90
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 1584	4768	chrome.exe	93
PID 4768 wrote to memory of 2796	4768	chrome.exe	94
PID 4768 wrote to memory of 2796	4768	chrome.exe	94
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95
PID 4768 wrote to memory of 1108	4768	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://atomictoken.net/downloads-2.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9ed99758,0x7ffc9ed99768,0x7ffc9ed99778
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:2
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4932 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5804 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5644 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4004 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4652 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=988 --field-trial-handle=1872,i,8757735974844269142,6317375288007767405,131072 /prefetch:8
  2⤵
  PID:5492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4652
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.0.1121419309\948660224" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d75897b4-bf7b-4e89-bbe2-df833aa42f7e} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 1980 277385d7158 gpu
  2⤵
  PID:3712
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.1.735201540\230834083" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0181a9c0-b84d-40b3-91d5-dab676239316} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 2424 27737d40e58 socket
  2⤵
  - Checks processor information in registry
  PID:3560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.2.739417740\1089481965" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3012 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {870e6fad-7cc7-4459-b15e-75aaea44cf5e} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 3048 2773c492158 tab
  2⤵
  PID:3096
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.3.993370662\1796088486" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9174965-63e3-4be8-9dc1-3a48e6ef4426} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 3500 2773980e458 tab
  2⤵
  PID:4428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.4.909169139\1376074794" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3640 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f82ee7-aa84-4c0f-a8e3-7f6039d4beb3} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 3624 2773980ed58 tab
  2⤵
  PID:2484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.5.663947199\191423370" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3852 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a271b4a1-93b7-47ef-9974-aa01e2cf96cd} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 3808 2773c950758 tab
  2⤵
  PID:2732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4652.6.2075487294\1969145236" -childID 5 -isForBrowser -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e051acc-248f-48f4-85d1-e58b81490818} 4652 "\\.\pipe\gecko-crash-server-pipe.4652" 4348 2773b7a8758 tab
  2⤵
  PID:5648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4988

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:4536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1712

C:\Users\Admin\Downloads\atomicwallet-2.76.4.exe
"C:\Users\Admin\Downloads\atomicwallet-2.76.4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3268
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Atomic Wallet.exe" | find "Atomic Wallet.exe"
  2⤵
  PID:1692
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Atomic Wallet.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
- - C:\Windows\SysWOW64\find.exe
    find "Atomic Wallet.exe"
    3⤵
    PID:4756

C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe
"C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3652
- C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe
  "C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\atomic" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1756,i,9874333246636478723,3324924980899552737,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:3784
- C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe
  "C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\atomic" --mojo-platform-channel-handle=1948 --field-trial-handle=1756,i,9874333246636478723,3324924980899552737,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:1632
- C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe
  "C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\atomic" --app-user-model-id=io.atomicwallet --app-path="C:\Users\Admin\AppData\Local\Programs\atomic\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1756,i,9874333246636478723,3324924980899552737,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  PID:4944

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\d6d01d6082844befa22afc14a0ce75ec /t 3924 /p 3320
1⤵
PID:1928

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5640

C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe
"C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe"
1⤵
PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
02fe836450c0b637990d44026559f144

SHA1
6745decf7fa67c04ab6cad541cc3c8470c086850

SHA256
7be564a6a2dd77730fbc7f2ca335f50ab40a5de7012f796484783d68871bc6ce

SHA512
ac902c0761650d18052763389d3cedf9eaa03c83687a3d8953ed22c0b28d0c9ff3d2a4c20e4ae5fcbae58e69ae434c0291fae7fe144e21c3f944257453306399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1e8f199388caac66c9949f2ef4826a57

SHA1
0e6611dd578dfdeb17a09c134f9c0da8a3ac0c55

SHA256
c1254c9dba05ccb5d201bf412696e5473d6d47a0799c97f02d604b0ea8e8fb06

SHA512
a4fc44be6eb258f87f77bc39f4376545ea299923a4034ce5b39b9b5df982d494ee4ab02ae291ed36a85ef6bca7fe1f10fa434221c9baffec92c98593368e55f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39370bed2efb61375b2217eaa23de00f

