URL:

https://drp.su/en

Full analysis: https://app.any.run/tasks/e0ae837d-224a-416d-be8c-0361e80a68fb
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 21, 2020, 20:39:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
adware
loader
Indicators:
MD5:

CBFD8C60BF77D1488BEE9CF40A4E6648

SHA1:

D3222CE06647A25B7B4E481166AA577A4155861A

SHA256:

0B4D4E7D02450B3018E5AD2719B69B4CF9E97FF4DC2AA6387E8177A43DD587E3

SSDEEP:

3:N8PVLWW:2tL/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 2012)
      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • driverpack-wget.exe (PID: 3560)
      • driverpack-wget.exe (PID: 3488)
      • driverpack-wget.exe (PID: 3968)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 2560)
      • driverpack-wget.exe (PID: 3364)
      • driverpack-wget.exe (PID: 2380)
      • driverpack-wget.exe (PID: 2480)
      • driverpack-wget.exe (PID: 3032)
      • driverpack-wget.exe (PID: 3044)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-wget.exe (PID: 2500)
      • driverpack-wget.exe (PID: 2432)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 1860)
      • driverpack-wget.exe (PID: 944)
      • driverpack-wget.exe (PID: 2856)
      • driverpack-wget.exe (PID: 2680)
      • driverpack-wget.exe (PID: 820)
      • driverpack-wget.exe (PID: 1632)
      • driverpack-wget.exe (PID: 3468)
      • driverpack-wget.exe (PID: 2160)
      • driverpack-wget.exe (PID: 2808)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 2184)
      • driverpack-wget.exe (PID: 3500)
      • driverpack-wget.exe (PID: 580)
      • driverpack-wget.exe (PID: 2552)
      • driverpack-wget.exe (PID: 3736)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 3980)
      • driverpack-wget.exe (PID: 2916)
      • driverpack-wget.exe (PID: 1520)
      • driverpack-wget.exe (PID: 3988)
      • driverpack-wget.exe (PID: 2656)
      • aria2c.exe (PID: 3092)
      • driverpack-wget.exe (PID: 3452)
      • aria2c.exe (PID: 4084)
      • aria2c.exe (PID: 3064)
      • driverpack-wget.exe (PID: 180)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 3604)
      • aria2c.exe (PID: 2568)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 872)
      • driverpack-wget.exe (PID: 2508)
      • driverpack-wget.exe (PID: 316)
      • driverpack-wget.exe (PID: 4356)
      • driverpack-wget.exe (PID: 5676)
      • driverpack-wget.exe (PID: 4244)
      • driverpack-wget.exe (PID: 4308)
      • driverpack-wget.exe (PID: 6028)
      • driverpack-wget.exe (PID: 3988)
      • driverpack-wget.exe (PID: 4976)
      • driverpack-wget.exe (PID: 5504)
      • driverpack-wget.exe (PID: 4928)
      • driverpack-wget.exe (PID: 5060)
      • driverpack-wget.exe (PID: 6072)
      • driverpack-wget.exe (PID: 1732)
      • driverpack-wget.exe (PID: 4484)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 4860)
      • driverpack-wget.exe (PID: 4732)
      • driverpack-wget.exe (PID: 5072)
      • driverpack-wget.exe (PID: 2236)
      • driverpack-wget.exe (PID: 6112)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 6064)
      • driverpack-wget.exe (PID: 4176)
      • driverpack-wget.exe (PID: 5056)
      • driverpack-wget.exe (PID: 2364)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5352)
      • driverpack-wget.exe (PID: 5644)
      • driverpack-wget.exe (PID: 5304)
      • driverpack-wget.exe (PID: 5976)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 5220)
      • driverpack-wget.exe (PID: 5872)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 5004)
      • driverpack-wget.exe (PID: 4972)
