URL:

http://dwrapper-prod.herokuapp.com/bin/watcher.html

Full analysis: https://app.any.run/tasks/2e012ea4-2574-4419-9df3-6dd22d7e5060
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 22, 2024, 13:24:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
qrcode
loader
Indicators:
MD5:

096B85B7277E06FBB84C90C4496AE454

SHA1:

71007796746C90C892CC1E0DC1C59984E343810F

SHA256:

7ACD2B531F3E0F15F70B72F4C401F6080F91BE363F35EAB01EBAA33EB201507B

SSDEEP:

3:N1KaSMpVYNKRG3J:CaHMNKA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DriverPack-17-Online.exe (PID: 1932)
      • csc.exe (PID: 3692)
      • mshta.exe (PID: 3208)
      • aria2c.exe (PID: 3660)
      • aria2c.exe (PID: 3052)
      • SearcherBar.exe (PID: 5524)
      • aria2c.exe (PID: 5996)
      • aria2c.exe (PID: 1016)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 5528)
      • OperaBlink_win7.exe (PID: 1780)
      • OperaBlink_win7.exe (PID: 452)
      • OperaBlink_win7.exe (PID: 5752)
      • installer.exe (PID: 4184)
      • installer.exe (PID: 3172)
      • csc.exe (PID: 2004)
      • launcher.exe (PID: 6116)
      • installer.exe (PID: 4680)
      • aria2c.exe (PID: 5428)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 3420)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 2812)

    • Starts Visual C# compiler

      • powershell.exe (PID: 3420)

    • Actions looks like stealing of personal data

      • mshta.exe (PID: 3208)
      • OperaBlink_win7.exe (PID: 5528)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 452)
      • OperaBlink_win7.exe (PID: 5752)
      • installer.exe (PID: 4184)
      • installer.exe (PID: 3172)
      • opera.exe (PID: 3552)
      • opera_crashreporter.exe (PID: 5772)
      • opera.exe (PID: 5172)
      • opera_crashreporter.exe (PID: 4960)
      • opera.exe (PID: 5436)
      • opera.exe (PID: 5768)
      • opera.exe (PID: 4700)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 5832)
      • opera.exe (PID: 5440)
      • opera.exe (PID: 5324)
      • opera.exe (PID: 5856)
      • opera.exe (PID: 5084)
      • opera.exe (PID: 5316)
      • opera.exe (PID: 5612)
      • opera_autoupdate.exe (PID: 2956)
      • opera_autoupdate.exe (PID: 4900)
      • opera.exe (PID: 6084)
      • opera.exe (PID: 5668)
      • opera.exe (PID: 5744)
      • opera.exe (PID: 2800)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DriverPack-17-Online.exe (PID: 1932)
      • csc.exe (PID: 3692)
      • mshta.exe (PID: 3208)
      • aria2c.exe (PID: 3660)
      • SearcherBar.exe (PID: 5524)
      • OperaBlink_win7.exe (PID: 5528)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 452)
      • OperaBlink_win7.exe (PID: 5752)
      • OperaBlink_win7.exe (PID: 1780)
      • installer.exe (PID: 4184)
      • installer.exe (PID: 3172)
      • csc.exe (PID: 2004)
      • launcher.exe (PID: 6116)
      • installer.exe (PID: 4680)

    • The process creates files with name similar to system file names

      • DriverPack-17-Online.exe (PID: 1932)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • DriverPack-17-Online.exe (PID: 1932)

    • Executing commands from a ".bat" file

      • DriverPack-17-Online.exe (PID: 1932)

    • Starts CMD.EXE for commands execution

      • DriverPack-17-Online.exe (PID: 1932)
      • mshta.exe (PID: 3208)

    • Reads the Internet Settings

      • cmd.exe (PID: 3032)
      • mshta.exe (PID: 3208)
      • WMIC.exe (PID: 924)
      • OperaBlink_win7.exe (PID: 5528)
      • opera.exe (PID: 3552)
      • opera.exe (PID: 2800)
      • opera_autoupdate.exe (PID: 4524)
      • opera_autoupdate.exe (PID: 2956)