SHA1
6f1d17f91cf7c8d3b5c5efc5dd928b27a2b1a88d

SHA256
f97324434e05ffbbbb5812d38a341593380aa5de4ed2d188a82598732e50f610

SHA512
c976d8027580102891b08704b926feefc330efa1ab0fa8bb38519239c46a872c32be7de1dd5da09e2c05f79428b0253534360799804a557eff77b0653b1215be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a74a292e6cb03c4569298b6dee8847ca

SHA1
a547b7f02ede5a1ab2a6a8b6afedcc7ec433aea3

SHA256
25247d77a203d11db4cb094efc60d7529d1ce9b2fcb9ed5bf48d5e108bf7be64

SHA512
098cb14e7999dd24bf176152f3bab3bd19574e159b5fb1bbcde4acf8252f2b77e99bd3917ad7cb4c57f2c34e6f38c3a6aa599e7978ab26bf80b268d89245a075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
11ed772bf447165b875b812164d2a335

SHA1
73ce14e14d9930a0ea96f194d910d82d8136f406

SHA256
f0db296470b449e44c5793f3c2010acee21029d263010a7afd64e752889a8552

SHA512
f37d0fc89d7b1283c3c4944ceabbafe4437b9e719bf0091a71084f745cc2e7b1a26428cbe08e32eb21bcb48327f1690a6d0b5acdf515c92dd98e08007ee13e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
676e6f610ce151d68c63afe8e6e87c89

SHA1
d97985156b870f850b88c6e2166a6c1bb602831b

SHA256
bf74339ed2e83797a7ebf323f943fd16e2d502f34d2ba951c07fa2bb627017ef

SHA512
3ec66492a45ad7ebc8f25484d0a911c95fec9f1885eb0c81b519bdc1f739cbafaca1d3badf26376046bfcace11aa3acade7852fffc797ea0ae8aed59857e4b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8134913ab4e715d28074813b241b6a70

SHA1
4932a2be6bd1716498f3f3d91814821860722083

SHA256
caae61e4c4dba723e181c8a7b3dd2381c840e7259213b866e1221723949e7b16

SHA512
a7f94b92c31a073ac5d1fb4cb0c7fcdb1efbb777e168d0c7d93ccde0b7d220a85517826e176148910dd44b947ae77baf0305c27af2bdbb631b8daaf4522a361b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1da76b2464fc53222f99f9dfe812ec1b

SHA1
fc1c25b3f9e6c469d702edb447260e50b8440bfb

SHA256
0124d18bc88838b541034725fefdc8109f776fcd2e4d45d14becf1d36ec680ad

SHA512
b52ecab579e99d57b53c2d05438ebb3f601cdb890258f1ad47d0712b4350a83e4377173303ca65a43851452a522fb38d26a2f0e0e260d5f050e6ea83aba73977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d12226e561fcd125b39fd884278c07a6

SHA1
90e7491f43e828e747b5db385c6ccd85de11907d

SHA256
d8ab3a64f8bd65d0ae39bcf284caa1bfd8cf42346b296d07cf1dee1d323f68c6

SHA512
6ddd5d95035760795bc9f1e50fded7758abd68acb11c263aaf2fa9fc325b3f163c11414b58fc8b162f6b45d9c24cb8216ca0b5abb83c1ceffebd51d884bb93de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
9d2e38381f5ba2c57fbcfd56c44de620

SHA1
d4a802ad675381f8813b4ba3e184350ae8f87257

SHA256
89ab2a21fde3c6bcf21483c8b24a1ee6f72d84a44576d620a648c942f01e3d00

SHA512
0fc4b6ee030d4b01da080ad3f35e4b7514cacd559d1e8078d61ec803974d0ce509ca776dc1fc0d1f1fae284bed55b4d110ebc41d260f07fd74226f93466b7367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
a1edbfd0948ca48b860ca585034770b0

SHA1
71653719ac4a8fdd9c5f361ff45e72f0dd836153

SHA256
0fd2d0156a00cd31c65f3213fbefc21d211c356751fc67e001732a64ad04fc7b

SHA512
c114b8cd9c70872f7713d993cf1897fc4aa59775c3bd8beba717d9b21730efe38869c03bcaaf2232db63062a5566cb0a86637bcbc69c8b65c40e17c14f73f745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
f3fe6d14c03f033570c88bd1ce9e1205