      • driverpack-wget.exe (PID: 5972)
      • driverpack-wget.exe (PID: 4892)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 4200)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 4384)
      • driverpack-wget.exe (PID: 5768)
      • driverpack-wget.exe (PID: 1688)
      • driverpack-wget.exe (PID: 852)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 5844)
      • driverpack-wget.exe (PID: 4552)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-7za.exe (PID: 5968)
      • driverpack-7za.exe (PID: 2352)
      • driverpack-wget.exe (PID: 5160)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 5212)
      • devcon.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4796)
      • driverpack-wget.exe (PID: 5620)
      • driverpack-wget.exe (PID: 2424)
      • driverpack-wget.exe (PID: 3512)
      • driverpack-wget.exe (PID: 1792)
      • driverpack-wget.exe (PID: 5320)
      • driverpack-wget.exe (PID: 5780)
      • driverpack-wget.exe (PID: 912)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 5864)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 4108)
      • driverpack-wget.exe (PID: 3924)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 5484)
      • driverpack-wget.exe (PID: 4004)
      • driverpack-wget.exe (PID: 5396)
      • driverpack-wget.exe (PID: 2280)
      • driverpack-wget.exe (PID: 4432)
      • driverpack-wget.exe (PID: 5020)
      • driverpack-wget.exe (PID: 4116)
      • driverpack-wget.exe (PID: 5480)
      • driverpack-wget.exe (PID: 2012)
      • driverpack-wget.exe (PID: 5660)
      • driverpack-wget.exe (PID: 4772)
      • driverpack-wget.exe (PID: 5048)
      • driverpack-wget.exe (PID: 572)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 3204)
      • driverpack-wget.exe (PID: 3816)
      • driverpack-wget.exe (PID: 4344)
      • driverpack-wget.exe (PID: 2464)
      • driverpack-wget.exe (PID: 2668)
      • driverpack-wget.exe (PID: 6380)
      • driverpack-wget.exe (PID: 6860)
      • driverpack-wget.exe (PID: 7336)
      • driverpack-wget.exe (PID: 6528)
      • driverpack-wget.exe (PID: 6584)
      • driverpack-wget.exe (PID: 6692)
      • driverpack-wget.exe (PID: 6436)
      • driverpack-wget.exe (PID: 1888)
      • driverpack-wget.exe (PID: 7328)
      • driverpack-wget.exe (PID: 6376)
      • driverpack-wget.exe (PID: 6524)
      • driverpack-wget.exe (PID: 7420)
      • driverpack-wget.exe (PID: 7848)
      • driverpack-wget.exe (PID: 7048)
      • driverpack-wget.exe (PID: 7356)
      • driverpack-wget.exe (PID: 4008)
      • driverpack-wget.exe (PID: 6444)
      • driverpack-wget.exe (PID: 7680)
      • driverpack-wget.exe (PID: 5144)
      • driverpack-wget.exe (PID: 7868)
      • DirectX.exe (PID: 7028)
      • driverpack-wget.exe (PID: 5308)
      • RuntimePack.exe (PID: 6932)
      • driverpack-wget.exe (PID: 7980)
      • driverpack-wget.exe (PID: 7344)
      • driverpack-wget.exe (PID: 7836)
      • driverpack-wget.exe (PID: 6484)
      • driverpack-wget.exe (PID: 6284)
      • driverpack-wget.exe (PID: 6200)
      • driverpack-wget.exe (PID: 7488)
      • driverpack-wget.exe (PID: 2352)
      • driverpack-wget.exe (PID: 4876)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 7972)
      • driverpack-wget.exe (PID: 6560)
      • driverpack-wget.exe (PID: 7164)
      • driverpack-wget.exe (PID: 1300)
      • driverpack-wget.exe (PID: 5992)
      • driverpack-wget.exe (PID: 7808)
      • driverpack-wget.exe (PID: 6656)
      • driverpack-wget.exe (PID: 7496)
      • driverpack-wget.exe (PID: 8056)
      • driverpack-wget.exe (PID: 7068)

