Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 14:14

General

  • Target

    846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe

  • Size

    978KB

  • MD5

    846ed8c626ee996586ebdd090a3b4bbb

  • SHA1

    5c44f8d14582849e61d6383d0bafcd157a7d4382

  • SHA256

    57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e

  • SHA512

    94a57f410f46aafe22e658e70dc8c062308d652f3e1e2e8a90106fda8280b8df0b5a5f04782fd49edefa3dbeffa102f175cb15cdd4149bb4b1bf20c3d998a57f

  • SSDEEP

    24576:OlY9HsymIbmJO6eSzKnlV6cbsRG6ELOGf3:O+MyyGSGlVFDh3v

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 18 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 36 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 44 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe
      "C:\Users\Admin\AppData\Local\Temp\\loader_ldir_259404624\loader.exe" --cp
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
        "C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe" --arf=1 --rfr=500999 --ga-tid=UA-122680070-1 --ga-cid= --usagestats=1 --ext_params=old_mr1lad=5e7122ed298b202b-2985447_2013043_02.500999-2985447_2013043_02.500999-2985447_2013043_02.500999 --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats "--ntp-settings={\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last --enable-features=TabSeparators,AutoSync
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1972
        • C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\CHROME.PACKED.7Z" --arf=1 --rfr=500999 --ga-tid=UA-122680070-1 --ga-cid= --usagestats=1 --ext_params=old_mr1lad=5e7122ed298b202b-2985447_2013043_02.500999-2985447_2013043_02.500999-2985447_2013043_02.500999 --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats "--ntp-settings={\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last --enable-features=TabSeparators,AutoSync
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1692
          • C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
            C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad" --url=https://browser.mail.ru/cr/report --annotation=ProductName=Atom --annotation=Version=12.0.0.26 --annotation=bid={4BF79364-4359-47CC-8A7C-75BD5D3290C9} --annotation=plat=Win32 --annotation=prod=Atom --annotation=ver=12.0.0.26 --initial-client-data=0x188,0x18c,0x190,0x15c,0x194,0x14db2f8,0x14db308,0x14db314
            5⤵
            • Executes dropped EXE
            PID:1956
          • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
            "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --installer-launcher --enable-features=TabSeparators,AutoSync --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats --ntp-settings="{\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks system information in the registry
            • Enumerates system info in registry
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:1544
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data" --url=https://browser.mail.ru/cr/report --annotation=ProductName=Atom --annotation=Version=12.0.0.26 --annotation=bid={4BF79364-4359-47CC-8A7C-75BD5D3290C9} --annotation=plat=Win32 --annotation=prod=Atom --annotation=ver=12.0.0.26 --initial-client-data=0xdc,0xe0,0xe4,0xb0,0xe8,0x717b0768,0x717b0778,0x717b0784
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1384
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1204 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              PID:2604
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=gpu-process --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1248 /prefetch:2
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1564
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2524
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:844
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2276
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1772
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1788 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1652
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2732
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:272
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2640
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1000
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2484
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2788
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2328
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2804
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1500
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2600
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1268
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1736
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=gpu-process --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1328 /prefetch:2
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1636
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3468
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3668
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3808
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              PID:3596
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:3512
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:912
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:2332
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:3480
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:3468
            • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
              "C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 /prefetch:8
              6⤵
              • Executes dropped EXE
              PID:3512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mail.Ru\Id

    Filesize

    38B

    MD5

    8e01398b6d6c4fa04b253625b1c3ccb4

    SHA1

    46a64114fca5bfbedfdf93c8b677bc30a18fcb56

    SHA256

    9bc2d1b551d9801ecef29cb90835047fba568849b736be9194c01c2e84ff48e1

    SHA512

    d859fa314868fbf858c441f00e58b9bb1b2f0f7f0e071e0ee9afce5556e12d78fb32cd0e7cd0f1a82d57947066d053a3318ed64c57912d8157137cffb6b7d3d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad\settings.dat

    Filesize

    40B

    MD5

    d5e81d5b6ca4ffced8a4a3bd6a8818b7

    SHA1

    9546aae69b43bbf79533cf849ed775d2fdab88f3

    SHA256

    c36da92aea19168aa88376f82f518cf84d55a15e23368c3b268cb0ad976af2a9

    SHA512

    fd93991340668a9ba31e836091512e1eeb3093fe0f55b5b1c30df52d3b8aa18348602a37e58c2c021fab0dc18bddf163ffe3d4aaed433f2c9d3b47ad24c1dc51

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\20911c55-1905-4648-b508-dd54ff492ffd.tmp

    Filesize

    195KB

    MD5

    e114e0b8a821eb2d6c8825be1299275f

    SHA1

    d3d7e34fc62565ef1c7ed2eb1fab2e106194b0ca

    SHA256

    5f232a28f2d7ada53a622c84ac72272d1bc02c1252181ff75631d591752d3d93

    SHA512

    f14c610f768e52e43ab8041f224f4ae60285697e88e1ec6e09559e51f48fe9b9024f3a4821ac17b02685d3c5ec49863fd86a25af97f6365588d2ba2a31fb9ab8