SHA1
5069725b4ff3e9a2f778eb4b45d299c58216f18d

SHA256
52ef39057a9d74d01dc15294cc3e6196ace3a3adf236eb7355502bf26d3d9a76

SHA512
c9acfd39446336faa2567a2d75d81902c629fdac1e2db5cbd564be249b08ae207d1ec8f075163ae0c6e0e614eb39bbc43c9d84a6f72892a8f3d0aab2fadeea0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
8c49446bc10d65fd162206ee119ee591

SHA1
6885055aa16c54a37797677613ccc8bada450c6e

SHA256
4b0b308f059d41d4f8d52852a64a5deeb58e49b4a193502d6c7795547cae8647

SHA512
f201a671b9111123062dd7291d29207bf197abbeb9d969d001ca2aa69018a061ef13098697d9bd52ec3347477c2ebac57a132e4e16a8085be1de5371ce423e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588efc.TMP

Filesize
109KB

MD5
4881cbb06451c9b6e46a009f9773ca85

SHA1
3b3c73f551f5b032b4bc43d51c165437f53a3039

SHA256
f696ee775f38c82f6ffa6d36bfb55183b8ac2049dc065ed3ca14e6065443f43f

SHA512
3d6a3394f378d83c3d5fb464103582b2f8b4391d5567492caca790879065121992e345dac3ce2c4e4fa82882709add0ef5917bc3b28fdb4aed88d4a9b62de356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0d034643e05fe96d5eb8ef7a681657a6

SHA1
6aad964fcf4f04f7cc6531ba1200e0f6790bd9ca

SHA256
e91aa3f9d820a273b4747a53389035a382c98ce534cf15b2bcbfa332958094b9

SHA512
67511eff5e01662d150841453b4a960a13c5249c6fb46f8bd452e05e5424251cb9bfa88541185aa92b4a6df03aeabdf3e9b798a42bbe1c2e03d19d35f2533fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e909ef13-c7c6-4e3e-b26e-2cd4b65fcb7f.tmp

Filesize
114KB

MD5
48141a24f55eb095e61ace383a2b7a63

SHA1
6d4c135944b4190115f7e0db6d6c5d59d7fd52d5

SHA256
9940ec17db66f8d68a7a7097f25431664d04c6a296a6775ab06d63c86f2cc242

SHA512
e931e892627c43af8b00e63311d19342bc863c2e9f2191bd09f2ad4c3fb657c71f5ce00b62c41a560ae371c54271f9f90d1e8b1246f67526e8acb6fcebcc55f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
19.2MB

MD5
73244e8d13f2e43e036e25b6544ed946

SHA1
455ff9f6483e6cadede336087cb416b810da23d7

SHA256
8e5ce507772d775f43bff0d41af2f683a162ab736d07344c3dcc8b83350e20cc

SHA512
ba906259e7e20be358befbf9381769a07c35bd6a1b6c9b4a302da27615554b4fc5062d6c45989818491c49f10adc53a6195360fb840cf08a2a179f41cddd31b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
9.2MB

MD5
0585d13145380e1cd44805cefe1cecef

SHA1
3957fe02a11ad163d71f56d90cd1f563c5ad0186

SHA256
02b7ad0229200e9c4f9b2a9177537efc929e7dc9de5f02cece24245daffc300d

SHA512
e7d01bb821fd87023d918696173035a0353ea0a69983df13a09aedf40cc35a76fdfc47c1019aa4b308476e1d16e050c3c23437a00f8339a743c70b6227f49ebd

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
576KB

MD5
6f4691fccd145f9ab49b3c2971caba73

SHA1
0e8034b67c958f04c33e1b0177d0949c898aabcd

SHA256
d013365f97b87dc1410a60e6ad09af5b92fe60fa91d3def2020365b888d2505c

SHA512
bc85469e882d8e19102f25938ee4a5a793a540ef655304d799da07aeceac76ea481d663c23d653d970729a95c76ef2b0e67fd18d02c1c3a2d28c5f2888b7089b

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
2.4MB

MD5
816fbf2f9677e36236070a88f1c844bf

SHA1
6e897d5e38a66556a6fc8b968760cdf4a6c5be02

SHA256
560bada6eba13a93576ecf2de75748f1e28bee4271b7ae6f30357ad11dd8c099

SHA512
e55ad9f45beb06ff08403dcaf42bc84496033687444bdb19cf0e6c58b9536069529cefaa04fe282e4c9c22b5dd7651a7747bd034a59345c3274d660443f2572c