    • Loads dropped or rewritten executable

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • devcon.exe (PID: 4252)
      • DrvInst.exe (PID: 6972)
      • regsvr32.exe (PID: 7492)
      • regsvr32.exe (PID: 7696)
      • regsvr32.exe (PID: 7764)
      • regsvr32.exe (PID: 7444)
      • regsvr32.exe (PID: 6648)
      • regsvr32.exe (PID: 8132)
      • regsvr32.exe (PID: 7628)
      • regsvr32.exe (PID: 7864)
      • regsvr32.exe (PID: 5760)
      • regsvr32.exe (PID: 7688)
      • regsvr32.exe (PID: 7276)
      • regsvr32.exe (PID: 6232)
      • DirectX.exe (PID: 7028)
      • regsvr32.exe (PID: 7564)
      • regsvr32.exe (PID: 7020)
      • regsvr32.exe (PID: 7388)

    • Executes PowerShell scripts

      • cmd.exe (PID: 2580)

    • Starts Visual C# compiler

      • powershell.exe (PID: 2672)

    • Downloads executable files from the Internet

      • mshta.exe (PID: 2628)
      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3064)

    • Changes internet zones settings

      • mshta.exe (PID: 2628)

    • Changes settings of System certificates

      • mshta.exe (PID: 2628)
      • devcon.exe (PID: 4252)

    • Registers / Runs the DLL via REGSVR32.EXE

      • cmd.exe (PID: 6908)
      • RuntimePack.exe (PID: 6932)
      • DirectX.exe (PID: 7028)

    • Changes the autorun value in the registry

      • mshta.exe (PID: 2628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3100)
      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • mshta.exe (PID: 2628)
      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3064)
      • driverpack-7za.exe (PID: 5968)
      • devcon.exe (PID: 4252)
      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
      • RuntimePack.exe (PID: 6932)
      • xcopy.exe (PID: 6984)
      • xcopy.exe (PID: 6264)
      • DirectX.exe (PID: 7028)

    • Starts MSHTA.EXE for opening HTA or HTMLS files

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)

    • Reads Internet Cache Settings

      • mshta.exe (PID: 2628)