    • Executing commands from ".cmd" file

      • mshta.exe (PID: 3208)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2812)

    • The process hide an interactive prompt from the user

      • cmd.exe (PID: 2812)

    • Get information on the list of running processes

      • cmd.exe (PID: 2812)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 2812)

    • The process hides Powershell's copyright startup banner

      • cmd.exe (PID: 2812)

    • Adds/modifies Windows certificates

      • mshta.exe (PID: 3208)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 2812)

    • Uses RUNDLL32.EXE to load library

      • mshta.exe (PID: 3208)

    • Uses .NET C# to load dll

      • powershell.exe (PID: 3420)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 3652)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 3864)

    • Changes internet zones settings

      • mshta.exe (PID: 3208)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 3484)

    • Process drops legitimate windows executable

      • mshta.exe (PID: 3208)
      • OperaBlink_win7.exe (PID: 452)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3484)

    • Process requests binary or script from the Internet

      • mshta.exe (PID: 3208)
      • aria2c.exe (PID: 3052)
      • aria2c.exe (PID: 5512)
      • aria2c.exe (PID: 1016)
      • aria2c.exe (PID: 4160)
      • aria2c.exe (PID: 5996)
      • aria2c.exe (PID: 5428)

    • Drops 7-zip archiver for unpacking

      • mshta.exe (PID: 3208)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 4072)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3048)

    • Uses WMIC.EXE to obtain system information

      • cmd.exe (PID: 3768)

    • Searches for installed software

      • dllhost.exe (PID: 4064)

    • The executable file from the user directory is run by the CMD process

      • SearcherBar.exe (PID: 5524)
      • OperaBlink_win7.exe (PID: 5528)

    • Starts itself from another location

      • OperaBlink_win7.exe (PID: 5528)

    • Application launched itself

      • OperaBlink_win7.exe (PID: 5528)
      • OperaBlink_win7.exe (PID: 452)
      • installer.exe (PID: 3172)
      • opera.exe (PID: 3552)
      • opera.exe (PID: 2800)
      • opera_autoupdate.exe (PID: 2956)
      • opera_autoupdate.exe (PID: 4524)

    • Reads security settings of Internet Explorer

      • OperaBlink_win7.exe (PID: 5528)

    • Checks Windows Trust Settings

      • OperaBlink_win7.exe (PID: 5528)

    • Reads settings of System Certificates

      • OperaBlink_win7.exe (PID: 5528)
      • opera.exe (PID: 5084)

    • Reads browser cookies

      • opera.exe (PID: 5084)

    • The process executes via Task Scheduler

      • launcher.exe (PID: 6116)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 116)

    • The process uses the downloaded file

      • chrome.exe (PID: 116)
      • chrome.exe (PID: 2672)

