Malware Analysis Report

2025-04-14 00:39

Sample ID 240530-rkeq7abc6y
Target 846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118
SHA256 57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e

Threat Level: Likely malicious

The file 846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Registers COM server for autorun

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks system information in the registry

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 14:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 14:14

Reported

2024-05-30 14:17

Platform

win7-20240508-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\12.0.0.26\\notification_helper.exe\"" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\12.0.0.26\\notification_helper.exe" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159} C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\12.0.0.26\\notification_helper.exe\"" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application\ApplicationName = "Atom" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\shell C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\shell\open\command C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application\ApplicationCompany = "Mail.Ru Group" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application\AppUserModelId = "Atom.STWQV3M7MXGZP5IVNOLQBD3KSU" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\12.0.0.26\\notification_helper.exe" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\DefaultIcon C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\ = "Atom HTML Document" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\atom.exe,0" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\shell\open C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\atom.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AtomHTML.STWQV3M7MXGZP5IVNOLQBD3KSU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Mail.Ru\\Atom\\Application\\atom.exe,0" C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe
PID 2040 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe
PID 2040 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe
PID 2040 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 2056 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1972 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe
PID 1692 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1692 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1692 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1692 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe
PID 1544 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

Processes

C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe

"C:\Users\Admin\AppData\Local\Temp\\loader_ldir_259404624\loader.exe" --cp

C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe

"C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\loader.exe" --arf=1 --rfr=500999 --ga-tid=UA-122680070-1 --ga-cid= --usagestats=1 --ext_params=old_mr1lad=5e7122ed298b202b-2985447_2013043_02.500999-2985447_2013043_02.500999-2985447_2013043_02.500999 --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats "--ntp-settings={\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last --enable-features=TabSeparators,AutoSync

C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\CHROME.PACKED.7Z" --arf=1 --rfr=500999 --ga-tid=UA-122680070-1 --ga-cid= --usagestats=1 --ext_params=old_mr1lad=5e7122ed298b202b-2985447_2013043_02.500999-2985447_2013043_02.500999-2985447_2013043_02.500999 --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats "--ntp-settings={\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last --enable-features=TabSeparators,AutoSync

C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad" --url=https://browser.mail.ru/cr/report --annotation=ProductName=Atom --annotation=Version=12.0.0.26 --annotation=bid={4BF79364-4359-47CC-8A7C-75BD5D3290C9} --annotation=plat=Win32 --annotation=prod=Atom --annotation=ver=12.0.0.26 --initial-client-data=0x188,0x18c,0x190,0x15c,0x194,0x14db2f8,0x14db308,0x14db314

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --installer-launcher --enable-features=TabSeparators,AutoSync --onboarding-pages=import,devices,vk,shortcuts,backgrounds,ntp_settings,security,stats --ntp-settings="{\"feedEnable\": true, \"searchEnable\": true, \"historyEnable\": true, \"noteEnable\": true, \"widgetMailEnable\": true, \"widgetOkEnable\": true, \"widgetVkEnable\": false, \"widgetCrownEnable\": false, \"gamePanelEnable\": false}" --rmt-onboarding=https://browserdata.cdnmail.ru/atom_welcome_page/v7/page-2-base/ --force-restore-on-startup-last

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data" --url=https://browser.mail.ru/cr/report --annotation=ProductName=Atom --annotation=Version=12.0.0.26 --annotation=bid={4BF79364-4359-47CC-8A7C-75BD5D3290C9} --annotation=plat=Win32 --annotation=prod=Atom --annotation=ver=12.0.0.26 --initial-client-data=0xdc,0xe0,0xe4,0xb0,0xe8,0x717b0768,0x717b0778,0x717b0784

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1204 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=gpu-process --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1248 /prefetch:2

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1788 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=gpu-process --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1328 /prefetch:2

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=renderer --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 /prefetch:8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