    • Creates files in the user directory

      • mshta.exe (PID: 2628)
      • cmd.exe (PID: 4092)
      • cmd.exe (PID: 2580)
      • cmd.exe (PID: 1712)
      • powershell.exe (PID: 2672)
      • driverpack-wget.exe (PID: 3968)
      • driverpack-wget.exe (PID: 3560)
      • driverpack-wget.exe (PID: 3488)
      • driverpack-wget.exe (PID: 2560)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 3364)
      • driverpack-wget.exe (PID: 820)
      • cmd.exe (PID: 3704)
      • driverpack-wget.exe (PID: 2380)
      • cmd.exe (PID: 2788)
      • cmd.exe (PID: 340)
      • cmd.exe (PID: 2976)
      • cmd.exe (PID: 2520)
      • cmd.exe (PID: 2436)
      • driverpack-wget.exe (PID: 2480)
      • driverpack-wget.exe (PID: 3032)
      • cmd.exe (PID: 3608)
      • cmd.exe (PID: 3344)
      • cmd.exe (PID: 536)
      • cmd.exe (PID: 2716)
      • driverpack-wget.exe (PID: 2744)
      • cmd.exe (PID: 2468)
      • cmd.exe (PID: 2484)
      • driverpack-wget.exe (PID: 3044)
      • driverpack-wget.exe (PID: 3040)
      • cmd.exe (PID: 3916)
      • driverpack-wget.exe (PID: 2500)
      • driverpack-wget.exe (PID: 2432)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 1876)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 1860)
      • cmd.exe (PID: 1780)
      • cmd.exe (PID: 2540)
      • driverpack-wget.exe (PID: 2856)
      • driverpack-wget.exe (PID: 2680)
      • cmd.exe (PID: 4040)
      • cmd.exe (PID: 3708)
      • driverpack-wget.exe (PID: 944)
      • cmd.exe (PID: 3728)
      • cmd.exe (PID: 1064)
      • driverpack-wget.exe (PID: 1632)
      • cmd.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3468)
      • cmd.exe (PID: 2904)
      • cmd.exe (PID: 2888)
      • driverpack-wget.exe (PID: 2160)
      • cmd.exe (PID: 3232)
      • driverpack-wget.exe (PID: 2808)
      • driverpack-wget.exe (PID: 3272)
      • cmd.exe (PID: 2212)
      • cmd.exe (PID: 2412)
      • driverpack-wget.exe (PID: 2184)
      • cmd.exe (PID: 440)
      • cmd.exe (PID: 2900)
      • driverpack-wget.exe (PID: 3500)
      • driverpack-wget.exe (PID: 2552)
      • cmd.exe (PID: 2272)
      • driverpack-wget.exe (PID: 580)
      • cmd.exe (PID: 308)
      • driverpack-wget.exe (PID: 3736)
      • driverpack-wget.exe (PID: 2916)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 3980)
      • cmd.exe (PID: 3836)
      • driverpack-wget.exe (PID: 2656)
      • cmd.exe (PID: 3592)
      • driverpack-wget.exe (PID: 3452)
      • cmd.exe (PID: 1092)
      • cmd.exe (PID: 2392)
      • driverpack-wget.exe (PID: 3988)
      • cmd.exe (PID: 1948)
      • cmd.exe (PID: 3828)
      • cmd.exe (PID: 3664)
      • cmd.exe (PID: 2144)
      • driverpack-wget.exe (PID: 180)
      • driverpack-wget.exe (PID: 3552)
      • aria2c.exe (PID: 3092)
      • aria2c.exe (PID: 4084)
      • aria2c.exe (PID: 3064)
      • cmd.exe (PID: 2808)
      • cmd.exe (PID: 2376)
      • driverpack-wget.exe (PID: 3604)
      • aria2c.exe (PID: 2568)
      • driverpack-wget.exe (PID: 3172)
      • cmd.exe (PID: 2864)
      • cmd.exe (PID: 3944)
      • driverpack-wget.exe (PID: 3824)
      • cmd.exe (PID: 3568)
      • driverpack-wget.exe (PID: 2508)
      • driverpack-wget.exe (PID: 872)
      • cmd.exe (PID: 832)
      • cmd.exe (PID: 608)
      • cmd.exe (PID: 2232)
      • driverpack-wget.exe (PID: 316)
      • driverpack-wget.exe (PID: 4356)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 540)
      • driverpack-wget.exe (PID: 5676)
      • driverpack-wget.exe (PID: 4244)
      • cmd.exe (PID: 4476)
      • cmd.exe (PID: 4728)
      • driverpack-wget.exe (PID: 6028)
      • driverpack-wget.exe (PID: 4308)
      • cmd.exe (PID: 4792)
      • driverpack-wget.exe (PID: 3988)
      • cmd.exe (PID: 5224)
      • cmd.exe (PID: 5116)
      • driverpack-wget.exe (PID: 5504)
      • driverpack-wget.exe (PID: 4976)
      • cmd.exe (PID: 4184)
      • cmd.exe (PID: 4516)
      • driverpack-wget.exe (PID: 4928)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 5060)
