Overview

overview

10

Static

static

setup_x86_...0).exe

windows7_x64

setup_x86_...0).exe

windows10_x64

setup_x86_...1).exe

windows7_x64

setup_x86_...1).exe

windows10_x64

setup_x86_...2).exe

windows7_x64

setup_x86_...2).exe

windows10_x64

setup_x86_...3).exe

windows7_x64

setup_x86_...3).exe

windows10_x64

setup_x86_...4).exe

windows7_x64

setup_x86_...4).exe

windows10_x64

setup_x86_...5).exe

windows7_x64

setup_x86_...5).exe

windows10_x64

setup_x86_...6).exe

windows7_x64

setup_x86_...6).exe

windows10_x64

setup_x86_...7).exe

windows7_x64

setup_x86_...7).exe

windows10_x64

setup_x86_...8).exe

windows7_x64

setup_x86_...8).exe

windows10_x64

setup_x86_...9).exe

windows7_x64

10

setup_x86_...9).exe

windows10_x64

setup_x86_...2).exe

windows7_x64

setup_x86_...2).exe

windows10_x64

10

setup_x86_...0).exe

windows7_x64

setup_x86_...0).exe

windows10_x64

10

setup_x86_...1).exe

windows7_x64

setup_x86_...1).exe

windows10_x64

10

setup_x86_...2).exe

windows7_x64

setup_x86_...2).exe

windows10_x64

setup_x86_...3).exe

windows7_x64

setup_x86_...3).exe

windows10_x64

10

setup_x86_...3).exe

windows7_x64

setup_x86_...3).exe

windows10_x64

10

Resubmissions

11-07-2024 05:43

240711-gej4lstgrf 10

06-09-2021 14:13

210906-rjpvrsedbm 10

08-07-2021 11:08

210708-4gztl3mwl6 10

08-07-2021 08:02

210708-klfb4qeda6 10

07-07-2021 09:39

210707-nem57xyvf2 10

06-07-2021 17:51

210706-7pcrmjy3fa 10

06-07-2021 13:45

210706-eybelwcq86 10

Analysis

  • max time kernel
    19s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    02-07-2021 07:35

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Remote task has failed: Machine shutdown
Report Analysis Logs

General

  • Target

    setup_x86_x64_install - копия (14).exe

  • Size

    3.2MB

  • MD5

    3ae1c212119919e5fce71247286f8e0e

  • SHA1

    97c1890ab73c539056f95eafede319df774e9d38

  • SHA256

    30c2f230e5401b4b1ea8fb425dadf4e453575884303b9fa2066e6a91859f016e

  • SHA512

    5bb28a775c10b8b68b8c448d64287ca732d0af5577ecc4348a89934358440bb4ff6958115f14ecbabb0446d234d6f621afa3419daa4aec6c03c0af9b6a3b1558

Score
10/10
redlinesmokeloadervidar02_07_rproliv_02.06.2021servaniaspackv2backdoorevasioninfostealerstealerthemidatrojanupx

Malware Config

Extracted

Family

redline

Botnet

ServAni

C2

87.251.71.195:82

Extracted

Family

smokeloader

Version

2020

C2

http://ppcspb.com/upload/

http://mebbing.com/upload/

http://twcamel.com/upload/

http://howdycash.com/upload/

http://lahuertasonora.com/upload/

http://kpotiques.com/upload/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

