URL:

http://dl.driverpack.io/test/PROD_Start_DriverPack.hta

Full analysis: https://app.any.run/tasks/0db3b0fa-ce88-44f7-b9d9-e015a613c85e
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 14, 2023, 06:16:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
qrcode
loader
Indicators:
SHA1:

1CCE2993795BAB8B5BA5A7FAAF78A709C244C361

SHA256:

A5E6AAA81A8752531F9B3666685C1F1601F8FB427FEB9B5781836E20525EC6ED

SSDEEP:

3:N1KaJdSAXJOL+q10+ru:CaJdSAQqqSGu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Downloads files via BITSADMIN.EXE

      • cmd.exe (PID: 588)
      • mshta.exe (PID: 3712)

    • Drops the executable file immediately after the start

      • 7za.exe (PID: 3344)
      • csc.exe (PID: 3780)
      • mshta.exe (PID: 3712)
      • aria2c.exe (PID: 2120)
      • aria2c.exe (PID: 4480)
      • SearcherBar.exe (PID: 4876)
      • aria2c.exe (PID: 4832)
      • aria2c.exe (PID: 644)
      • OperaBlink_win7.exe (PID: 4248)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 5932)
      • OperaBlink_win7.exe (PID: 4244)
      • OperaBlink_win7.exe (PID: 4120)
      • OperaBlink_win7.exe (PID: 4160)
      • installer.exe (PID: 5580)
      • installer.exe (PID: 1784)
      • csc.exe (PID: 5728)
      • aria2c.exe (PID: 3172)
      • launcher.exe (PID: 4376)
      • installer.exe (PID: 4292)
      • installer.exe (PID: 2152)
      • opera_autoupdate.exe (PID: 5708)
      • Chrone.exe (PID: 4340)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 1936)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 1644)

    • Starts Visual C# compiler

      • powershell.exe (PID: 1936)

    • Actions looks like stealing of personal data

      • mshta.exe (PID: 3712)
      • OperaBlink_win7.exe (PID: 4248)
      • OperaBlink_win7.exe (PID: 5932)
      • OperaBlink_win7.exe (PID: 4160)
      • OperaBlink_win7.exe (PID: 4120)
      • installer.exe (PID: 1784)
      • installer.exe (PID: 5580)
      • opera_crashreporter.exe (PID: 3812)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 2524)
      • opera_crashreporter.exe (PID: 5292)
      • opera.exe (PID: 4796)
      • opera.exe (PID: 4984)
      • opera.exe (PID: 2740)
      • opera.exe (PID: 1212)
      • opera.exe (PID: 4776)
      • opera.exe (PID: 1064)
      • opera.exe (PID: 2320)
      • opera.exe (PID: 1588)
      • opera.exe (PID: 6040)
      • opera.exe (PID: 4624)
      • opera.exe (PID: 4620)
      • opera.exe (PID: 1904)
      • opera.exe (PID: 1244)
      • opera.exe (PID: 4544)
      • opera.exe (PID: 276)
      • opera.exe (PID: 3536)
      • opera.exe (PID: 2300)
      • opera_autoupdate.exe (PID: 4852)
      • opera_autoupdate.exe (PID: 5060)
      • opera.exe (PID: 4976)
      • opera.exe (PID: 5228)

  • SUSPICIOUS

    • Process requests binary or script from the Internet

      • mshta.exe (PID: 984)
      • mshta.exe (PID: 1848)
      • mshta.exe (PID: 3712)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 2120)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 4480)
      • aria2c.exe (PID: 4832)
      • aria2c.exe (PID: 4168)
      • aria2c.exe (PID: 5884)
      • aria2c.exe (PID: 3172)

    • Found strings related to reading or modifying Windows Defender settings

      • mshta.exe (PID: 984)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 588)
      • cmd.exe (PID: 2784)
      • cmd.exe (PID: 3184)
      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 1248)
      • cmd.exe (PID: 3460)
      • cmd.exe (PID: 2232)
      • cmd.exe (PID: 3536)
      • cmd.exe (PID: 3808)
      • cmd.exe (PID: 1852)
      • cmd.exe (PID: 1644)
      • cmd.exe (PID: 3824)
      • cmd.exe (PID: 2880)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 2488)
      • cmd.exe (PID: 1460)
      • cmd.exe (PID: 3060)
      • cmd.exe (PID: 3636)
      • cmd.exe (PID: 3740)
      • cmd.exe (PID: 4040)
      • cmd.exe (PID: 1344)
      • cmd.exe (PID: 3476)
      • cmd.exe (PID: 2736)
      • cmd.exe (PID: 2408)
      • cmd.exe (PID: 2484)
      • cmd.exe (PID: 2240)
      • cmd.exe (PID: 3120)

    • Query Microsoft Defender status

      • mshta.exe (PID: 984)
      • cmd.exe (PID: 2336)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2336)
      • cmd.exe (PID: 1644)

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 984)
      • cmd.exe (PID: 3916)
      • mshta.exe (PID: 3712)

    • Cmdlet gets the status of antimalware software installed on the computer

      • cmd.exe (PID: 2336)

    • Powershell version downgrade attack

      • powershell.exe (PID: 2316)
      • powershell.exe (PID: 1936)