    • Checks supported languages

      • DriverPack-17-Online.exe (PID: 1932)
      • csc.exe (PID: 3692)
      • cvtres.exe (PID: 3700)
      • driverpack-wget.exe (PID: 2468)
      • driverpack-wget.exe (PID: 3632)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 1852)
      • driverpack-wget.exe (PID: 3660)
      • driverpack-wget.exe (PID: 4092)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 3672)
      • driverpack-wget.exe (PID: 3804)
      • driverpack-wget.exe (PID: 1168)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 3840)
      • driverpack-wget.exe (PID: 3828)
      • driverpack-wget.exe (PID: 604)
      • driverpack-wget.exe (PID: 3260)
      • driverpack-wget.exe (PID: 4036)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 1092)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1380)
      • chcp.com (PID: 2228)
      • driverpack-wget.exe (PID: 2528)
      • driverpack-wget.exe (PID: 952)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 4056)
      • driverpack-wget.exe (PID: 948)
      • driverpack-wget.exe (PID: 2584)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 3628)
      • driverpack-wget.exe (PID: 2572)
      • driverpack-wget.exe (PID: 2848)
      • driverpack-wget.exe (PID: 3188)
      • aria2c.exe (PID: 2744)
      • aria2c.exe (PID: 3824)
      • aria2c.exe (PID: 3268)
      • aria2c.exe (PID: 3052)
      • aria2c.exe (PID: 3660)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3256)
      • driverpack-wget.exe (PID: 3484)
      • driverpack-wget.exe (PID: 3624)
      • driverpack-wget.exe (PID: 3868)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 3844)
      • driverpack-wget.exe (PID: 1000)
      • driverpack-wget.exe (PID: 3936)
      • driverpack-wget.exe (PID: 2320)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 2952)
      • driverpack-wget.exe (PID: 2244)
      • driverpack-wget.exe (PID: 2348)
      • driverpack-wget.exe (PID: 3676)
      • driverpack-wget.exe (PID: 3192)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 664)
      • driverpack-wget.exe (PID: 1588)
      • driverpack-wget.exe (PID: 3904)
      • driverpack-wget.exe (PID: 3060)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 3380)
      • driverpack-wget.exe (PID: 996)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 2796)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 4084)
      • driverpack-wget.exe (PID: 2844)
      • driverpack-wget.exe (PID: 3888)
      • driverpack-wget.exe (PID: 3684)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4104)
      • driverpack-wget.exe (PID: 4148)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 4724)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5272)
      • driverpack-wget.exe (PID: 5300)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 5928)
      • driverpack-wget.exe (PID: 5952)
      • driverpack-wget.exe (PID: 5968)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4156)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 4556)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 4656)
      • driverpack-wget.exe (PID: 4652)
      • aria2c.exe (PID: 5512)
      • SearcherBar.exe (PID: 5524)
      • driverpack-wget.exe (PID: 5336)
      • driverpack-wget.exe (PID: 5148)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 5288)
      • aria2c.exe (PID: 5996)
      • driverpack-wget.exe (PID: 5672)
      • driverpack-wget.exe (PID: 2800)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 4468)
      • driverpack-wget.exe (PID: 4472)
      • driverpack-wget.exe (PID: 4364)
      • driverpack-wget.exe (PID: 4728)
      • driverpack-wget.exe (PID: 4632)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 3644)
      • driverpack-wget.exe (PID: 5112)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5496)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 4224)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5664)
      • driverpack-wget.exe (PID: 5848)
      • driverpack-wget.exe (PID: 5892)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 4616)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 5508)
      • driverpack-wget.exe (PID: 4496)
      • driverpack-wget.exe (PID: 6100)
      • driverpack-wget.exe (PID: 4800)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 4684)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5800)
      • aria2c.exe (PID: 1016)
      • OperaBlink_win7.exe (PID: 5528)
      • driverpack-wget.exe (PID: 4536)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 1780)
      • OperaBlink_win7.exe (PID: 5752)
      • OperaBlink_win7.exe (PID: 452)
      • installer.exe (PID: 4184)
      • launcher.exe (PID: 5792)
      • opera.exe (PID: 3552)
      • installer.exe (PID: 3172)
      • aria2c.exe (PID: 4160)
      • opera_crashreporter.exe (PID: 5772)
      • opera.exe (PID: 4352)
      • opera.exe (PID: 4684)
      • opera.exe (PID: 2800)
      • opera_crashreporter.exe (PID: 4960)
      • opera.exe (PID: 5172)
      • opera.exe (PID: 5084)
      • opera.exe (PID: 4580)
      • csc.exe (PID: 2004)
      • opera.exe (PID: 5436)
      • opera.exe (PID: 4700)
      • opera.exe (PID: 5768)
      • opera.exe (PID: 5832)
      • opera.exe (PID: 5316)
      • opera.exe (PID: 5856)
      • opera.exe (PID: 2616)
      • opera.exe (PID: 5440)
      • opera.exe (PID: 6084)
      • opera.exe (PID: 5880)
      • cvtres.exe (PID: 5428)
      • opera.exe (PID: 5612)
      • opera.exe (PID: 5324)
      • opera_autoupdate.exe (PID: 2956)
      • launcher.exe (PID: 6116)
      • opera_autoupdate.exe (PID: 4900)
      • installer.exe (PID: 4680)
      • opera_autoupdate.exe (PID: 4524)
      • opera_autoupdate.exe (PID: 2436)
      • opera.exe (PID: 5668)
      • opera.exe (PID: 5744)
      • aria2c.exe (PID: 5428)