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\261400db-7db9-4c2d-aad9-dfd75eaa3491.tmp

    Filesize

    59KB

    MD5

    94e20ccb900e9094dadb43676e0559dd

    SHA1

    84ad9b776f77634e899f3c8102660f3dfbc70343

    SHA256

    79cc28b6be4f79aeef275c8f4917d95c71daa73e8193ac4f34a2e25a872f9ed8

    SHA512

    f5ac42ebc1c122e30f6852f603602c71cc787adafa16baee1576fb112d047b7068a5549127d2071b1458141f6d92ac3492bd97ddf3e5b0d41e7b660f70579185

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Code Cache\js\index-dir\the-real-index

    Filesize

    48B

    MD5

    66488c2a5caeec6d1204c68218eee08f

    SHA1

    d7daf47f7a6c57fb8a8276ab623ca709061264c7

    SHA256

    bc9a893e9a5933fc489233bb2ff15d017b58b96c12c4434727202bbd795325fb

    SHA512

    4751e57c43a153db2bf35c8e02ffe4eecb891ccf8e6db2ef953b9662b2cec9b80da2c24695e07097e1e228a6bbf379f5f9c357b46a20744624762768c405c58b

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Extension State\MANIFEST-000001

    Filesize

    41B

    MD5

    5af87dfd673ba2115e2fcf5cfdb727ab

    SHA1

    d5b5bbf396dc291274584ef71f444f420b6056f1

    SHA256

    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

    SHA512

    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Network Persistent State

    Filesize

    59B

    MD5

    2800881c775077e1c4b6e06bf4676de4

    SHA1

    2873631068c8b3b9495638c865915be822442c8b

    SHA256

    226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

    SHA512

    e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Preferences

    Filesize

    7KB

    MD5

    33225118a143b0b9ffe4155934bc4062

    SHA1

    40c249c62b6de28050565b58288f70c6050899ed

    SHA256

    43c66820b1e782790100b6edc39f725748199bd54802799e24e506c5d39710a1

    SHA512

    19619fddf90e91c84ecdf7142a7ca7b8cc6d1537878c1ceb190ebe32614435632497b5c1d7472e29a2033fb74fd9d252ce083ccd72301e69dfdb62d7118d873f

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Site Characteristics Database\CURRENT

    Filesize

    16B

    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Cache\data_1

    Filesize

    264KB

    MD5

    d0d388f3865d0523e451d6ba0be34cc4

    SHA1

    8571c6a52aacc2747c048e3419e5657b74612995

    SHA256

    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

    SHA512

    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\cccc3268-053b-4333-9959-5a8866dfff06.tmp

    Filesize

    6KB

    MD5

    e49350eb5fb63d83bf7e550e3223f3c0

    SHA1

    69c877cd4067392a09ca2700fb488cf87ec3f792

    SHA256

    f8de166525568f11556173f71cb4c135e7010a0242e5339ceefffe692fc0ac36

    SHA512

    409f6bf0ab3d988ea2052bf1795d8a1862fc700f2ea834cbb37ea13bcfb9c8cc946c623ab3e191a1101afeb67acf00e140514691afe8b1588e9cd191e8c454f1

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Local State

    Filesize

    3KB

    MD5

    3d421da5d6d8febcf18fbcef05ada53d

    SHA1

    51b96a46743ceb1ff5ebd97e4d7b02c502452e25

    SHA256

    b24ba3b47218c0736838203368aa2979016cf5be022605dcec9bb30854c8e062

    SHA512

    fef827c7092601af71e927aa45c908ba00d70773c9d9be8385ed791539912a57c9b99213e6f26351fc38180b5cfbed898ea70e5e8f31140234894a0d5feb05f1

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Local State

    Filesize

    3KB

    MD5

    cd7ac007ffb88aa707f278aef1549995

    SHA1

    08adda00bf5cd2367fd0cc5f566d6eec05fcfa89

    SHA256

    41f6398ac167bb34b772e272f5a73a90256396105b5731bd74fe59893c2f0d80

    SHA512

    8dd57f7186ada88aa36e53f540f9792241c918427fb3966b22fe88d48ec36ab42b78fe816c5b69536cc8779b409124eb46252e9ca03a301805805b8d4e3baa31

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Module Info Cache

    Filesize

    70KB

    MD5

    8ae1f1a991e3448af3bc6c7f7716f7b4

    SHA1

    18dca707757239cd6d65199738a9ae9bab0d31ad

    SHA256

    1b1531b4c906df201b33d3086af7a34426e8b2846ed118af09840a81cdcfaae8

    SHA512

    c3db2f3c41b0c8ce1954043dbee9fce55c11917094d2231096b9a49fe78e687e9b0dc06209df0cf2ff1df7c79ecacd95e5eefd3d98c1870adabea6993d27bfed