    • Reads the Internet Settings

      • mshta.exe (PID: 984)
      • cmd.exe (PID: 4068)
      • mshta.exe (PID: 3712)
      • mshta.exe (PID: 1848)
      • WMIC.exe (PID: 2760)
      • OperaBlink_win7.exe (PID: 4248)
      • opera.exe (PID: 2524)
      • opera.exe (PID: 5228)
      • opera_autoupdate.exe (PID: 4852)

    • Drops 7-zip archiver for unpacking

      • expand.exe (PID: 2516)
      • 7za.exe (PID: 3344)

    • Executing commands from a ".bat" file

      • mshta.exe (PID: 984)
      • cmd.exe (PID: 3916)

    • Application launched itself

      • cmd.exe (PID: 3916)
      • mshta.exe (PID: 984)
      • OperaBlink_win7.exe (PID: 4248)
      • OperaBlink_win7.exe (PID: 4160)
      • installer.exe (PID: 1784)
      • opera.exe (PID: 2524)
      • opera.exe (PID: 5228)
      • opera_autoupdate.exe (PID: 5708)
      • opera_autoupdate.exe (PID: 4852)

    • Process drops legitimate windows executable

      • 7za.exe (PID: 3344)
      • mshta.exe (PID: 3712)
      • OperaBlink_win7.exe (PID: 4160)
      • Chrone.exe (PID: 4340)

    • Executing commands from ".cmd" file

      • mshta.exe (PID: 3712)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 1644)

    • The process hides Powershell's copyright startup banner

      • cmd.exe (PID: 1644)

    • Get information on the list of running processes

      • cmd.exe (PID: 1644)

    • The process hide an interactive prompt from the user

      • cmd.exe (PID: 1644)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 1644)

    • Uses RUNDLL32.EXE to load library

      • mshta.exe (PID: 3712)

    • Adds/modifies Windows certificates

      • cmd.exe (PID: 4068)

    • Uses .NET C# to load dll

      • powershell.exe (PID: 1936)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 2112)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 856)

    • Changes internet zones settings

      • mshta.exe (PID: 3712)

    • Starts application with an unusual extension

      • cmd.exe (PID: 968)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2344)

    • Uses WMIC.EXE to obtain system information

      • cmd.exe (PID: 2764)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3340)

    • Searches for installed software

      • dllhost.exe (PID: 2676)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 968)

    • Starts itself from another location

      • OperaBlink_win7.exe (PID: 4248)

    • Reads security settings of Internet Explorer

      • OperaBlink_win7.exe (PID: 4248)

    • Checks Windows Trust Settings

      • OperaBlink_win7.exe (PID: 4248)

    • Reads settings of System Certificates

      • OperaBlink_win7.exe (PID: 4248)
      • opera.exe (PID: 4776)

    • Reads browser cookies

      • opera.exe (PID: 4776)

    • The process executes via Task Scheduler

      • launcher.exe (PID: 4376)