"C:\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1184,4204090284767333846,16269357731868704570,131072 --enable-features=AutoSync,Marusya,MyAdBlocker,TabSeparators,ToolPanel,VkMusic,VkNotify,WhatsApp --disable-features=Channel,Dashboard,FeaturePromotion,LocationBarPIP,MySearchContext,TaskbarCounter --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 mrds.mail.ru udp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.8.8:53 browser.cdnmail.ru udp
RU 95.163.50.150:80 mrds.mail.ru tcp
RU 5.181.61.0:443 browser.cdnmail.ru tcp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.8.8:53 bs.browser.mail.ru udp
RU 5.61.236.211:443 bs.browser.mail.ru tcp
US 8.8.8.8:53 bs.browser.mail.ru udp
US 8.8.8.8:53 data.browser.mail.ru udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
US 8.8.8.8:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
RU 5.61.236.211:443 data.browser.mail.ru tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 ad.mail.ru udp
US 8.8.8.8:53 vc.go.mail.ru udp
US 8.8.8.8:53 service.browser.mail.ru udp
US 8.8.8.8:53 stat.browser.mail.ru udp
RU 95.163.52.232:443 vc.go.mail.ru tcp
RU 5.61.236.211:443 service.browser.mail.ru tcp
RU 217.69.136.245:443 stat.browser.mail.ru tcp
RU 217.69.136.245:443 stat.browser.mail.ru tcp
RU 5.61.236.211:443 service.browser.mail.ru tcp
RU 95.163.41.56:443 ad.mail.ru tcp
RU 95.163.41.56:443 ad.mail.ru tcp
US 8.8.8.8:53 mail.ru udp
US 8.8.8.8:53 data-ntp.browser.mail.ru udp
US 8.8.8.8:53 vk.com udp
RU 94.100.180.201:443 mail.ru tcp
RU 87.240.132.78:443 vk.com tcp
RU 5.61.236.211:443 data-ntp.browser.mail.ru tcp
RU 5.61.236.211:443 data-ntp.browser.mail.ru tcp
US 8.8.8.8:53 go3.imgsmail.ru udp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 recostream.go.mail.ru udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
RU 5.61.236.241:443 recostream.go.mail.ru tcp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 95.163.52.80:443 r.mradx.net tcp
US 8.8.4.4:443 dns.google udp
RU 87.240.132.72:443 vk.com tcp
GB 142.250.200.46:443 tcp
GB 163.70.151.35:443 tcp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
RU 5.61.236.210:443 go3.imgsmail.ru tcp
RU 5.61.236.243:443 tcp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.54.50:443 tcp
RU 178.154.131.215:443 tcp
RU 178.154.131.215:443 tcp
RU 87.250.247.181:443 tcp
RU 93.158.134.119:443 tcp
RU 77.88.21.179:443 tcp
RU 178.154.131.215:443 tcp
RU 178.154.131.215:443 tcp
RU 178.154.131.215:443 tcp
RU 178.154.131.215:443 tcp
RU 178.154.131.215:443 tcp
RU 5.61.236.241:443 recostream.go.mail.ru tcp
RU 95.163.41.50:443 tcp
RU 95.163.41.50:443 tcp
RU 95.163.41.50:443 tcp
RU 95.163.41.50:443 tcp
RU 95.163.41.50:443 tcp
RU 95.163.41.50:443 tcp
RU 93.158.134.119:443 tcp
RU 87.250.250.90:443 tcp
RU 77.88.44.66:443 yandex.ru tcp
RU 87.250.250.90:443 tcp
RU 77.88.21.119:443 tcp
GB 172.217.169.3:443 tcp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.4.4:443 dns.google udp
GB 216.58.204.67:443 tcp
RU 217.69.139.253:443 tcp

Files

\Users\Admin\AppData\Local\Temp\loader_ldir_259404624\loader.exe

MD5 846ed8c626ee996586ebdd090a3b4bbb
SHA1 5c44f8d14582849e61d6383d0bafcd157a7d4382
SHA256 57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e
SHA512 94a57f410f46aafe22e658e70dc8c062308d652f3e1e2e8a90106fda8280b8df0b5a5f04782fd49edefa3dbeffa102f175cb15cdd4149bb4b1bf20c3d998a57f

memory/2056-7-0x00000000000B0000-0x00000000000B1000-memory.dmp

memory/2056-31-0x00000000000B0000-0x00000000000B1000-memory.dmp

\Users\Admin\AppData\Local\Temp\mini_loader_scoped_dir_1717078493\CR_903A1.tmp\setup.exe

MD5 27e7cde8d4f3a152d7b0cba18d4df622
SHA1 6e29fc9005ba9bba31694f7e5e9b5f77c1c4cdad
SHA256 63ca657168bcb69d0d69ebe76ed312e6ac15b63d5cf14527f01fe33ddee7859b
SHA512 d258702557cb43650d88f54ca7cee25b826676e68d64bb1ca03752e072edab0badf51f6aee386aded546336a2b52d3f971925d95d5b8d035cc1cab235f3f146d