    • Reads the computer name

      • DriverPack-17-Online.exe (PID: 1932)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 3632)
      • driverpack-wget.exe (PID: 2468)
      • driverpack-wget.exe (PID: 3660)
      • driverpack-wget.exe (PID: 3672)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 1852)
      • driverpack-wget.exe (PID: 1168)
      • driverpack-wget.exe (PID: 3804)
      • driverpack-wget.exe (PID: 4092)
      • driverpack-wget.exe (PID: 3828)
      • driverpack-wget.exe (PID: 604)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 3840)
      • driverpack-wget.exe (PID: 3260)
      • driverpack-wget.exe (PID: 4036)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 1092)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1380)
      • driverpack-wget.exe (PID: 2528)
      • driverpack-wget.exe (PID: 952)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 948)
      • driverpack-wget.exe (PID: 4056)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 3628)
      • driverpack-wget.exe (PID: 2572)
      • driverpack-wget.exe (PID: 2584)
      • driverpack-wget.exe (PID: 3188)
      • driverpack-wget.exe (PID: 2848)
      • aria2c.exe (PID: 3824)
      • aria2c.exe (PID: 3268)
      • aria2c.exe (PID: 2744)
      • aria2c.exe (PID: 3052)
      • aria2c.exe (PID: 3660)
      • driverpack-wget.exe (PID: 3624)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3256)
      • driverpack-wget.exe (PID: 3484)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 3868)
      • driverpack-wget.exe (PID: 1000)
      • driverpack-wget.exe (PID: 3844)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 2244)
      • driverpack-wget.exe (PID: 3936)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 2320)
      • driverpack-wget.exe (PID: 3192)
      • driverpack-wget.exe (PID: 2348)
      • driverpack-wget.exe (PID: 3676)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 2952)
      • driverpack-wget.exe (PID: 3904)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 1588)
      • driverpack-wget.exe (PID: 3060)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 664)
      • driverpack-wget.exe (PID: 3380)
      • driverpack-wget.exe (PID: 996)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 4084)
      • driverpack-wget.exe (PID: 2844)
      • driverpack-wget.exe (PID: 2796)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 3888)
      • driverpack-wget.exe (PID: 3684)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4104)
      • driverpack-wget.exe (PID: 4148)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 4724)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5300)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 5272)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 5928)
      • driverpack-wget.exe (PID: 5968)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 5952)
      • driverpack-wget.exe (PID: 4156)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 4556)
      • driverpack-wget.exe (PID: 4656)
      • driverpack-wget.exe (PID: 4652)
      • aria2c.exe (PID: 5512)
      • SearcherBar.exe (PID: 5524)
      • driverpack-wget.exe (PID: 5148)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 5672)
      • driverpack-wget.exe (PID: 5336)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 2800)
      • driverpack-wget.exe (PID: 4468)
      • driverpack-wget.exe (PID: 4364)
      • aria2c.exe (PID: 5996)
      • driverpack-wget.exe (PID: 4472)
      • driverpack-wget.exe (PID: 4728)
      • driverpack-wget.exe (PID: 4632)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 5496)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 3644)
      • driverpack-wget.exe (PID: 5112)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 4224)
      • driverpack-wget.exe (PID: 5664)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5892)
      • driverpack-wget.exe (PID: 5848)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 4616)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 5508)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 4496)
      • driverpack-wget.exe (PID: 4800)
      • driverpack-wget.exe (PID: 6100)
      • driverpack-wget.exe (PID: 4684)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-wget.exe (PID: 5800)
      • driverpack-wget.exe (PID: 5324)
      • aria2c.exe (PID: 1016)
      • OperaBlink_win7.exe (PID: 5528)
      • installer.exe (PID: 3172)
      • launcher.exe (PID: 5792)
      • aria2c.exe (PID: 4160)
      • opera.exe (PID: 3552)
      • opera.exe (PID: 4352)
      • opera.exe (PID: 2800)
      • opera.exe (PID: 5172)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 5436)
      • opera.exe (PID: 5316)
      • opera.exe (PID: 4700)
      • opera.exe (PID: 5768)
      • opera.exe (PID: 5084)
      • opera.exe (PID: 2616)
      • opera.exe (PID: 5856)
      • opera.exe (PID: 5440)
      • opera.exe (PID: 6084)
      • opera.exe (PID: 5880)
      • opera.exe (PID: 5612)
      • opera.exe (PID: 5832)
      • opera.exe (PID: 5324)
      • opera_autoupdate.exe (PID: 2956)
      • opera_autoupdate.exe (PID: 4524)
      • opera.exe (PID: 5668)
      • aria2c.exe (PID: 5428)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 116)
      • chrome.exe (PID: 1836)