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
2.6MB

MD5
db574f915f13867c27e7a0ef0efe003a

SHA1
1df3aca68689515da129837146609e24e573fc44

SHA256
53e26a2e555b05a8b1c2310a787596503dd599bc9dde6ef604b133f98d26817c

SHA512
eaf3a726bf92c53f432580aa7a66201b7c7e397cb581e16c26776997d32c1ef37738632fbe624b2d6250cfcad7aa98d80d339f08ac88628bad56283559995744

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
640KB

MD5
910a99ab46ac3eaa4d537f1b0cfb496c

SHA1
903d24e7be880cdba80aa55f531220740af80152

SHA256
d7eb995eb0e9c93a39afaf6289d259ff35e976a7b4ab14c1f87aaffb62a06f89

SHA512
2474c6423bb2c139af0166dfa4208558e61ba958cb358fdd79111161aa6cc7e6753a97beb4ce52b994717339f9a62f1f77baf3a8bc6ae249c93a4c74822e9e44

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\Atomic Wallet.exe

Filesize
704KB

MD5
20e0f37d2bc5c5503c7eb75d23461ee9

SHA1
a4eeb4ccbb5e0c2f7b2fe9aaea2577f86df3cad6

SHA256
7c44121367f093caf99b197652672757795d669e69c7259d97f52d4d61ec0104

SHA512
eefb661d39fc449d272e37d4ef4c9e54ab1e317bd2b1e258b3aad0c602c5c88ff498f2ad3be181f7fe3da0dd50ec3b4c5982a0cc479dd1d01e8cce32624b4a00

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\d3dcompiler_47.dll

Filesize
320KB

MD5
b9616c04566f35219cf2a0f246257f41

SHA1
4dcd86859a60d296c6352efe9e2cb011ccfc4561

SHA256
52f9f1b9ec456104e621e1f2d3a57b6a552d2f328460fa41771dc6ed20a2b879

SHA512
6912126d4c5d5e916140d06a8e40934c36f83a6abd353882f28e1c183b47dae96be52e3c756c0ff92cf98ad841db73fe340594009e3601e9c87fce91ba95713f

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
384KB

MD5
c20e183467b598b506fa4807f25f4324

SHA1
d5c1c1ddcf355c3f67c925361c1f8414e1566a18

SHA256
c7b13cdaf0c95a26267ddb8bd6937a16054f61ecaf862c67c2ba196189c76f7a

SHA512
109dc1068b6aeb4dc8b1f56e712dbf1bef2a2b8a9c9b42e07eccf3adafc99906005bab76dc11b668d5c0f2c319a74abf2ca14a8eccebd441ebea2b0095bb4782

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
256KB

MD5
7d488527182b1272668821fed908c09d

SHA1
0e1199e6c111da247a035edeacebc277598f3662

SHA256
9cc8eecd9f89ce0f69dc10fe33f788307193e692f10a9a2d27ec8cd4d2729b88

SHA512
71e4b1f4b0d5b317715605d9227f5ff3a5fe0e9ba40d65d215c62df7434c962bb45e4a92caf63b96d5dd696668493383c3ef6de85e0de0087d2828d6c7ff4339

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
640KB

MD5
94f83cf99c1e5d7df99cdbfefc33dcff

SHA1
f20ac0fad0c81a56cbc357941540976db111f9a6

SHA256
63d6246d2a63fbfced9e689a3f96eed1fe8f9a61fd1fa7749796245c6c3b64c2

SHA512
295b70e93fe584a5ca5e8a6734db263427ae73f433d1236bdaae822e836fa95013ac5b1e39096b39601700de1190427aab264cc0965a9a7f8a782cfcd870eb2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
576KB

MD5
f846d0c837b7467162aeb7535e099e05

SHA1
59de16aab473da8cc1be9cef0cba2a20b1ba07db

SHA256
9fba07c3cd47446b928ce863b94f4cf58ce1773afb4a5b9223bcd1960b183f7d

SHA512
d5ff8e4be3f47311f319061c46841d3dd1ef2a10e6756fe6776ff6f71f161fdfd76dbd70b081403e7562fbdc6ea1f90af380b2a361ccca429ca98f7563871333