C:\ProgramData\Mail.Ru\Id

MD5 8e01398b6d6c4fa04b253625b1c3ccb4
SHA1 46a64114fca5bfbedfdf93c8b677bc30a18fcb56
SHA256 9bc2d1b551d9801ecef29cb90835047fba568849b736be9194c01c2e84ff48e1
SHA512 d859fa314868fbf858c441f00e58b9bb1b2f0f7f0e071e0ee9afce5556e12d78fb32cd0e7cd0f1a82d57947066d053a3318ed64c57912d8157137cffb6b7d3d4

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Crashpad\settings.dat

MD5 d5e81d5b6ca4ffced8a4a3bd6a8818b7
SHA1 9546aae69b43bbf79533cf849ed775d2fdab88f3
SHA256 c36da92aea19168aa88376f82f518cf84d55a15e23368c3b268cb0ad976af2a9
SHA512 fd93991340668a9ba31e836091512e1eeb3093fe0f55b5b1c30df52d3b8aa18348602a37e58c2c021fab0dc18bddf163ffe3d4aaed433f2c9d3b47ad24c1dc51

\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\atom.exe

MD5 7038258300148103e5ee34b6841e32c2
SHA1 a1b8f1d64d5f4cdfcb3bf4a12dba908a8b77f6df
SHA256 a684a34cc24d66ad5a913ac5b86487d2dcc910e2feeb715bae653350d57765c0
SHA512 49eb575e31cbf7d496ef770b52d4806ba92036db9e27ac99d04c57b790c5a621a315cc5fedb04749d02200c8336346dc7435e67303d983b21b476c5fd7440aa9

C:\Users\Admin\Desktop\Atom.lnk

MD5 c2ac928ef869a791d38a3b540563d82e
SHA1 2d89d20f281d3520cc27509c17eb45fef31d2578
SHA256 a09eeb357f353a6183b1f426e59712521fe101ae2f9383db98aec91064fba7ee
SHA512 261cd131f0e328df278c34e9999ad262195ca703c428800b3c4ead847b8ab1b7c30f9bcfc484f3e058d0370e83babaa8cff968f764f52911bb75f7277c7599f5

\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\chrome_elf.dll

MD5 b9f38b3219b06729b73a207ef3cb1e4b
SHA1 edb74a6e6653efd7583a99fa87ed5187ffc729b7
SHA256 4506aa8ee25bf9da429ffb08a484137f5f0f25e80f96c46b8fccefd7abe2c3ef
SHA512 17ea65513f9a15ad3a00eea2c007ffe904f6387f74599c1cde1933fcda5af3e151e9edc2c113f5b3052478b4880892822c89894510dfa9669a964e776b154f70

memory/1564-149-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

\??\pipe\crashpad_1544_PMXLIKFQVDZXZWOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\libEGL.dll

MD5 33bcd65c28295b2394e58188aeed3158
SHA1 91bed8ee928ac847e9f4001770545445388ea1f2
SHA256 b7ee65a5c4af904d5fadf161ed9cbdc1fd8971047d4f23102525ae7914d88b65
SHA512 8675ece3f0a258b13baece86d18c8d0dd5b130a39b4ab980e13d6ac77f135e312c4c9431e9460439854e61ae9b9a8cd0954c337f5dc46ec3b5c1fe4069bd823d

\Users\Admin\AppData\Local\Mail.Ru\Atom\Application\12.0.0.26\libGLESv2.dll

MD5 9e54e458ff38f0f228b7ea58701c8172
SHA1 825539c7d7e8e99e008afc177f179dc120525c48
SHA256 aef0540fd7ee80d471d80708528913cd20a38d2c88a7d960e478224617992b22
SHA512 9ac067531af2e355d0eaeb411dcb53e704e3f9fbaa42a93ec51a3c8c4f4cf4ffa9d688b99f26d29ea5972d35cba1c6a5746ccaea2d3c350f4a33e25065961e2d

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\20911c55-1905-4648-b508-dd54ff492ffd.tmp

MD5 e114e0b8a821eb2d6c8825be1299275f
SHA1 d3d7e34fc62565ef1c7ed2eb1fab2e106194b0ca
SHA256 5f232a28f2d7ada53a622c84ac72272d1bc02c1252181ff75631d591752d3d93
SHA512 f14c610f768e52e43ab8041f224f4ae60285697e88e1ec6e09559e51f48fe9b9024f3a4821ac17b02685d3c5ec49863fd86a25af97f6365588d2ba2a31fb9ab8

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\cccc3268-053b-4333-9959-5a8866dfff06.tmp