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_0

    Filesize

    8KB

    MD5

    cf89d16bb9107c631daabf0c0ee58efb

    SHA1

    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

    SHA256

    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

    SHA512

    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_2

    Filesize

    8KB

    MD5

    0962291d6d367570bee5454721c17e11

    SHA1

    59d10a893ef321a706a9255176761366115bedcb

    SHA256

    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

    SHA512

    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

  • C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_3

    Filesize

    8KB

    MD5

    41876349cb12d6db992f1309f22df3f0

    SHA1

    5cf26b3420fc0302cd0a71e8d029739b8765be27

    SHA256

    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

    SHA512

    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

  • C:\Users\Admin\AppData\Local\Temp\Cab50FD.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar527B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\Desktop\Atom.lnk

    Filesize

    2KB

    MD5

    c2ac928ef869a791d38a3b540563d82e

    SHA1

    2d89d20f281d3520cc27509c17eb45fef31d2578

    SHA256

    a09eeb357f353a6183b1f426e59712521fe101ae2f9383db98aec91064fba7ee

    SHA512

    261cd131f0e328df278c34e9999ad262195ca703c428800b3c4ead847b8ab1b7c30f9bcfc484f3e058d0370e83babaa8cff968f764f52911bb75f7277c7599f5

  • \Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\chrome_elf.dll

    Filesize

    917KB

    MD5

    b9f38b3219b06729b73a207ef3cb1e4b

    SHA1

    edb74a6e6653efd7583a99fa87ed5187ffc729b7

    SHA256

    4506aa8ee25bf9da429ffb08a484137f5f0f25e80f96c46b8fccefd7abe2c3ef

    SHA512

    17ea65513f9a15ad3a00eea2c007ffe904f6387f74599c1cde1933fcda5af3e151e9edc2c113f5b3052478b4880892822c89894510dfa9669a964e776b154f70

  • \Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\libEGL.dll

    Filesize

    345KB

    MD5

    33bcd65c28295b2394e58188aeed3158

    SHA1

    91bed8ee928ac847e9f4001770545445388ea1f2

    SHA256

    b7ee65a5c4af904d5fadf161ed9cbdc1fd8971047d4f23102525ae7914d88b65

    SHA512

    8675ece3f0a258b13baece86d18c8d0dd5b130a39b4ab980e13d6ac77f135e312c4c9431e9460439854e61ae9b9a8cd0954c337f5dc46ec3b5c1fe4069bd823d

  • \Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\libGLESv2.dll

    Filesize

    6.6MB

    MD5

    9e54e458ff38f0f228b7ea58701c8172

    SHA1

    825539c7d7e8e99e008afc177f179dc120525c48

    SHA256

    aef0540fd7ee80d471d80708528913cd20a38d2c88a7d960e478224617992b22

    SHA512

    9ac067531af2e355d0eaeb411dcb53e704e3f9fbaa42a93ec51a3c8c4f4cf4ffa9d688b99f26d29ea5972d35cba1c6a5746ccaea2d3c350f4a33e25065961e2d

  • \Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

    Filesize

    2.0MB

    MD5

    7038258300148103e5ee34b6841e32c2

    SHA1

    a1b8f1d64d5f4cdfcb3bf4a12dba908a8b77f6df

    SHA256

    a684a34cc24d66ad5a913ac5b86487d2dcc910e2feeb715bae653350d57765c0

    SHA512

    49eb575e31cbf7d496ef770b52d4806ba92036db9e27ac99d04c57b790c5a621a315cc5fedb04749d02200c8336346dc7435e67303d983b21b476c5fd7440aa9

  • \Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe

    Filesize

    978KB

    MD5

    846ed8c626ee996586ebdd090a3b4bbb

    SHA1

    5c44f8d14582849e61d6383d0bafcd157a7d4382

    SHA256

    57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e

    SHA512

    94a57f410f46aafe22e658e70dc8c062308d652f3e1e2e8a90106fda8280b8df0b5a5f04782fd49edefa3dbeffa102f175cb15cdd4149bb4b1bf20c3d998a57f

  • \Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe

    Filesize

    2.8MB

    MD5

    27e7cde8d4f3a152d7b0cba18d4df622

    SHA1

    6e29fc9005ba9bba31694f7e5e9b5f77c1c4cdad

    SHA256

    63ca657168bcb69d0d69ebe76ed312e6ac15b63d5cf14527f01fe33ddee7859b

    SHA512

    d258702557cb43650d88f54ca7cee25b826676e68d64bb1ca03752e072edab0badf51f6aee386aded546336a2b52d3f971925d95d5b8d035cc1cab235f3f146d

  • memory/1564-149-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

    Filesize

    4KB

  • memory/2056-31-0x00000000000B0000-0x00000000000B1000-memory.dmp

    Filesize

    4KB

  • memory/2056-7-0x00000000000B0000-0x00000000000B1000-memory.dmp

    Filesize

    4KB