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 2116)
      • 7za.exe (PID: 3344)
      • csc.exe (PID: 3780)
      • cvtres.exe (PID: 2788)
      • driverpack-wget.exe (PID: 2268)
      • driverpack-wget.exe (PID: 1988)
      • driverpack-wget.exe (PID: 712)
      • driverpack-wget.exe (PID: 2452)
      • driverpack-wget.exe (PID: 2836)
      • driverpack-wget.exe (PID: 2784)
      • driverpack-wget.exe (PID: 276)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 3324)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2064)
      • driverpack-wget.exe (PID: 3728)
      • driverpack-wget.exe (PID: 3024)
      • driverpack-wget.exe (PID: 1248)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 1028)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 3752)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-7za.exe (PID: 2924)
      • chcp.com (PID: 3028)
      • driverpack-wget.exe (PID: 372)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 3948)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 2692)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 1852)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 2120)
      • driverpack-wget.exe (PID: 1660)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 2532)
      • driverpack-wget.exe (PID: 588)
      • driverpack-wget.exe (PID: 240)
      • driverpack-wget.exe (PID: 4028)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 1924)
      • driverpack-wget.exe (PID: 528)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 2864)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 2140)
      • driverpack-wget.exe (PID: 1832)
      • driverpack-wget.exe (PID: 1600)
      • driverpack-wget.exe (PID: 1356)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 1952)
      • driverpack-wget.exe (PID: 3240)
      • driverpack-wget.exe (PID: 3908)
      • driverpack-wget.exe (PID: 3056)
      • driverpack-wget.exe (PID: 1944)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 280)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 188)
      • driverpack-wget.exe (PID: 2416)
      • driverpack-wget.exe (PID: 2072)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 4212)
      • driverpack-wget.exe (PID: 4220)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 1900)
      • aria2c.exe (PID: 4480)
      • driverpack-wget.exe (PID: 4572)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4924)
      • driverpack-wget.exe (PID: 4916)
      • driverpack-wget.exe (PID: 5392)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 5732)
      • driverpack-wget.exe (PID: 5724)
      • driverpack-wget.exe (PID: 5692)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 4132)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 5788)
      • driverpack-wget.exe (PID: 4576)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5444)
      • driverpack-wget.exe (PID: 5360)
      • driverpack-wget.exe (PID: 5580)
      • driverpack-wget.exe (PID: 5404)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5604)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 4716)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5200)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4756)
      • driverpack-wget.exe (PID: 6016)
      • driverpack-wget.exe (PID: 6008)
      • driverpack-wget.exe (PID: 5348)
      • driverpack-wget.exe (PID: 5536)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4176)
      • aria2c.exe (PID: 4832)
      • SearcherBar.exe (PID: 4876)
      • driverpack-wget.exe (PID: 5224)
      • driverpack-wget.exe (PID: 5236)
      • driverpack-wget.exe (PID: 5240)
      • driverpack-wget.exe (PID: 3548)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 4276)
      • driverpack-wget.exe (PID: 6120)
      • driverpack-wget.exe (PID: 5548)
      • driverpack-wget.exe (PID: 5588)
      • driverpack-wget.exe (PID: 6000)
      • driverpack-wget.exe (PID: 6140)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5268)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 5528)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 5932)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 1856)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 4188)
      • driverpack-wget.exe (PID: 6004)
      • driverpack-wget.exe (PID: 5328)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5552)
      • driverpack-wget.exe (PID: 2220)
      • driverpack-wget.exe (PID: 5172)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 4248)
      • OperaBlink_win7.exe (PID: 5932)
      • OperaBlink_win7.exe (PID: 4244)
      • OperaBlink_win7.exe (PID: 4160)
      • OperaBlink_win7.exe (PID: 4120)
      • aria2c.exe (PID: 5884)
      • installer.exe (PID: 1784)
      • installer.exe (PID: 5580)
      • opera.exe (PID: 2524)
      • opera_crashreporter.exe (PID: 3812)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 4984)
      • launcher.exe (PID: 3764)
      • opera_crashreporter.exe (PID: 5292)
      • opera.exe (PID: 4796)
      • opera.exe (PID: 4776)
      • opera.exe (PID: 5228)
      • opera.exe (PID: 2740)
      • opera.exe (PID: 1212)
      • csc.exe (PID: 5728)
      • cvtres.exe (PID: 1228)
      • opera.exe (PID: 2320)
      • opera.exe (PID: 1064)
      • opera.exe (PID: 1588)
      • aria2c.exe (PID: 3172)
      • opera.exe (PID: 4624)
      • opera.exe (PID: 4620)
      • opera.exe (PID: 1904)
      • opera.exe (PID: 4188)
      • opera.exe (PID: 1244)
      • opera.exe (PID: 6040)
      • opera.exe (PID: 4544)
      • opera.exe (PID: 276)
      • launcher.exe (PID: 4376)
      • opera_autoupdate.exe (PID: 5708)
      • opera_autoupdate.exe (PID: 4256)
      • opera.exe (PID: 3536)
      • opera.exe (PID: 2300)
      • opera_autoupdate.exe (PID: 4852)
      • installer.exe (PID: 4292)
      • opera_autoupdate.exe (PID: 5060)
      • opera.exe (PID: 4976)
      • Chrone.exe (PID: 4340)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2116)
      • opera.exe (PID: 5228)

    • The process uses the downloaded file

      • chrome.exe (PID: 4040)
      • mshta.exe (PID: 984)
      • chrome.exe (PID: 3140)
      • chrome.exe (PID: 2412)
      • chrome.exe (PID: 124)
      • chrome.exe (PID: 2392)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2116)
      • 7za.exe (PID: 3344)
      • driverpack-wget.exe (PID: 1988)
      • driverpack-wget.exe (PID: 2268)
      • driverpack-wget.exe (PID: 2452)
      • driverpack-wget.exe (PID: 712)
      • driverpack-wget.exe (PID: 2836)
      • driverpack-wget.exe (PID: 2784)
      • driverpack-wget.exe (PID: 276)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 3324)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2064)
      • driverpack-wget.exe (PID: 3728)
      • driverpack-wget.exe (PID: 1028)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 3024)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 3752)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-7za.exe (PID: 2924)
      • driverpack-wget.exe (PID: 372)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 3948)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 3824)
      • aria2c.exe (PID: 1852)
      • driverpack-wget.exe (PID: 1248)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 2120)
      • driverpack-wget.exe (PID: 1660)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 2532)
      • driverpack-wget.exe (PID: 240)
      • driverpack-wget.exe (PID: 4028)
      • driverpack-wget.exe (PID: 1924)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 528)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 2864)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 1952)
      • driverpack-wget.exe (PID: 2140)
      • driverpack-wget.exe (PID: 1832)
      • driverpack-wget.exe (PID: 1356)
      • driverpack-wget.exe (PID: 3240)
      • driverpack-wget.exe (PID: 588)
      • driverpack-wget.exe (PID: 3908)
      • driverpack-wget.exe (PID: 1600)
      • driverpack-wget.exe (PID: 1944)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 3056)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 280)
      • driverpack-wget.exe (PID: 2072)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 2416)
      • driverpack-wget.exe (PID: 188)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 1900)
      • driverpack-wget.exe (PID: 4220)
      • aria2c.exe (PID: 4480)
      • driverpack-wget.exe (PID: 4212)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4572)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4916)
      • driverpack-wget.exe (PID: 4924)
      • driverpack-wget.exe (PID: 5392)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 5692)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5732)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 5724)
      • driverpack-wget.exe (PID: 5788)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 4132)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4576)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5444)
      • driverpack-wget.exe (PID: 5360)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5404)
      • driverpack-wget.exe (PID: 5580)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5604)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 4716)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5200)
      • driverpack-wget.exe (PID: 5192)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4756)
      • driverpack-wget.exe (PID: 4720)
      • driverpack-wget.exe (PID: 5348)
      • driverpack-wget.exe (PID: 6016)
      • driverpack-wget.exe (PID: 6008)
      • driverpack-wget.exe (PID: 5536)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 1856)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4176)
      • SearcherBar.exe (PID: 4876)
      • driverpack-wget.exe (PID: 5224)
      • driverpack-wget.exe (PID: 3548)
      • driverpack-wget.exe (PID: 5236)
      • driverpack-wget.exe (PID: 5240)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 4276)
      • driverpack-wget.exe (PID: 5548)
      • driverpack-wget.exe (PID: 6120)
      • driverpack-wget.exe (PID: 5588)
      • driverpack-wget.exe (PID: 6000)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 6140)
      • driverpack-wget.exe (PID: 5268)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 5528)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 5932)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 4188)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 6004)
      • driverpack-wget.exe (PID: 5328)
      • aria2c.exe (PID: 4832)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5552)
      • driverpack-wget.exe (PID: 2220)
      • driverpack-wget.exe (PID: 5172)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 4248)
      • aria2c.exe (PID: 5884)
      • installer.exe (PID: 1784)
      • launcher.exe (PID: 3764)
      • opera.exe (PID: 2524)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 5228)
      • opera.exe (PID: 4796)
      • opera.exe (PID: 4984)
      • opera.exe (PID: 2740)
      • opera.exe (PID: 1212)
      • opera.exe (PID: 4776)
      • aria2c.exe (PID: 3172)
      • opera.exe (PID: 2320)
      • opera.exe (PID: 1588)
      • opera.exe (PID: 1064)
      • opera.exe (PID: 6040)
      • opera.exe (PID: 4620)
      • opera.exe (PID: 4624)
      • opera.exe (PID: 1904)
      • opera.exe (PID: 4188)
      • opera.exe (PID: 1244)
      • opera.exe (PID: 4544)
      • opera.exe (PID: 276)
      • opera_autoupdate.exe (PID: 5708)
      • opera.exe (PID: 2300)
      • opera_autoupdate.exe (PID: 4852)
      • opera.exe (PID: 4976)
      • Chrone.exe (PID: 4340)