PROLIV_02.06.2021

C2

45.144.29.182:19066

Extracted

Family

redline

Botnet

02_07_r

C2

rdanoriran.xyz:80

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 9 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 6 IoCs
    stealer
  • ASPack v2.12-2.42 14 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Downloads MZ/PE file
  • Executes dropped EXE 8 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 39 IoCs
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Kills process with taskkill 2 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (14).exe
    "C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (14).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1280
      • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\setup_install.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS005981C4\setup_install.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1400
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c arnatic_1.exe
          4⤵
          • Loads dropped DLL
          PID:1628
          • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_1.exe
            arnatic_1.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:932
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 1000
              6⤵
              • Program crash
              PID:2340
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c arnatic_7.exe
          4⤵
          • Loads dropped DLL
          PID:1868
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c arnatic_6.exe
          4⤵
          • Loads dropped DLL
          PID:912
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c arnatic_5.exe
          4⤵
            PID:536
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c arnatic_4.exe
            4⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1040
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c arnatic_3.exe
            4⤵
              PID:368
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c arnatic_2.exe
              4⤵
              • Loads dropped DLL
              PID:1656
      • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_6.exe
        arnatic_6.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1528
        • C:\Users\Admin\Documents\Cj5qeu1THNpqgFAr23_EkiGK.exe
          "C:\Users\Admin\Documents\Cj5qeu1THNpqgFAr23_EkiGK.exe"
          2⤵
            PID:968
          • C:\Users\Admin\Documents\iaT3YcMOdhc1c90bMYO4uTaV.exe
            "C:\Users\Admin\Documents\iaT3YcMOdhc1c90bMYO4uTaV.exe"
            2⤵
              PID:1964
              • C:\Users\Admin\Documents\iaT3YcMOdhc1c90bMYO4uTaV.exe
                C:\Users\Admin\Documents\iaT3YcMOdhc1c90bMYO4uTaV.exe
                3⤵
                  PID:2424
              • C:\Users\Admin\Documents\Rk8Lfa_3rANyCXctXedSqH9N.exe
                "C:\Users\Admin\Documents\Rk8Lfa_3rANyCXctXedSqH9N.exe"
                2⤵
                  PID:1252
                • C:\Users\Admin\Documents\bYSBiSQJ9rK3CwQG6j2EkyC4.exe
                  "C:\Users\Admin\Documents\bYSBiSQJ9rK3CwQG6j2EkyC4.exe"
                  2⤵
                    PID:2056
                  • C:\Users\Admin\Documents\wf2VFXIpE3IrIofiAF69NIE9.exe
                    "C:\Users\Admin\Documents\wf2VFXIpE3IrIofiAF69NIE9.exe"
                    2⤵
                      PID:2064
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c taskkill /im wf2VFXIpE3IrIofiAF69NIE9.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\wf2VFXIpE3IrIofiAF69NIE9.exe" & del C:\ProgramData\*.dll & exit
                        3⤵
                          PID:3316
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /im wf2VFXIpE3IrIofiAF69NIE9.exe /f
                            4⤵
                            • Kills process with taskkill
                            PID:3364
                          • C:\Windows\SysWOW64\timeout.exe
                            timeout /t 6
                            4⤵
                            • Delays execution with timeout.exe
                            PID:3484
                      • C:\Users\Admin\Documents\Xt0Iojn2eBzvwuD69IzBkr_P.exe
                        "C:\Users\Admin\Documents\Xt0Iojn2eBzvwuD69IzBkr_P.exe"
                        2⤵
                          PID:1348
                        • C:\Users\Admin\Documents\eA0F6q5YMAjbFhcxNNiuKKxf.exe
                          "C:\Users\Admin\Documents\eA0F6q5YMAjbFhcxNNiuKKxf.exe"
                          2⤵
                            PID:820
                            • C:\Users\Admin\Documents\eA0F6q5YMAjbFhcxNNiuKKxf.exe
                              "{path}"
                              3⤵
                                PID:2208
                              • C:\Users\Admin\Documents\eA0F6q5YMAjbFhcxNNiuKKxf.exe
                                "{path}"
                                3⤵
                                  PID:2304
                              • C:\Users\Admin\Documents\cGPZMpw3NCM4_A0OtCnqLSM0.exe
                                "C:\Users\Admin\Documents\cGPZMpw3NCM4_A0OtCnqLSM0.exe"
                                2⤵
                                  PID:1344
                                  • C:\Users\Admin\Documents\cGPZMpw3NCM4_A0OtCnqLSM0.exe
                                    C:\Users\Admin\Documents\cGPZMpw3NCM4_A0OtCnqLSM0.exe
                                    3⤵
                                      PID:2408
                                  • C:\Users\Admin\Documents\y3y9XDAsw1PZAeh8nneLwKSV.exe
                                    "C:\Users\Admin\Documents\y3y9XDAsw1PZAeh8nneLwKSV.exe"
                                    2⤵
                                      PID:2116
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /c taskkill /im y3y9XDAsw1PZAeh8nneLwKSV.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\y3y9XDAsw1PZAeh8nneLwKSV.exe" & del C:\ProgramData\*.dll & exit
                                        3⤵
                                          PID:3536
                                          • C:\Windows\SysWOW64\taskkill.exe
                                            taskkill /im y3y9XDAsw1PZAeh8nneLwKSV.exe /f
                                            4⤵
                                            • Kills process with taskkill
                                            PID:3584
                                          • C:\Windows\SysWOW64\timeout.exe
                                            timeout /t 6
                                            4⤵
                                            • Delays execution with timeout.exe
                                            PID:3656
                                      • C:\Users\Admin\Documents\f_khdhxUZFtvxyw4GoAlxKB_.exe
                                        "C:\Users\Admin\Documents\f_khdhxUZFtvxyw4GoAlxKB_.exe"
                                        2⤵
                                          PID:2104
                                          • C:\Program Files (x86)\Company\NewProduct\file4.exe
                                            "C:\Program Files (x86)\Company\NewProduct\file4.exe"
                                            3⤵
                                              PID:3368
                                            • C:\Program Files (x86)\Company\NewProduct\jingzhang.exe
                                              "C:\Program Files (x86)\Company\NewProduct\jingzhang.exe"
                                              3⤵
                                                PID:3152
                                                • C:\Windows\SysWOW64\rUNdlL32.eXe
                                                  "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\install.dll",shl
                                                  4⤵
                                                    PID:2228
                                                • C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
                                                  "C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
                                                  3⤵
                                                    PID:2220
                                                  • C:\Program Files (x86)\Company\NewProduct\jooyu.exe
                                                    "C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
                                                    3⤵
                                                      PID:3372
                                                      • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                        4⤵
                                                          PID:2476
                                                    • C:\Users\Admin\Documents\zBJM5_iqyBaUbwg6UlHUr0bi.exe
                                                      "C:\Users\Admin\Documents\zBJM5_iqyBaUbwg6UlHUr0bi.exe"
                                                      2⤵
                                                        PID:2168
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --hold https://ezsearch.ru
                                                          3⤵
                                                            PID:2288
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:2