    • Create files in a temporary directory

      • DriverPack-17-Online.exe (PID: 1932)
      • cvtres.exe (PID: 3700)
      • csc.exe (PID: 3692)
      • SearcherBar.exe (PID: 5524)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 1780)
      • OperaBlink_win7.exe (PID: 5528)
      • OperaBlink_win7.exe (PID: 452)
      • OperaBlink_win7.exe (PID: 5752)
      • installer.exe (PID: 3172)
      • installer.exe (PID: 4184)
      • opera.exe (PID: 2800)
      • cvtres.exe (PID: 5428)
      • csc.exe (PID: 2004)
      • launcher.exe (PID: 6116)
      • installer.exe (PID: 4680)
      • opera_autoupdate.exe (PID: 2436)
      • opera_autoupdate.exe (PID: 4524)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 116)
      • chrome.exe (PID: 1836)

    • Creates files in the program directory

      • DriverPack-17-Online.exe (PID: 1932)
      • mshta.exe (PID: 3208)
      • driverpack-wget.exe (PID: 2468)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 3632)
      • driverpack-wget.exe (PID: 1852)
      • driverpack-wget.exe (PID: 3660)
      • driverpack-wget.exe (PID: 1168)
      • driverpack-wget.exe (PID: 3828)
      • driverpack-wget.exe (PID: 4092)
      • driverpack-wget.exe (PID: 3804)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 3672)
      • driverpack-wget.exe (PID: 604)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 3260)
      • driverpack-wget.exe (PID: 3840)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1380)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 2528)
      • driverpack-wget.exe (PID: 952)
      • driverpack-wget.exe (PID: 4056)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 2584)
      • driverpack-wget.exe (PID: 948)
      • driverpack-wget.exe (PID: 3628)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 2572)
      • driverpack-wget.exe (PID: 3188)
      • driverpack-wget.exe (PID: 2848)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 3936)
      • driverpack-wget.exe (PID: 2320)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 2952)
      • driverpack-wget.exe (PID: 2348)
      • driverpack-wget.exe (PID: 3676)
      • driverpack-wget.exe (PID: 3192)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3904)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 1588)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 664)
      • driverpack-wget.exe (PID: 3060)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 3380)
      • driverpack-wget.exe (PID: 996)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 4084)
      • driverpack-wget.exe (PID: 2844)
      • driverpack-wget.exe (PID: 2796)
      • driverpack-wget.exe (PID: 3888)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 3684)
      • driverpack-wget.exe (PID: 4104)
      • driverpack-wget.exe (PID: 4148)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 4724)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5272)
      • driverpack-wget.exe (PID: 5300)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 5928)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 5952)
      • driverpack-wget.exe (PID: 5968)
      • driverpack-wget.exe (PID: 4156)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 4556)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 4656)
      • driverpack-wget.exe (PID: 4652)
      • SearcherBar.exe (PID: 5524)
      • driverpack-wget.exe (PID: 5336)
      • driverpack-wget.exe (PID: 5148)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5672)
      • driverpack-wget.exe (PID: 4364)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 4472)
      • driverpack-wget.exe (PID: 4468)
      • driverpack-wget.exe (PID: 4632)
      • driverpack-wget.exe (PID: 4728)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 2800)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 5496)
      • driverpack-wget.exe (PID: 3644)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5664)
      • driverpack-wget.exe (PID: 4224)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 5112)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5892)
      • driverpack-wget.exe (PID: 5848)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 4616)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 5508)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 4496)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 6100)
      • driverpack-wget.exe (PID: 4684)
      • driverpack-wget.exe (PID: 4800)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-wget.exe (PID: 5800)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5084)
      • installer.exe (PID: 3172)
      • OperaBlink_win7.exe (PID: 452)
      • opera_autoupdate.exe (PID: 4524)