    • Application launched itself

      • chrome.exe (PID: 3140)

    • Checks proxy server information

      • mshta.exe (PID: 984)
      • mshta.exe (PID: 3712)
      • mshta.exe (PID: 1848)
      • OperaBlink_win7.exe (PID: 4248)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 984)
      • mshta.exe (PID: 3712)
      • mshta.exe (PID: 1848)

    • Uses BITSADMIN.EXE

      • cmd.exe (PID: 2784)
      • cmd.exe (PID: 2232)
      • cmd.exe (PID: 3184)
      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 1248)
      • cmd.exe (PID: 3536)
      • cmd.exe (PID: 1852)
      • cmd.exe (PID: 3460)
      • cmd.exe (PID: 3808)
      • cmd.exe (PID: 2880)
      • cmd.exe (PID: 1644)
      • cmd.exe (PID: 3824)
      • cmd.exe (PID: 1460)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 2488)
      • cmd.exe (PID: 3060)
      • cmd.exe (PID: 3636)
      • cmd.exe (PID: 3740)
      • cmd.exe (PID: 4040)
      • cmd.exe (PID: 2736)
      • cmd.exe (PID: 1344)
      • cmd.exe (PID: 3476)
      • cmd.exe (PID: 2484)
      • cmd.exe (PID: 2408)
      • cmd.exe (PID: 2240)
      • cmd.exe (PID: 3120)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 2116)
      • cvtres.exe (PID: 2788)
      • csc.exe (PID: 3780)
      • aria2c.exe (PID: 1852)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 2120)
      • aria2c.exe (PID: 4480)
      • aria2c.exe (PID: 4832)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 4248)
      • aria2c.exe (PID: 5884)
      • installer.exe (PID: 1784)
      • opera.exe (PID: 2524)
      • opera.exe (PID: 5228)
      • csc.exe (PID: 5728)
      • cvtres.exe (PID: 1228)
      • aria2c.exe (PID: 3172)
      • opera.exe (PID: 4776)
      • opera_autoupdate.exe (PID: 4256)
      • opera_autoupdate.exe (PID: 5708)
      • opera_autoupdate.exe (PID: 4852)
      • opera_autoupdate.exe (PID: 5060)