      • cmd.exe (PID: 5668)
      • cmd.exe (PID: 5576)
      • cmd.exe (PID: 5820)
      • driverpack-wget.exe (PID: 6072)
      • driverpack-wget.exe (PID: 4484)
      • driverpack-wget.exe (PID: 1732)
      • cmd.exe (PID: 4804)
      • cmd.exe (PID: 5032)
      • cmd.exe (PID: 4572)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 5544)
      • cmd.exe (PID: 6092)
      • driverpack-wget.exe (PID: 4860)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 5132)
      • driverpack-wget.exe (PID: 5072)
      • driverpack-wget.exe (PID: 6112)
      • driverpack-wget.exe (PID: 2236)
      • cmd.exe (PID: 4136)
      • driverpack-wget.exe (PID: 4732)
      • cmd.exe (PID: 3776)
      • cmd.exe (PID: 5980)
      • cmd.exe (PID: 5500)
      • driverpack-wget.exe (PID: 4176)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 6064)
      • cmd.exe (PID: 4260)
      • cmd.exe (PID: 5184)
      • cmd.exe (PID: 5104)
      • driverpack-wget.exe (PID: 2364)
      • driverpack-wget.exe (PID: 5056)
      • driverpack-wget.exe (PID: 5424)
      • cmd.exe (PID: 3516)
      • cmd.exe (PID: 5488)
      • cmd.exe (PID: 5360)
      • cmd.exe (PID: 5496)
      • driverpack-wget.exe (PID: 5352)
      • driverpack-wget.exe (PID: 5644)
      • cmd.exe (PID: 4120)
      • driverpack-wget.exe (PID: 5976)
      • cmd.exe (PID: 4328)
      • cmd.exe (PID: 4924)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 5304)
      • driverpack-wget.exe (PID: 5220)
      • driverpack-wget.exe (PID: 5872)
      • driverpack-wget.exe (PID: 5004)
      • driverpack-wget.exe (PID: 4428)
      • cmd.exe (PID: 6056)
      • cmd.exe (PID: 6124)
      • cmd.exe (PID: 4400)
      • cmd.exe (PID: 4020)
      • driverpack-wget.exe (PID: 4972)
      • cmd.exe (PID: 5928)
      • cmd.exe (PID: 4812)
      • driverpack-wget.exe (PID: 4384)
      • driverpack-wget.exe (PID: 4344)
      • cmd.exe (PID: 5816)
      • cmd.exe (PID: 5744)
      • driverpack-wget.exe (PID: 5972)
      • driverpack-wget.exe (PID: 4892)
      • cmd.exe (PID: 4856)
      • driverpack-wget.exe (PID: 5916)
      • cmd.exe (PID: 5472)
      • driverpack-wget.exe (PID: 5176)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 5156)
      • driverpack-wget.exe (PID: 4200)
      • cmd.exe (PID: 4628)
      • driverpack-wget.exe (PID: 5844)
      • driverpack-wget.exe (PID: 5768)
      • driverpack-wget.exe (PID: 1688)
      • driverpack-wget.exe (PID: 852)
      • cmd.exe (PID: 5648)
      • cmd.exe (PID: 4036)
      • cmd.exe (PID: 5596)
      • driverpack-wget.exe (PID: 4552)
      • driverpack-wget.exe (PID: 4536)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 4396)
      • cmd.exe (PID: 3732)
      • cmd.exe (PID: 5356)
      • cmd.exe (PID: 3404)
      • cmd.exe (PID: 1944)
      • cmd.exe (PID: 4624)
      • cmd.exe (PID: 4160)
      • driverpack-wget.exe (PID: 5160)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 4796)
      • driverpack-wget.exe (PID: 5212)
      • cmd.exe (PID: 3444)
      • cmd.exe (PID: 5948)
      • cmd.exe (PID: 5300)
      • cmd.exe (PID: 2472)
      • driverpack-wget.exe (PID: 5620)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 5584)
      • driverpack-wget.exe (PID: 2424)
      • driverpack-wget.exe (PID: 1792)
      • driverpack-wget.exe (PID: 3512)
      • driverpack-wget.exe (PID: 5780)
      • driverpack-wget.exe (PID: 5320)
      • cmd.exe (PID: 1740)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 4248)
      • cmd.exe (PID: 4804)
      • driverpack-wget.exe (PID: 912)
      • cmd.exe (PID: 4680)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 4004)
      • driverpack-wget.exe (PID: 5396)
      • cmd.exe (PID: 4284)
      • cmd.exe (PID: 5476)
      • cmd.exe (PID: 5756)
      • cmd.exe (PID: 4156)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 4108)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 5864)
      • driverpack-wget.exe (PID: 3924)
      • driverpack-wget.exe (PID: 5484)
      • cmd.exe (PID: 1900)