    • Checks proxy server information

      • mshta.exe (PID: 3208)
      • OperaBlink_win7.exe (PID: 5528)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 3208)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 3692)
      • cvtres.exe (PID: 3700)
      • aria2c.exe (PID: 2744)
      • aria2c.exe (PID: 3268)
      • aria2c.exe (PID: 3052)
      • aria2c.exe (PID: 3824)
      • aria2c.exe (PID: 3660)
      • aria2c.exe (PID: 5512)
      • aria2c.exe (PID: 5996)
      • aria2c.exe (PID: 1016)
      • OperaBlink_win7.exe (PID: 5528)
      • installer.exe (PID: 3172)
      • aria2c.exe (PID: 4160)
      • opera.exe (PID: 3552)
      • opera.exe (PID: 2800)
      • csc.exe (PID: 2004)
      • cvtres.exe (PID: 5428)
      • opera.exe (PID: 5084)
      • opera_autoupdate.exe (PID: 2956)
      • opera_autoupdate.exe (PID: 4900)
      • opera_autoupdate.exe (PID: 4524)
      • opera_autoupdate.exe (PID: 2436)
      • aria2c.exe (PID: 5428)

    • Creates files or folders in the user directory

      • driverpack-wget.exe (PID: 3632)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 1852)
      • driverpack-wget.exe (PID: 2468)
      • driverpack-wget.exe (PID: 3660)
      • driverpack-wget.exe (PID: 3672)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 3804)
      • driverpack-wget.exe (PID: 4092)
      • driverpack-wget.exe (PID: 1168)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 3828)
      • driverpack-wget.exe (PID: 604)
      • driverpack-wget.exe (PID: 3840)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 3260)
      • driverpack-wget.exe (PID: 4036)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 1092)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1380)
      • driverpack-wget.exe (PID: 2528)
      • driverpack-wget.exe (PID: 952)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 4056)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 948)
      • driverpack-wget.exe (PID: 2584)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 3628)
      • driverpack-wget.exe (PID: 2572)
      • driverpack-wget.exe (PID: 3188)
      • driverpack-wget.exe (PID: 2848)
      • aria2c.exe (PID: 2744)
      • aria2c.exe (PID: 3824)
      • driverpack-wget.exe (PID: 1836)
      • aria2c.exe (PID: 3052)
      • driverpack-wget.exe (PID: 3624)
      • driverpack-wget.exe (PID: 3256)
      • aria2c.exe (PID: 3660)
      • aria2c.exe (PID: 3268)
      • driverpack-wget.exe (PID: 3484)
      • driverpack-wget.exe (PID: 3868)
      • driverpack-wget.exe (PID: 1000)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 3464)
      • driverpack-wget.exe (PID: 3844)
      • driverpack-wget.exe (PID: 3936)
      • driverpack-wget.exe (PID: 2320)
      • driverpack-wget.exe (PID: 1220)
      • driverpack-wget.exe (PID: 2952)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 2244)
      • driverpack-wget.exe (PID: 2348)
      • driverpack-wget.exe (PID: 3676)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3192)
      • driverpack-wget.exe (PID: 3904)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 1032)
      • driverpack-wget.exe (PID: 3872)
      • driverpack-wget.exe (PID: 664)
      • driverpack-wget.exe (PID: 1588)
      • driverpack-wget.exe (PID: 3060)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 3892)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 3380)
      • driverpack-wget.exe (PID: 996)
      • driverpack-wget.exe (PID: 2796)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 2444)
      • driverpack-wget.exe (PID: 4084)
      • driverpack-wget.exe (PID: 2844)
      • driverpack-wget.exe (PID: 3888)
      • driverpack-wget.exe (PID: 3684)
      • driverpack-wget.exe (PID: 4148)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4104)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 4724)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5300)
      • driverpack-wget.exe (PID: 5272)
      • driverpack-wget.exe (PID: 5324)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 5952)
      • driverpack-wget.exe (PID: 5968)
      • driverpack-wget.exe (PID: 4156)
      • driverpack-wget.exe (PID: 5928)
      • driverpack-wget.exe (PID: 916)
      • driverpack-wget.exe (PID: 4556)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 4656)
      • driverpack-wget.exe (PID: 4652)
      • driverpack-wget.exe (PID: 5336)
      • aria2c.exe (PID: 5512)
      • driverpack-wget.exe (PID: 5148)
      • driverpack-wget.exe (PID: 5288)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 5672)
      • aria2c.exe (PID: 5996)
      • driverpack-wget.exe (PID: 2800)
      • driverpack-wget.exe (PID: 4468)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 4364)
      • driverpack-wget.exe (PID: 4472)
      • driverpack-wget.exe (PID: 4728)
      • driverpack-wget.exe (PID: 4632)
      • driverpack-wget.exe (PID: 4696)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 3644)
      • driverpack-wget.exe (PID: 5112)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5496)
      • driverpack-wget.exe (PID: 5664)
      • driverpack-wget.exe (PID: 4224)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 5936)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5892)
      • driverpack-wget.exe (PID: 5848)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 4616)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 5508)
      • driverpack-wget.exe (PID: 4496)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 4800)
      • driverpack-wget.exe (PID: 6100)
      • driverpack-wget.exe (PID: 4684)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-wget.exe (PID: 5800)
      • driverpack-wget.exe (PID: 5324)
      • aria2c.exe (PID: 1016)
      • OperaBlink_win7.exe (PID: 5636)
      • OperaBlink_win7.exe (PID: 5528)
      • installer.exe (PID: 3172)
      • aria2c.exe (PID: 4160)
      • opera.exe (PID: 3552)
      • opera.exe (PID: 2800)
      • opera.exe (PID: 5084)
      • aria2c.exe (PID: 5428)