    • Create files in a temporary directory

      • expand.exe (PID: 2516)
      • 7za.exe (PID: 3344)
      • csc.exe (PID: 3780)
      • cvtres.exe (PID: 2788)
      • driverpack-wget.exe (PID: 1988)
      • driverpack-wget.exe (PID: 2268)
      • driverpack-wget.exe (PID: 2452)
      • driverpack-wget.exe (PID: 712)
      • driverpack-wget.exe (PID: 2836)
      • driverpack-wget.exe (PID: 2784)
      • driverpack-wget.exe (PID: 276)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 3324)
      • driverpack-wget.exe (PID: 2064)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 3728)
      • driverpack-wget.exe (PID: 1028)
      • driverpack-wget.exe (PID: 1248)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 3024)
      • driverpack-wget.exe (PID: 372)
      • driverpack-wget.exe (PID: 3948)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 1660)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 2532)
      • driverpack-wget.exe (PID: 588)
      • driverpack-wget.exe (PID: 240)
      • driverpack-wget.exe (PID: 1924)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 4028)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 528)
      • driverpack-wget.exe (PID: 1832)
      • driverpack-wget.exe (PID: 1600)
      • driverpack-wget.exe (PID: 1356)
      • driverpack-wget.exe (PID: 3240)
      • driverpack-wget.exe (PID: 3908)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 3056)
      • driverpack-wget.exe (PID: 1944)
      • driverpack-wget.exe (PID: 280)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 2072)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 2416)
      • driverpack-wget.exe (PID: 188)
      • driverpack-wget.exe (PID: 1900)
      • driverpack-wget.exe (PID: 4212)
      • driverpack-wget.exe (PID: 4220)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4572)
      • driverpack-wget.exe (PID: 4916)
      • driverpack-wget.exe (PID: 4924)
      • driverpack-wget.exe (PID: 5392)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5724)
      • driverpack-wget.exe (PID: 5788)
      • driverpack-wget.exe (PID: 5692)
      • driverpack-wget.exe (PID: 5732)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4132)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4576)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5444)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5360)
      • driverpack-wget.exe (PID: 5404)
      • driverpack-wget.exe (PID: 5580)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 5604)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4716)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 5200)
      • driverpack-wget.exe (PID: 4756)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4720)
      • driverpack-wget.exe (PID: 5192)
      • driverpack-wget.exe (PID: 6008)
      • driverpack-wget.exe (PID: 6016)
      • driverpack-wget.exe (PID: 5536)
      • driverpack-wget.exe (PID: 5348)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 1856)
      • driverpack-wget.exe (PID: 4176)
      • SearcherBar.exe (PID: 4876)
      • driverpack-wget.exe (PID: 5224)
      • driverpack-wget.exe (PID: 3548)
      • driverpack-wget.exe (PID: 5236)
      • driverpack-wget.exe (PID: 5240)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 6000)
      • driverpack-wget.exe (PID: 5588)
      • driverpack-wget.exe (PID: 6120)
      • driverpack-wget.exe (PID: 4276)
      • driverpack-wget.exe (PID: 5548)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 6140)
      • driverpack-wget.exe (PID: 5268)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 5528)
      • driverpack-wget.exe (PID: 5932)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 4188)
      • driverpack-wget.exe (PID: 5328)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5552)
      • driverpack-wget.exe (PID: 6004)
      • driverpack-wget.exe (PID: 5172)
      • driverpack-wget.exe (PID: 2220)
      • OperaBlink_win7.exe (PID: 4248)
      • OperaBlink_win7.exe (PID: 5932)
      • OperaBlink_win7.exe (PID: 4244)
      • OperaBlink_win7.exe (PID: 4120)
      • OperaBlink_win7.exe (PID: 4160)
      • installer.exe (PID: 1784)
      • installer.exe (PID: 5580)
      • driverpack-wget.exe (PID: 5376)
      • opera.exe (PID: 5228)
      • csc.exe (PID: 5728)
      • cvtres.exe (PID: 1228)
      • launcher.exe (PID: 4376)
      • opera_autoupdate.exe (PID: 4256)
      • installer.exe (PID: 4292)
      • Chrone.exe (PID: 4340)

    • Drops the executable file immediately after the start

      • expand.exe (PID: 2516)
      • chrome.exe (PID: 5356)

    • The executable file from the user directory is run by the CMD process

      • 7za.exe (PID: 3344)
      • driverpack-wget.exe (PID: 2452)
      • driverpack-wget.exe (PID: 1988)
      • driverpack-wget.exe (PID: 2268)
      • driverpack-wget.exe (PID: 712)
      • driverpack-wget.exe (PID: 2836)
      • driverpack-wget.exe (PID: 276)
      • driverpack-wget.exe (PID: 2784)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2064)
      • driverpack-wget.exe (PID: 3324)
      • driverpack-wget.exe (PID: 3728)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 1028)
      • driverpack-wget.exe (PID: 1248)
      • driverpack-wget.exe (PID: 3024)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-wget.exe (PID: 3752)
      • driverpack-wget.exe (PID: 372)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 3948)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 2692)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 1852)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 2120)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 1660)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 2532)
      • driverpack-wget.exe (PID: 588)
      • driverpack-wget.exe (PID: 240)
      • driverpack-wget.exe (PID: 4028)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 1924)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2864)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 1892)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 2140)
      • driverpack-wget.exe (PID: 1600)
      • driverpack-wget.exe (PID: 1832)
      • driverpack-wget.exe (PID: 1356)
      • driverpack-wget.exe (PID: 1952)
      • driverpack-wget.exe (PID: 3240)
      • driverpack-wget.exe (PID: 3908)
      • driverpack-wget.exe (PID: 1944)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 3056)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 280)
      • driverpack-wget.exe (PID: 528)
      • driverpack-wget.exe (PID: 2072)
      • driverpack-wget.exe (PID: 2416)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 188)
      • driverpack-wget.exe (PID: 1900)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 4220)
      • driverpack-wget.exe (PID: 4212)
      • driverpack-wget.exe (PID: 4572)
      • aria2c.exe (PID: 4480)
      • driverpack-wget.exe (PID: 4580)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 4916)
      • driverpack-wget.exe (PID: 4924)
      • driverpack-wget.exe (PID: 5392)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5692)
      • driverpack-wget.exe (PID: 5724)
      • driverpack-wget.exe (PID: 5732)
      • driverpack-wget.exe (PID: 5788)
      • driverpack-wget.exe (PID: 4132)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4576)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5444)
      • driverpack-wget.exe (PID: 5580)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5360)
      • driverpack-wget.exe (PID: 5404)
      • driverpack-wget.exe (PID: 5604)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 4716)
      • driverpack-wget.exe (PID: 5200)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 4756)
      • driverpack-wget.exe (PID: 5192)
      • driverpack-wget.exe (PID: 4720)
      • driverpack-wget.exe (PID: 5348)
      • driverpack-wget.exe (PID: 6008)
      • driverpack-wget.exe (PID: 6016)
      • driverpack-wget.exe (PID: 5536)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 1856)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4176)
      • SearcherBar.exe (PID: 4876)
      • aria2c.exe (PID: 4832)
      • driverpack-wget.exe (PID: 5224)
      • driverpack-wget.exe (PID: 5236)
      • driverpack-wget.exe (PID: 5240)
      • driverpack-wget.exe (PID: 3548)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 4276)
      • driverpack-wget.exe (PID: 5548)
      • driverpack-wget.exe (PID: 5588)
      • driverpack-wget.exe (PID: 6000)
      • driverpack-wget.exe (PID: 6120)
      • driverpack-wget.exe (PID: 6140)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 5268)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 5528)
      • driverpack-wget.exe (PID: 5932)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 4188)
      • driverpack-wget.exe (PID: 6004)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5552)
      • driverpack-wget.exe (PID: 2220)
      • driverpack-wget.exe (PID: 5172)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 4248)
      • aria2c.exe (PID: 5884)
      • driverpack-wget.exe (PID: 5328)
      • aria2c.exe (PID: 3172)
      • Chrone.exe (PID: 4340)