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
339KB

MD5
30a915acc7f0dfb7a03a5685d913210d

SHA1
71b0b01ba3d7c2a84319cd264c20de1ff9b29b5c

SHA256
c5cb83093e34d866ecadfe95080223bd9540c552e5d3e628ca308d6b54fb4743

SHA512
eba39ce0a8c5163a702a1103832ea8bbe968044f1f8141b0947a1acbb8837dff6c694040cc455114708dce616e41ecab5e9821f4e8efa662db002c5b4711e809

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\ffmpeg.dll

Filesize
704KB

MD5
ad4374a8d3efef92f50df7a154ece737

SHA1
08e434333a64e22a309a2717a6d43102225d7120

SHA256
9ca289f623e0be15a672f3724a339086a855be8037ebade5fd982f8064bf91d5

SHA512
ce4cd0544f1cb3c3270ff2768cf5e4dab5d2799ecfbc9166ca43547e02445bf22d53a7d0c4a07f5666377562507756efbab4cd05fdba32b378f56c219c7a1165

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\icudtl.dat

Filesize
7.4MB

MD5
f526e211d04c8eb9c199ae99d44d6399

SHA1
9900f24e405c6ea726ef7bfe88ba6ac1566afa68

SHA256
4e24099d2e3159319ef679e1fe434733b4bce407b83e2b737ce84c6f251b6719

SHA512
5ccc6dc36b65cbaf06efd2ed01552ddb5fb15342d75288fd0996764af1097f068832454147815588a165bfd532e4698c05115174b4c2c42ad9c540be045b58be

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\libEGL.dll

Filesize
320KB

MD5
f4fd6926088d52a5b6731b16f68cc623

SHA1
4ddfa4356334183f6aae2c418b15f86fd6c9a988

SHA256
37a9e5bd467c3037b1a3c335ea8a69642512ddf9500d1bebf0b904be6a36a1d3

SHA512
2f41c68138dfec1420585d6aed424f82d4e381135ea4a7855c945b183586215134c9e960dd39d651398d7d9ff37c66a9ebdc25d134746aeed53d4fcbb4dd9720

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\libGLESv2.dll

Filesize
256KB

MD5
cdb96b9a871ca3866e29cb95b2b9d900

SHA1
27edf5111d0f7e06627e183f2b8a6e20e6fd2c43

SHA256
998d2e2e717597c7d3b23aef761bc8bae29fcaea7b98f6d547e94b7eca39ba97

SHA512
0fbbc545e0ded8d11adc0053b4e89e9f9c62ff412e3f04b482b40f7f9fd08c8fd2c474c27cfecf5267d124968080e2d6254e0510ed82670d61e9110397f26b72

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\libglesv2.dll

Filesize
320KB

MD5
9a068972768012bb2a1d696bf08a6259

SHA1
3c02257b16324e86274ee37b3dee9089796a2337

SHA256
b7c3964dedfb80780c0d554354d5a893a1366b0b560276d18ddd2420a853d509

SHA512
6047010f9f7c26d2b1348fe1b94727f7df0a96d4db7c066479be73cff23e7875233bc3681972f32fb779b62d66296500c078d46c15ff7551aaff9667b82f8a59

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\locales\es.pak

Filesize
380KB

MD5
ba80f46ef6e141cef4085273a966fd91

SHA1
878f35e15b02558f75f68ec42a5cc839368c6d61

SHA256
267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16

SHA512
8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\resources.pak

Filesize
896KB

MD5
020bc63c82859dc2b02982be380fc917

SHA1
d5f7fbf55fdb721a2a8dd3f12dbcef6b30934c05

SHA256
32041e905de98c2bc57a09da058013dad12aa53e989fb7deb5dc9bdd862b81ab

SHA512
c9ae1058ef5650838c2b5af227ced43375bb09208f271c558b47c7c32f44969800d179bc6d9a7de9a89d9cbc345a06ebecbaa468748ba12ac5ba0e27c4c5f01e

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\resources\app.asar

Filesize
1.4MB

MD5
bd84e71520319524e23928fc2731854a

SHA1
76be72decab527bb7b1c5131e2b0c6d8ebe331ca

SHA256
779aa0fc5856704122c7ff5cbaf7c742fdc57bac1c5b7a48052aba7bb8c5ffdd

SHA512
c0522dd79bf4cecb4ac0e034eb0a020b068e7501011c66d2dd7b97dc03e8e29410b697b9f7c2b4781e5de41f59be1899da614b9d0f82749b13de6230b14a7b6a