    • Manual execution by a user

      • opera.exe (PID: 2800)

    • Process checks computer location settings

      • opera.exe (PID: 2800)
      • opera.exe (PID: 5436)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 5768)
      • opera.exe (PID: 5316)
      • opera.exe (PID: 5440)
      • opera.exe (PID: 5324)
      • opera.exe (PID: 5612)
      • opera.exe (PID: 6084)
      • opera.exe (PID: 5856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
585
Monitored processes
379
Malicious processes
26
Suspicious processes
9

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs driverpack-17-online.exe no specs driverpack-17-online.exe cmd.exe no specs mshta.exe cmd.exe no specs powershell.exe no specs rundll32.exe no specs csc.exe cvtres.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs chcp.com no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe sc.exe no specs driverpack-wget.exe driverpack-wget.exe vssvc.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wmic.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe SPPSurrogate no specs cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe cmd.exe no specs aria2c.exe aria2c.exe aria2c.exe aria2c.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs aria2c.exe searcherbar.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs aria2c.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs aria2c.exe operablink_win7.exe operablink_win7.exe operablink_win7.exe operablink_win7.exe operablink_win7.exe installer.exe installer.exe launcher.exe no specs opera.exe cmd.exe no specs aria2c.exe opera_crashreporter.exe opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe opera.exe opera.exe csc.exe opera.exe opera.exe opera.exe opera.exe cvtres.exe no specs opera.exe opera.exe opera.exe no specs opera.exe opera.exe no specs opera.exe opera.exe opera.exe opera.exe opera_autoupdate.exe opera_autoupdate.exe launcher.exe installer.exe opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe chrome.exe opera.exe cmd.exe no specs aria2c.exe