                                                              4⤵
                                                                PID:2572
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1540 /prefetch:8
                                                                4⤵
                                                                  PID:2660
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 /prefetch:8
                                                                  4⤵
                                                                    PID:2740
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
                                                                    4⤵
                                                                      PID:2928
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
                                                                      4⤵
                                                                        PID:2948
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
                                                                        4⤵
                                                                          PID:3048
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
                                                                          4⤵
                                                                            PID:2024
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
                                                                            4⤵
                                                                              PID:1984
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
                                                                              4⤵
                                                                                PID:2228
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
                                                                                4⤵
                                                                                  PID:3020
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2752 /prefetch:2
                                                                                  4⤵
                                                                                    PID:3236
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
                                                                                    4⤵
                                                                                      PID:3800
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 /prefetch:8
                                                                                      4⤵
                                                                                        PID:3892
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 /prefetch:8
                                                                                        4⤵
                                                                                          PID:3904
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2380 /prefetch:8
                                                                                          4⤵
                                                                                            PID:3916
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3288 /prefetch:8
                                                                                            4⤵
                                                                                              PID:4012
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4676 /prefetch:8
                                                                                              4⤵
                                                                                                PID:4052
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 /prefetch:8
                                                                                                4⤵
                                                                                                  PID:2924
                                                                                                • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
                                                                                                  4⤵
                                                                                                    PID:3292
                                                                                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fbaa890,0x13fbaa8a0,0x13fbaa8b0
                                                                                                      5⤵
                                                                                                        PID:2256
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:8
                                                                                                      4⤵
                                                                                                        PID:3252
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16283609539283265817,4234860506337105124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 /prefetch:8
                                                                                                        4⤵
                                                                                                          PID:4064
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_7.exe
                                                                                                    arnatic_7.exe
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    PID:848
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_7.exe
                                                                                                      C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_7.exe
                                                                                                      2⤵
                                                                                                        PID:1068
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_2.exe
                                                                                                      arnatic_2.exe
                                                                                                      1⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks SCSI registry key(s)
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:456
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\7zS005981C4\arnatic_4.exe
                                                                                                      arnatic_4.exe
                                                                                                      1⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:1544
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                        2⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        PID:868
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                        2⤵
                                                                                                          PID:1772
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6994f50,0x7fef6994f60,0x7fef6994f70
                                                                                                        1⤵
                                                                                                          PID:2352
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                          C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                          1⤵
                                                                                                            PID:2296
                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 292
                                                                                                            1⤵
                                                                                                            • Program crash
                                                                                                            PID:2248
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k SystemNetworkService
                                                                                                            1⤵
                                                                                                              PID:2860
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k SystemNetworkService
                                                                                                              1⤵
                                                                                                                PID:896
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\91B5.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\91B5.exe
                                                                                                                1⤵
                                                                                                                  PID:3684