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\v8_context_snapshot.bin

Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\Programs\atomic\vk_swiftshader.dll

Filesize
256KB

MD5
9f266a4af7606773c8cd0af34ee47400

SHA1
bc7488acd7dfae0797c50a8f778f1a3c52835cee

SHA256
afc7dd8aa38ca697d65d0072d133de98dfc566a76389d3ed102cf6d0d87b8327

SHA512
0e9d3a6134f3fad161358a30adf37e1e9c086a140f0464f3162ebe3c52afd52cb554f8c3a81aa4bbd8d9a73c5b2673613f0eb251537689a0ec5c96ce013529f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa68F2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
6d99f4c1fb26e3616ce26cac90ddc5b2

SHA1
eb34e541f101f801d238faeca199ab7fccf9c4ec

SHA256
dfbaeff61e7f72400a75e305c30c311a3decaeba678197371c91d5adf12fc115

SHA512
37edd9c47cd8f2572dd04d709a3759eb2239c47304bbccf0d13b453ab644d62ffc3d2401e253425e1da60371ae3082533531aa93a064a1e947ed7b047846ad3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore.jsonlz4

Filesize
445B

MD5
c1f434779cd2e92a97ad93088ffa5c70

SHA1
eb96f0ebc5c0764a9f73d1375aac6bd74933f068

SHA256
1d33b444a722a43b4af8f521b4aa01d6f260afd384ba62c765ab6cfbba7489e0

SHA512
bbf3ebe8bf395e98d514d89ba956226349efd751140134d08460fc462e0ed1bf8087b49cb54d32e61cf071c47dc9579c00a5fb7ae0333143855704d92ab9d739

Download Submit
C:\Users\Admin\AppData\Roaming\atomic\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\atomicwallet-2.76.4.exe

Filesize
15.2MB

MD5
7d0ceca50d2102282d38a6d7dbd31d98

SHA1
d58ccf450e3e40208f08276f4c0d2fb19703a378

SHA256
a9ffa91224fecd95bb8540e09ebd4ae561a96bed1e4ddde5e1063839ff644d32

SHA512
6a3511233e0df3a0e89fbb10ecc0bb3424dab7571a4995968d3a86bdb0b2d38570e0f1dcf61c23b11e2bf00cbeba7dae452815ed798438b528fc6bc1954db5f5

Download Submit
C:\Users\Admin\Downloads\atomicwallet-2.76.4.exe

Filesize
12.8MB

MD5
c88211d4ed0f06c6d1301be9b09344f7

SHA1
f35fdee6bdd5ce9ecafd7a7e69f98892ec32232e

SHA256
84e829b87a5619a849546ed136e1c88b21fb6aa6a4b314e220b260d213465023

SHA512
c7a9a28253bc50813f620d3cd516db47ff094344cac27f0eded39bc0b4189720a3aa7e89abbeb69d42efb15a5de78b1a15455bab81198d739f9663c3ee7b4826

Download Submit
C:\Users\Admin\Downloads\atomicwallet-2.76.4.exe

Filesize
14.4MB

MD5
dc53c4523f515616dcda758443a482cb

SHA1
f7ab3c7b266ec4ae77579fe1c6a060e88cbad4c2

SHA256
ca6d3cd820831ad0c341497492a4513cf541b7bf5fa5ff71a1e77b84ac3008b0

SHA512
5deb0126ce9686fe240b02469b0acbe6072a1c6fd203ee61ee23449e80e816197291d55a7c1b81a6723db70f78973abd297cc243e740009df873bfcaee1634f8

Download Submit
memory/3784-588-0x00007FFCACB20000-0x00007FFCACB21000-memory.dmp

Filesize
4KB

Download
memory/5640-656-0x00000224A05E0000-0x00000224A0600000-memory.dmp

Filesize
128KB

Download
memory/5640-659-0x00000224A0AD0000-0x00000224A0AF0000-memory.dmp

Filesize
128KB

Download
memory/5640-661-0x00000224A0580000-0x00000224A05A0000-memory.dmp

Filesize
128KB

Download