      • cmd.exe (PID: 5272)
      • cmd.exe (PID: 4440)
      • cmd.exe (PID: 4672)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 5884)
      • driverpack-wget.exe (PID: 4432)
      • driverpack-wget.exe (PID: 5020)
      • driverpack-wget.exe (PID: 4116)
      • cmd.exe (PID: 4548)
      • cmd.exe (PID: 2744)
      • driverpack-wget.exe (PID: 2280)
      • driverpack-wget.exe (PID: 5480)
      • cmd.exe (PID: 2340)
      • driverpack-wget.exe (PID: 4772)
      • driverpack-wget.exe (PID: 5048)
      • driverpack-wget.exe (PID: 5660)
      • cmd.exe (PID: 5740)
      • cmd.exe (PID: 5168)
      • cmd.exe (PID: 2060)
      • cmd.exe (PID: 2752)
      • cmd.exe (PID: 4720)
      • driverpack-wget.exe (PID: 572)
      • driverpack-wget.exe (PID: 3816)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 3204)
      • cmd.exe (PID: 5088)
      • driverpack-wget.exe (PID: 2012)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 528)
      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 2644)
      • driverpack-wget.exe (PID: 2668)
      • driverpack-wget.exe (PID: 6380)
      • driverpack-wget.exe (PID: 2464)
      • driverpack-wget.exe (PID: 6860)
      • driverpack-wget.exe (PID: 7336)
      • cmd.exe (PID: 4648)
      • cmd.exe (PID: 4140)
      • driverpack-wget.exe (PID: 6528)
      • driverpack-wget.exe (PID: 6692)
      • driverpack-wget.exe (PID: 6584)
      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 7108)
      • cmd.exe (PID: 7096)
      • driverpack-wget.exe (PID: 6436)
      • cmd.exe (PID: 5260)
      • cmd.exe (PID: 604)
      • driverpack-wget.exe (PID: 1888)
      • cmd.exe (PID: 6948)
      • driverpack-wget.exe (PID: 6376)
      • cmd.exe (PID: 6884)
      • cmd.exe (PID: 7476)
      • cmd.exe (PID: 7212)
      • cmd.exe (PID: 6464)
      • cmd.exe (PID: 6272)
      • driverpack-wget.exe (PID: 7848)
      • driverpack-wget.exe (PID: 7420)
      • driverpack-wget.exe (PID: 7328)
      • driverpack-wget.exe (PID: 7356)
      • driverpack-wget.exe (PID: 4008)
      • driverpack-wget.exe (PID: 6444)
      • driverpack-wget.exe (PID: 5144)
      • cmd.exe (PID: 6532)
      • cmd.exe (PID: 7280)
      • cmd.exe (PID: 6988)
      • cmd.exe (PID: 6872)
      • cmd.exe (PID: 6572)
      • cmd.exe (PID: 5984)
      • driverpack-wget.exe (PID: 7048)
      • driverpack-wget.exe (PID: 7836)
      • driverpack-wget.exe (PID: 7680)
      • driverpack-wget.exe (PID: 6484)
      • cmd.exe (PID: 6856)
      • driverpack-wget.exe (PID: 7868)
      • cmd.exe (PID: 6616)
      • cmd.exe (PID: 6448)
      • cmd.exe (PID: 5252)
      • driverpack-wget.exe (PID: 5308)
      • cmd.exe (PID: 7208)
      • driverpack-wget.exe (PID: 7980)
      • cmd.exe (PID: 6844)
      • cmd.exe (PID: 7612)
      • cmd.exe (PID: 4984)
      • driverpack-wget.exe (PID: 7344)
      • driverpack-wget.exe (PID: 6284)
      • driverpack-wget.exe (PID: 2352)
      • driverpack-wget.exe (PID: 6560)
      • driverpack-wget.exe (PID: 7488)
      • driverpack-wget.exe (PID: 4876)
      • cmd.exe (PID: 6236)
      • cmd.exe (PID: 6348)
      • cmd.exe (PID: 6664)
      • cmd.exe (PID: 8040)
      • driverpack-wget.exe (PID: 6200)
      • driverpack-wget.exe (PID: 7972)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 6368)
      • driverpack-wget.exe (PID: 7164)
      • driverpack-wget.exe (PID: 5992)
      • driverpack-wget.exe (PID: 4584)
      • cmd.exe (PID: 6400)
      • driverpack-wget.exe (PID: 7808)
      • cmd.exe (PID: 7248)
      • driverpack-wget.exe (PID: 1300)
      • cmd.exe (PID: 7648)
      • driverpack-wget.exe (PID: 8056)
      • cmd.exe (PID: 6796)
      • cmd.exe (PID: 7952)
      • cmd.exe (PID: 7224)
      • driverpack-wget.exe (PID: 7496)
      • driverpack-wget.exe (PID: 6656)
      • cmd.exe (PID: 6036)
      • cmd.exe (PID: 6888)
      • driverpack-wget.exe (PID: 7068)
      • cmd.exe (PID: 6620)
      • cmd.exe (PID: 7236)
      • cmd.exe (PID: 6212)
      • cmd.exe (PID: 7140)
      • DriverPack-Alice.exe (PID: 3392)