                                                                                                                Network

                                                                                                                MITRE ATT&CK Enterprise v6

                                                                                                                Replay Monitor

                                                                                                                Loading Replay Monitor...

                                                                                                                Downloads

                                                                                                                • memory/456-168-0x0000000000400000-0x00000000008F4000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  5.0MB

                                                                                                                  Download

                                                                                                                • memory/456-167-0x0000000000240000-0x0000000000249000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  36KB

                                                                                                                  Download

                                                                                                                • memory/820-205-0x0000000001380000-0x0000000001381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/820-266-0x00000000053B0000-0x00000000053B1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/848-154-0x0000000000920000-0x0000000000921000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/860-288-0x00000000015F0000-0x0000000001660000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  448KB

                                                                                                                  Download

                                                                                                                • memory/860-286-0x0000000000A10000-0x0000000000A5B000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  300KB

                                                                                                                  Download

                                                                                                                • memory/896-296-0x0000000002B50000-0x0000000002C56000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.0MB

                                                                                                                  Download

                                                                                                                • memory/896-292-0x00000000004C0000-0x0000000000531000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  452KB

                                                                                                                  Download

                                                                                                                • memory/896-291-0x00000000000F0000-0x000000000013C000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  304KB

                                                                                                                  Download

                                                                                                                • memory/896-295-0x0000000000260000-0x000000000027B000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  108KB

                                                                                                                  Download

                                                                                                                • memory/932-179-0x00000000022E0000-0x000000000237D000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  628KB

                                                                                                                  Download

                                                                                                                • memory/932-180-0x0000000000400000-0x0000000000949000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  5.3MB

                                                                                                                  Download

                                                                                                                • memory/968-184-0x0000000000160000-0x0000000000161000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1068-169-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/1068-173-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/1068-176-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1200-175-0x0000000002B00000-0x0000000002B16000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  88KB

                                                                                                                  Download

                                                                                                                • memory/1252-257-0x0000000004F40000-0x0000000009332000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  67.9MB

                                                                                                                  Download

                                                                                                                • memory/1252-261-0x0000000000400000-0x00000000047F2000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  67.9MB

                                                                                                                  Download

                                                                                                                • memory/1344-214-0x00000000023E0000-0x00000000023E1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1344-209-0x0000000000250000-0x0000000000251000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1348-195-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1400-107-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  100KB

                                                                                                                  Download

                                                                                                                • memory/1400-90-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  152KB

                                                                                                                  Download

                                                                                                                • memory/1400-89-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.5MB

                                                                                                                  Download

                                                                                                                • memory/1400-115-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  572KB

                                                                                                                  Download

                                                                                                                • memory/1400-88-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  572KB

                                                                                                                  Download

                                                                                                                • memory/1400-125-0x0000000000400000-0x000000000051E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.1MB

                                                                                                                  Download

                                                                                                                • memory/1400-110-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  100KB

                                                                                                                  Download

                                                                                                                • memory/1400-116-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.5MB

                                                                                                                  Download

                                                                                                                • memory/1400-121-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  152KB

                                                                                                                  Download

                                                                                                                • memory/1400-112-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  100KB

                                                                                                                  Download

                                                                                                                • memory/1400-100-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  100KB

                                                                                                                  Download

                                                                                                                • memory/1400-91-0x0000000000400000-0x000000000051E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.1MB

                                                                                                                  Download

                                                                                                                • memory/1636-59-0x00000000766D1000-0x00000000766D3000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  8KB

                                                                                                                  Download

                                                                                                                • memory/1964-210-0x0000000001080000-0x0000000001081000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/1964-215-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2064-216-0x0000000004430000-0x0000000004494000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  400KB

                                                                                                                  Download

                                                                                                                • memory/2064-217-0x00000000045C0000-0x000000000465D000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  628KB

                                                                                                                  Download

                                                                                                                • memory/2064-218-0x0000000000400000-0x0000000004429000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  64.2MB

                                                                                                                  Download

                                                                                                                • memory/2116-241-0x0000000004430000-0x0000000004494000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  400KB

                                                                                                                  Download

                                                                                                                • memory/2116-243-0x0000000000400000-0x000000000442B000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  64.2MB

                                                                                                                  Download

                                                                                                                • memory/2116-242-0x0000000004920000-0x00000000049BD000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  628KB

                                                                                                                  Download

                                                                                                                • memory/2228-285-0x00000000020E0000-0x00000000021E1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.0MB

                                                                                                                  Download

                                                                                                                • memory/2228-287-0x0000000000760000-0x00000000007BC000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  368KB

                                                                                                                  Download

                                                                                                                • memory/2248-283-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2288-254-0x0000000002B40000-0x0000000002B41000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2288-255-0x00000000773A0000-0x00000000773A1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2304-284-0x00000000012A0000-0x00000000012A1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2340-256-0x0000000000510000-0x0000000000570000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  384KB

                                                                                                                  Download

                                                                                                                • memory/2408-232-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/2408-239-0x0000000004F70000-0x0000000004F71000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2408-225-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/2424-224-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/2424-231-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/2424-238-0x00000000050B0000-0x00000000050B1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2572-235-0x0000000077780000-0x0000000077781000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2860-290-0x0000000000230000-0x00000000002A0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  448KB

                                                                                                                  Download

                                                                                                                • memory/3368-281-0x00000000003F0000-0x0000000000400000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  64KB

                                                                                                                  Download

                                                                                                                • memory/3368-282-0x0000000000440000-0x0000000000452000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  72KB

                                                                                                                  Download

                                                                                                                • memory/3684-293-0x0000000000220000-0x000000000028B000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  428KB

                                                                                                                  Download

                                                                                                                • memory/3684-294-0x0000000000400000-0x0000000004420000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  64.1MB

                                                                                                                  Download