    • Creates files or folders in the user directory

      • driverpack-wget.exe (PID: 2268)
      • driverpack-wget.exe (PID: 1988)
      • driverpack-wget.exe (PID: 712)
      • driverpack-wget.exe (PID: 2452)
      • driverpack-wget.exe (PID: 2836)
      • driverpack-wget.exe (PID: 2784)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 276)
      • driverpack-wget.exe (PID: 3324)
      • driverpack-wget.exe (PID: 2064)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 3728)
      • driverpack-wget.exe (PID: 1028)
      • driverpack-wget.exe (PID: 1248)
      • driverpack-wget.exe (PID: 3024)
      • driverpack-wget.exe (PID: 3368)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 3752)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-7za.exe (PID: 2924)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 372)
      • driverpack-wget.exe (PID: 3948)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 1660)
      • driverpack-wget.exe (PID: 2884)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 2532)
      • driverpack-wget.exe (PID: 588)
      • driverpack-wget.exe (PID: 240)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 4028)
      • driverpack-wget.exe (PID: 1924)
      • driverpack-wget.exe (PID: 528)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 3004)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 2864)
      • driverpack-wget.exe (PID: 1892)
      • aria2c.exe (PID: 3076)
      • aria2c.exe (PID: 3652)
      • aria2c.exe (PID: 644)
      • aria2c.exe (PID: 1852)
      • aria2c.exe (PID: 2120)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 1952)
      • driverpack-wget.exe (PID: 1832)
      • driverpack-wget.exe (PID: 2140)
      • driverpack-wget.exe (PID: 1600)
      • driverpack-wget.exe (PID: 3240)
      • driverpack-wget.exe (PID: 3908)
      • driverpack-wget.exe (PID: 1356)
      • driverpack-wget.exe (PID: 1944)
      • driverpack-wget.exe (PID: 2436)
      • driverpack-wget.exe (PID: 3056)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 280)
      • driverpack-wget.exe (PID: 1488)
      • driverpack-wget.exe (PID: 2072)
      • driverpack-wget.exe (PID: 2416)
      • driverpack-wget.exe (PID: 188)
      • driverpack-wget.exe (PID: 1900)
      • driverpack-wget.exe (PID: 3812)
      • driverpack-wget.exe (PID: 4572)
      • driverpack-wget.exe (PID: 4212)
      • driverpack-wget.exe (PID: 4220)
      • driverpack-wget.exe (PID: 4580)
      • aria2c.exe (PID: 4480)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4916)
      • driverpack-wget.exe (PID: 4924)
      • driverpack-wget.exe (PID: 5392)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 5692)
      • driverpack-wget.exe (PID: 5732)
      • driverpack-wget.exe (PID: 5724)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 1824)
      • driverpack-wget.exe (PID: 4132)
      • driverpack-wget.exe (PID: 5788)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4576)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4592)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4504)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5444)
      • driverpack-wget.exe (PID: 5360)
      • driverpack-wget.exe (PID: 1836)
      • driverpack-wget.exe (PID: 5684)
      • driverpack-wget.exe (PID: 5404)
      • driverpack-wget.exe (PID: 5580)
      • driverpack-wget.exe (PID: 5604)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 4716)
      • driverpack-wget.exe (PID: 4704)
      • driverpack-wget.exe (PID: 5200)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4720)
      • driverpack-wget.exe (PID: 4756)
      • driverpack-wget.exe (PID: 5348)
      • driverpack-wget.exe (PID: 6016)
      • driverpack-wget.exe (PID: 5536)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 6008)
      • driverpack-wget.exe (PID: 1856)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 4176)
      • aria2c.exe (PID: 4832)
      • driverpack-wget.exe (PID: 5224)
      • driverpack-wget.exe (PID: 5236)
      • driverpack-wget.exe (PID: 3548)
      • driverpack-wget.exe (PID: 5240)
      • driverpack-wget.exe (PID: 5168)
      • driverpack-wget.exe (PID: 4276)
      • driverpack-wget.exe (PID: 5548)
      • driverpack-wget.exe (PID: 6120)
      • driverpack-wget.exe (PID: 5588)
      • driverpack-wget.exe (PID: 6000)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 6140)
      • driverpack-wget.exe (PID: 5268)
      • driverpack-wget.exe (PID: 5376)
      • driverpack-wget.exe (PID: 4672)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 5528)
      • driverpack-wget.exe (PID: 5932)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 6004)
      • driverpack-wget.exe (PID: 4188)
      • driverpack-wget.exe (PID: 5328)
      • driverpack-wget.exe (PID: 1560)
      • driverpack-wget.exe (PID: 5552)
      • driverpack-wget.exe (PID: 5172)
      • driverpack-wget.exe (PID: 2220)
      • aria2c.exe (PID: 4168)
      • OperaBlink_win7.exe (PID: 5932)
      • OperaBlink_win7.exe (PID: 4248)
      • aria2c.exe (PID: 5884)
      • opera.exe (PID: 2524)
      • installer.exe (PID: 1784)
      • opera.exe (PID: 5228)
      • aria2c.exe (PID: 3172)
      • opera.exe (PID: 4776)