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "http://dwrapper-prod.herokuapp.com/bin/watcher.html"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
128"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Program Files\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-SETUP-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_48799.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_48799.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
268"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1156,i,14285175405670412561,16078583141764767692,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1360 --field-trial-handle=1156,i,14285175405670412561,16078583141764767692,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
332"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Program Files\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_46626.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_46626.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
452"C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink_win7.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=5528 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\Opera Installer Temp\opera_package_20240122132913" --session-guid=6df7afc1-d973-4ac3-a900-182cddf7f304 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=DC02000000000000C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink_win7.exe
OperaBlink_win7.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
64.0.3417.73
Modules
Images
c:\users\admin\appdata\roaming\drpsu\programs\operablink_win7.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
604"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Program Files\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_87275.log" C:\Program Files\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
664"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Program Files\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/SERVICE_MODE-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_12689.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_12689.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
664"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Program Files\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_72058.log" C:\Program Files\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --mojo-platform-channel-handle=3544 --field-trial-handle=1156,i,14285175405670412561,16078583141764767692,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
105 111
Read events
103 524
Write events
1 575
Delete events
12

Modification events

(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(116) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
(PID) Process:(116) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_enableddate
Value:
0
Executable files
58
Suspicious files
966
Text files
1 102
Unknown types
1

Dropped files

PID
Process
Filename
Type
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFdf9a3.TMP
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFdf9b2.TMPtext
MD5:05CF4C3C5148DA6355D3561A9EAA5E8A
SHA256:8D720243F6876898E4F197C8867C4CEE69F1C7335C55B8A29C120B1028D93E41
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFdf9d1.TMPtext
MD5:ADB669AB4CD1C63883C64FB0DBA2C7DA
SHA256:18BFF89047EC5B122573D089B3DC7A7DD14A5A7A515B2D8141584B41E723253F
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RFe0088.TMP
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:AD0DB8476493577A67FA94A162B646C4
SHA256:304FB5B4FD83D4A9FF1EF4CF20232A1783169C148297BFE37ED24A1D22A74F2B
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RFe0cfc.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 147
TCP/UDP connections
469
DNS requests
106
Threats
684

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/client_ip.js
unknown
text
31 b
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/watcher.html
unknown
html
3.79 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/2.js
unknown
text
4.97 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/1.js
unknown
text
1.70 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/3.js
unknown
text
2.48 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/4.js
unknown
text
1.13 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/5.js
unknown
text
557 b
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/1.js
unknown
text
1.70 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/manual_download.html
unknown
html
1.42 Kb
unknown
316
chrome.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/statistics.js
unknown
text
7.72 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
116
chrome.exe
239.255.255.250:1900
whitelisted
316
chrome.exe
108.177.15.84:443
accounts.google.com
GOOGLE
US
unknown
316
chrome.exe
46.137.15.86:80
dwrapper-prod.herokuapp.com
AMAZON-02
IE
unknown
316
chrome.exe
3.126.133.169:80
dddwrapper.matomo.cloud
AMAZON-02
DE
unknown
116
chrome.exe
224.0.0.251:5353
unknown
316
chrome.exe
142.250.186.164:443
www.google.com
GOOGLE
US
whitelisted
316
chrome.exe
87.117.239.150:443
dl.driverpack.io
Iomart Cloud Services Limited
GB
unknown

DNS requests

Domain
IP
Reputation
accounts.google.com
  • 108.177.15.84
shared
dwrapper-prod.herokuapp.com
  • 46.137.15.86
  • 54.73.53.134
  • 54.220.192.176
unknown
dddwrapper.matomo.cloud
  • 3.126.133.169
  • 18.195.235.189
  • 18.157.122.248
unknown
dl.driverpack.io
  • 87.117.239.150
  • 87.117.231.157
  • 81.94.192.167
  • 87.117.239.151
unknown
www.google.com
  • 142.250.186.164
whitelisted
sb-ssl.google.com
  • 142.250.185.206
whitelisted
www.googleapis.com
  • 172.217.18.10
  • 142.250.185.74
  • 142.250.185.106
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.181.234
  • 172.217.16.138
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.186.42
whitelisted
allfont.ru
  • 188.114.96.3
  • 188.114.97.3
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.202
  • 184.24.77.194
whitelisted
ocsp.pki.goog
  • 142.250.186.163
whitelisted

Threats

PID
Process
Class
Message
316
chrome.exe
A Network Trojan was detected
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
316
chrome.exe
A Network Trojan was detected
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
316
chrome.exe
A Network Trojan was detected
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
3208
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://dwrapper-prod.herokuapp.com/bin/watcher.html