    • Uses REG.EXE to modify Windows registry

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)

    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 4092)
      • cmd.exe (PID: 1712)
      • cmd.exe (PID: 3728)
      • mshta.exe (PID: 2628)

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 2628)
      • cmd.exe (PID: 2232)
      • RuntimePack.exe (PID: 6932)

    • Uses RUNDLL32.EXE to load library

      • mshta.exe (PID: 2628)
      • DrvInst.exe (PID: 4916)

    • Adds / modifies Windows certificates

      • mshta.exe (PID: 2628)
      • devcon.exe (PID: 4252)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3728)
      • cmd.exe (PID: 2232)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2904)

    • Executed as Windows Service

      • vssvc.exe (PID: 332)

    • Executed via COM

      • DllHost.exe (PID: 2868)
      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)

    • Uses TASKLIST.EXE to query information about running processes

      • cmd.exe (PID: 2232)

    • Application launched itself

      • cmd.exe (PID: 2232)

    • Creates files in the Windows directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
      • xcopy.exe (PID: 6984)
      • xcopy.exe (PID: 6264)
      • cmd.exe (PID: 6908)
      • DirectX.exe (PID: 7028)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)

    • Removes files from Windows directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3736)
      • regsvr32.exe (PID: 6360)
      • regsvr32.exe (PID: 6260)
      • regsvr32.exe (PID: 7952)
      • regsvr32.exe (PID: 3680)
      • regsvr32.exe (PID: 8116)
      • regsvr32.exe (PID: 6588)
      • regsvr32.exe (PID: 4832)
      • regsvr32.exe (PID: 7176)
      • regsvr32.exe (PID: 7284)
      • regsvr32.exe (PID: 3308)
      • regsvr32.exe (PID: 7992)
      • regsvr32.exe (PID: 3620)
      • regsvr32.exe (PID: 1536)
      • regsvr32.exe (PID: 6280)
      • regsvr32.exe (PID: 8004)
      • regsvr32.exe (PID: 6768)
      • regsvr32.exe (PID: 6432)
      • regsvr32.exe (PID: 7584)
      • regsvr32.exe (PID: 7504)
      • regsvr32.exe (PID: 7088)
      • regsvr32.exe (PID: 6152)
      • regsvr32.exe (PID: 7040)
      • regsvr32.exe (PID: 6176)
      • regsvr32.exe (PID: 7696)
      • regsvr32.exe (PID: 3860)
      • regsvr32.exe (PID: 3748)
      • regsvr32.exe (PID: 6716)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 576)
      • mshta.exe (PID: 2628)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 576)
      • iexplore.exe (PID: 3100)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3100)

    • Changes internet zones settings

      • iexplore.exe (PID: 3100)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3100)
      • mshta.exe (PID: 2628)

    • Creates files in the user directory

      • iexplore.exe (PID: 576)
      • iexplore.exe (PID: 3100)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3100)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3100)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 332)

    • Reads the hosts file

      • aria2c.exe (PID: 4084)
      • aria2c.exe (PID: 3092)
      • aria2c.exe (PID: 3064)
      • aria2c.exe (PID: 2568)

    • Searches for installed software

      • DrvInst.exe (PID: 4916)

    • Dropped object may contain Bitcoin addresses

      • DriverPack-Alice.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
692
Monitored processes
454
Malicious processes
48
Suspicious processes
76