    • Creates files in the program directory

      • SearcherBar.exe (PID: 4876)
      • OperaBlink_win7.exe (PID: 4160)
      • installer.exe (PID: 1784)

    • Process checks computer location settings

      • opera.exe (PID: 5228)
      • opera.exe (PID: 2740)
      • opera.exe (PID: 1212)
      • opera.exe (PID: 1064)
      • opera.exe (PID: 1588)
      • opera.exe (PID: 6040)
      • opera.exe (PID: 4620)
      • opera.exe (PID: 1904)
      • opera.exe (PID: 4544)
      • opera.exe (PID: 276)
      • opera.exe (PID: 1244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
741
Monitored processes
500
Malicious processes
43
Suspicious processes
18

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs chrome.exe no specs mshta.exe cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs powershell.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs chrome.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs chrome.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs bitsadmin.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs bitsadmin.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs expand.exe no specs cmd.exe no specs 7za.exe no specs cmd.exe cmd.exe no specs mshta.exe cmd.exe no specs powershell.exe no specs rundll32.exe no specs mshta.exe csc.exe cvtres.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-7za.exe no specs cmd.exe no specs chcp.com no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs sc.exe no specs vssvc.exe no specs cmd.exe no specs wmic.exe no specs SPPSurrogate no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe aria2c.exe aria2c.exe aria2c.exe aria2c.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs aria2c.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs aria2c.exe searcherbar.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe bitsadmin.exe no specs bitsadmin.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe operablink_win7.exe operablink_win7.exe operablink_win7.exe no specs operablink_win7.exe operablink_win7.exe cmd.exe no specs aria2c.exe installer.exe installer.exe launcher.exe no specs opera.exe opera_crashreporter.exe opera.exe opera.exe opera.exe opera_crashreporter.exe opera.exe opera.exe opera.exe opera.exe csc.exe cvtres.exe no specs cmd.exe no specs aria2c.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe no specs opera.exe opera.exe opera.exe launcher.exe no specs installer.exe no specs opera_autoupdate.exe no specs opera_autoupdate.exe no specs opera.exe opera.exe opera_autoupdate.exe opera_autoupdate.exe opera.exe cmd.exe no specs chrone.exe no specs installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1152,i,18274905021615121752,3865169254666761036,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
188findstr /R /V "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
188"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_80012.log" C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\beetle-cab\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
240rundll32 kernel32,SleepC:\Windows\System32\rundll32.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
240"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_57740.log" C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\beetle-cab\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
276"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_19833.log" C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\beetle-cab\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
276"C:\Program Files\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1096,16692353911376778646,1953854491802483650,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598,DNA-72006-test:DNA-72006 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8233607886776992326 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1C:\Program Files\Opera\64.0.3417.73\opera.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
64.0.3417.73
Modules
Images
c:\program files\opera\64.0.3417.73\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\64.0.3417.73\opera_elf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shell32.dll
280"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/WAITING-1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_10509.log" C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-wget.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\beetle-cab\driverpack\tools\driverpack-wget.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
280"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_4.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_38949.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_38949.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
368bitsadmin /info dwnl-task-53125 C:\Windows\System32\bitsadmin.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BITS administration utility
Exit code:
0
Version:
7.5.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\bitsadmin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Total events
106 896
Read events
105 063
Write events
1 819
Delete events
14

Modification events

(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3140) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
(PID) Process:(3140) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_enableddate
Value:
0
Executable files
70
Suspicious files
906
Text files
1 170
Unknown types
0