MD5 e49350eb5fb63d83bf7e550e3223f3c0
SHA1 69c877cd4067392a09ca2700fb488cf87ec3f792
SHA256 f8de166525568f11556173f71cb4c135e7010a0242e5339ceefffe692fc0ac36
SHA512 409f6bf0ab3d988ea2052bf1795d8a1862fc700f2ea834cbb37ea13bcfb9c8cc946c623ab3e191a1101afeb67acf00e140514691afe8b1588e9cd191e8c454f1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\ShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Temp\Cab50FD.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar527B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Cache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 66488c2a5caeec6d1204c68218eee08f
SHA1 d7daf47f7a6c57fb8a8276ab623ca709061264c7
SHA256 bc9a893e9a5933fc489233bb2ff15d017b58b96c12c4434727202bbd795325fb
SHA512 4751e57c43a153db2bf35c8e02ffe4eecb891ccf8e6db2ef953b9662b2cec9b80da2c24695e07097e1e228a6bbf379f5f9c357b46a20744624762768c405c58b

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\261400db-7db9-4c2d-aad9-dfd75eaa3491.tmp

MD5 94e20ccb900e9094dadb43676e0559dd
SHA1 84ad9b776f77634e899f3c8102660f3dfbc70343
SHA256 79cc28b6be4f79aeef275c8f4917d95c71daa73e8193ac4f34a2e25a872f9ed8
SHA512 f5ac42ebc1c122e30f6852f603602c71cc787adafa16baee1576fb112d047b7068a5549127d2071b1458141f6d92ac3492bd97ddf3e5b0d41e7b660f70579185

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Local State

MD5 cd7ac007ffb88aa707f278aef1549995
SHA1 08adda00bf5cd2367fd0cc5f566d6eec05fcfa89
SHA256 41f6398ac167bb34b772e272f5a73a90256396105b5731bd74fe59893c2f0d80
SHA512 8dd57f7186ada88aa36e53f540f9792241c918427fb3966b22fe88d48ec36ab42b78fe816c5b69536cc8779b409124eb46252e9ca03a301805805b8d4e3baa31

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Local State

MD5 3d421da5d6d8febcf18fbcef05ada53d
SHA1 51b96a46743ceb1ff5ebd97e4d7b02c502452e25
SHA256 b24ba3b47218c0736838203368aa2979016cf5be022605dcec9bb30854c8e062
SHA512 fef827c7092601af71e927aa45c908ba00d70773c9d9be8385ed791539912a57c9b99213e6f26351fc38180b5cfbed898ea70e5e8f31140234894a0d5feb05f1

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Preferences

MD5 33225118a143b0b9ffe4155934bc4062
SHA1 40c249c62b6de28050565b58288f70c6050899ed
SHA256 43c66820b1e782790100b6edc39f725748199bd54802799e24e506c5d39710a1
SHA512 19619fddf90e91c84ecdf7142a7ca7b8cc6d1537878c1ceb190ebe32614435632497b5c1d7472e29a2033fb74fd9d252ce083ccd72301e69dfdb62d7118d873f

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Module Info Cache

MD5 8ae1f1a991e3448af3bc6c7f7716f7b4
SHA1 18dca707757239cd6d65199738a9ae9bab0d31ad
SHA256 1b1531b4c906df201b33d3086af7a34426e8b2846ed118af09840a81cdcfaae8
SHA512 c3db2f3c41b0c8ce1954043dbee9fce55c11917094d2231096b9a49fe78e687e9b0dc06209df0cf2ff1df7c79ecacd95e5eefd3d98c1870adabea6993d27bfed

C:\Users\Admin\AppData\Local\Mail.Ru\Atom\User Data\Default\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 14:14

Reported

2024-05-30 14:17

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\846ed8c626ee996586ebdd090a3b4bbb_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\loader_ldir_240598906\loader.exe

"C:\Users\Admin\AppData\Local\Temp\\loader_ldir_240598906\loader.exe" --cp

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 mrds.mail.ru udp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 150.50.163.95.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.179:443 www.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 179.83.221.88.in-addr.arpa udp
BE 88.221.83.179:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\loader_ldir_240598906\loader.exe

MD5 846ed8c626ee996586ebdd090a3b4bbb
SHA1 5c44f8d14582849e61d6383d0bafcd157a7d4382
SHA256 57eb4ed10c1eee0b3b58bd99e1eb753f0ee431d3d60db74a15fdf69255c8f87e
SHA512 94a57f410f46aafe22e658e70dc8c062308d652f3e1e2e8a90106fda8280b8df0b5a5f04782fd49edefa3dbeffa102f175cb15cdd4149bb4b1bf20c3d998a57f