Behavior graph

Click at the process to see the details
drop and start drop and start start iexplore.exe iexplore.exe driverpack-17-online_389680771.1582317589.exe no specs driverpack-17-online_389680771.1582317589.exe reg.exe no specs mshta.exe cmd.exe no specs powershell.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs csc.exe netsh.exe no specs cvtres.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs chcp.com no specs netsh.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs sc.exe no specs driverpack-wget.exe driverpack-wget.exe vssvc.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs wmic.exe no specs cmd.exe no specs driverpack-wget.exe SPPSurrogate no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe cmd.exe no specs aria2c.exe cmd.exe no specs aria2c.exe aria2c.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs chcp.com no specs tasklist.exe no specs cmd.exe no specs timeout.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-7za.exe no specs findstr.exe no specs driverpack-7za.exe find.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe devcon.exe driverpack-wget.exe drvinst.exe cmd.exe no specs driverpack-wget.exe rundll32.exe no specs rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe drvinst.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-alice.exe no specs directx.exe runtimepack.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs xcopy.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs xcopy.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs regsvr32.exe no specs cmd.exe no specs regsvr32.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs cmd.exe no specs regsvr32.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs regsvr32.exe no specs driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs netsh.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
180"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_1894.log" C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\driverpack-20200221204024\tools\driverpack-wget.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
308"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-3.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_53044.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_53044.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
316tasklist /v /fi "USERNAME eq admin" /fi "STATUS eq running" /fo csv C:\Windows\system32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Lists the current running tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\tasklist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
316"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/SERVICE_MODE-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_24956.log" C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\netapi32.dll
332C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
340"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_10002.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_10002.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
440"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-2.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_41490.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_41490.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
528"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/STORIES-technologies-9.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_30918.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_30918.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
536"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/DRP_TEAM-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_35492.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_35492.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
540"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\audio\en" "http://download.drp.su/assistant/beetle/audio/en/SERVICE_MODE-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_24956.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_24956.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
13 393
Read events
4 369
Write events
7 562
Delete events
1 462

Modification events

(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
523214942
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30796023
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3100) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
183
Suspicious files
117
Text files
2 236
Unknown types
237

Dropped files

PID
Process
Filename
Type
576iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab716F.tmp
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7170.tmp
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\en[1].htmhtml
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\95EC1D62778E6B45297114DE13BE5B23binary
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bbinary
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\logo-colored[1].pngimage
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\landing-feature-3[1].pngimage
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\screenshot-2[1].jpgimage
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bder
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 085
TCP/UDP connections
575
DNS requests
63
Threats
2 258

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECECSrjihwEqjJtbw07DaD9QU%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
93.184.220.29:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRhhZrQET0hvbSHUJmNfBKqR%2FiT7wQUU8oXWfxrwAMhLxqu5KqoHIJW2nUCEAMzwqmzBdZrHgKGOG%2B3uRU%3D
US
der
471 b
shared
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGbFlJeGAf%2B1AgAAAABXm8I%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
576
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
576
iexplore.exe
37.9.8.76:443
drp.su
Dominanta CTV Ltd
RU
suspicious
576
iexplore.exe
81.19.89.16:443
counter.rambler.ru
Rambler Internet Holding LLC
RU
unknown
576
iexplore.exe
172.217.23.174:443
www.youtube.com
Google Inc.
US
whitelisted
576
iexplore.exe
172.217.22.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
576
iexplore.exe
72.21.91.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
576
iexplore.exe
172.217.16.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
576
iexplore.exe
93.184.220.29:80
status.rapidssl.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
576
iexplore.exe
172.217.22.110:443
s.ytimg.com
Google Inc.
US
whitelisted
576
iexplore.exe
216.58.207.46:443
www.youtube.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
drp.su
  • 37.9.8.76
  • 178.162.207.43
  • 87.117.235.117
  • 82.145.55.129
suspicious
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
www.youtube.com
  • 172.217.23.174
  • 172.217.16.206
  • 172.217.23.142
  • 216.58.205.238
  • 172.217.18.14
  • 216.58.207.46
  • 216.58.207.78
  • 172.217.22.14
  • 172.217.16.174
  • 216.58.208.46
  • 216.58.210.14
  • 172.217.23.110
  • 172.217.18.110
  • 172.217.16.142
  • 172.217.22.78
  • 172.217.21.206
whitelisted
counter.rambler.ru
  • 81.19.89.16
  • 81.19.89.18
  • 81.19.89.17
whitelisted
www.googletagmanager.com
  • 172.217.22.40
whitelisted
ocsp.digicert.com
  • 72.21.91.29
whitelisted
ocsp.pki.goog
  • 172.217.16.163
whitelisted
status.rapidssl.com
  • 93.184.220.29
shared
s.ytimg.com
  • 172.217.22.110
whitelisted

Threats

PID
Process
Class
Message
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
576
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
576
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
576
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2628
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2628
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
15 ETPRO signatures available at the full report
Process
Message
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://drp.su/en