Dropped files

PID
Process
Filename
Type
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF167880.TMP
MD5:
SHA256:
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF167871.TMPtext
MD5:CDCC923CEC2CD9228330551E6946A9C2
SHA256:592F4750166BE662AA88728F9969537163FEC5C3E95E81537C8C6917F8D0929E
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF167b7e.TMP
MD5:
SHA256:
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG.old
MD5:
SHA256:
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldtext
MD5:8268A4D53A6A9432A8266584CBD7D624
SHA256:F785C42945CFE320C52C763837CD41541A8CAAB3E5FD567999EED5343CF0FD7A
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF167a55.TMPtext
MD5:0917C6BFC618ACD47C1F53C7E7FFFF9C
SHA256:A5CAF56982DA7AE34B201E8609610786B4730371EF0812B7D418A2F9B73547BC
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF167a74.TMPtext
MD5:56C75810BDDDD686D123E6E36F56E012
SHA256:3D51A6EF85A51056E1A379D795F55C84A321EC2000DD69F5D70ABA038C61522E
3140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF167880.TMPtext
MD5:D5C9ECBD2DCA29D89266782824D7AF99
SHA256:D22D1243ACC064A30823180D0E583C853E9395367C78C2AD9DE59A463904F702
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 251
TCP/UDP connections
502
DNS requests
118
Threats
695

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3488
chrome.exe
GET
200
87.117.239.150:80
http://dl.driverpack.io/test/PROD_Start_DriverPack.hta
unknown
html
1.63 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/2.js
unknown
text
4.97 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/script.js
unknown
text
4.05 Kb
unknown
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/missing-scripts-detector.js
unknown
text
1.76 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/3.js
unknown
text
2.48 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/statistics.js
unknown
text
7.94 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/download_and_av.html
unknown
html
2.33 Kb
unknown
984
mshta.exe
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/1.js
unknown
text
1.27 Kb
unknown
GET
200
54.73.53.134:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/1.js
unknown
text
1.27 Kb
unknown
984
mshta.exe
GET
200
18.157.122.248:80
http://mysite-new.matomo.cloud/matomo.php?idsite=1&rec=1&rand=12409101&apiv=1&cookie=1&bots=1&res=1280x720&h=6&m=16&s=34&uid=18121417314020231114&e_c=Wrapper%20%2F%20Errors%20%2F%20Missing%20scripts&e_a=%D0%92%D1%81%D0%B5%20%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D1%8B%20%D1%83%D1%81%D0%BF%D0%B5%D1%88%D0%BD%D0%BE%20%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%B8%D0%BB%D0%B8%D1%81%D1%8C&e_n=&e_v=&ca=1
unknown
text
101 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3140
chrome.exe
239.255.255.250:1900
whitelisted
3488
chrome.exe
87.117.239.150:80
dl.driverpack.io
Iomart Cloud Services Limited
GB
unknown
3488
chrome.exe
142.250.186.141:443
accounts.google.com
GOOGLE
US
whitelisted
3488
chrome.exe
142.250.186.142:443
sb-ssl.google.com
GOOGLE
US
whitelisted
3140
chrome.exe
224.0.0.251:5353
unknown
3488
chrome.exe
172.217.18.4:443
www.google.com
GOOGLE
US
whitelisted
984
mshta.exe
54.73.53.134:80
dwrapper-prod.herokuapp.com
AMAZON-02
IE
unknown
984
mshta.exe
18.157.122.248:80
mysite-new.matomo.cloud
AMAZON-02
DE
unknown

DNS requests

Domain
IP
Reputation
dl.driverpack.io
  • 87.117.239.150
  • 87.117.231.157
  • 87.117.239.151
  • 81.94.192.167
unknown
accounts.google.com
  • 142.250.186.141
shared
sb-ssl.google.com
  • 142.250.186.142
whitelisted
www.google.com
  • 172.217.18.4
whitelisted
dwrapper-prod.herokuapp.com
  • 54.73.53.134
  • 54.220.192.176
  • 46.137.15.86
unknown
mysite-new.matomo.cloud
  • 18.157.122.248
  • 3.126.133.169
  • 18.195.235.189
unknown
dwrapper-dev.herokuapp.com
  • 46.137.15.86
  • 54.220.192.176
  • 54.73.53.134
unknown
optimizationguide-pa.googleapis.com
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.184.234
  • 142.250.184.202
  • 142.250.181.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.186.138
  • 142.250.74.202
  • 142.250.186.42
  • 172.217.18.10
  • 172.217.16.202
  • 142.250.186.170
  • 216.58.206.42
  • 216.58.212.170
  • 172.217.23.106
whitelisted
www.googleapis.com
  • 172.217.18.10
  • 142.250.184.234
  • 142.250.181.234
  • 142.250.186.106
  • 142.250.184.202
  • 142.250.185.202
  • 216.58.206.42
  • 172.217.16.138
  • 142.250.185.138
  • 172.217.16.202
  • 142.250.186.138
  • 142.250.185.170
  • 142.250.186.74
  • 142.250.186.170
  • 142.250.185.234
  • 142.250.186.42
whitelisted
allfont.ru
  • 188.114.97.3
  • 188.114.96.3
whitelisted

Threats

PID
Process
Class
Message
3488
chrome.exe
Potentially Bad Traffic
ET POLICY Possible HTA Application Download
984
mshta.exe
A Network Trojan was detected
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
984
mshta.exe
A Network Trojan was detected
SUSPICIOUS [ANY.RUN] VBS is used to run Shell
984
mshta.exe
Potentially Bad Traffic
ET HUNTING PowerShell DownloadFile Command Common In Powershell Stagers
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
1080
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
6 ETPRO signatures available at the full report
Process
Message
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://dl.driverpack.io/test/PROD_Start_DriverPack.hta