| URL: | https://www.winriser.com/ |
| Full analysis: | https://app.any.run/tasks/df9bdb4f-206c-45f4-a245-7bc56293700d |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | July 24, 2024, 15:17:24 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 8F25D137457213F649A887399840E630 |
| SHA1: | FF7738065FD6408718D794C2087AC44E16A9033F |
| SHA256: | FB3C1CECF20FD9C652A1F6360C8E22E93656292E83087551CA865AA4088C2A8A |
| SSDEEP: | 3:N8DSLkXLR:2OLkbR |
MALICIOUS
Drops the executable file immediately after the start
- wrsetup.exe (PID: 6700)
- wrsetup.exe (PID: 1160)
- wrsetup.tmp (PID: 7788)
- csc.exe (PID: 8892)
- csc.exe (PID: 8864)
- csc.exe (PID: 4708)
Scans artifacts that could help determine the target
- wrsetup.tmp (PID: 7788)
Actions looks like stealing of personal data
- winrgr.exe (PID: 7648)
Steals credentials from Web Browsers
- winrgr.exe (PID: 7648)
SUSPICIOUS
Reads security settings of Internet Explorer
- ShellExperienceHost.exe (PID: 3056)
- wrsetup.tmp (PID: 5960)
- winrgr.exe (PID: 7648)
- wrsetup.tmp (PID: 7788)
Executable content was dropped or overwritten
- wrsetup.exe (PID: 6700)
- wrsetup.exe (PID: 1160)
- wrsetup.tmp (PID: 7788)
- csc.exe (PID: 8892)
- csc.exe (PID: 8864)
- csc.exe (PID: 4708)
Reads the Windows owner or organization settings
- wrsetup.tmp (PID: 7788)
Reads the date of Windows installation
- wrsetup.tmp (PID: 5960)
- wrsetup.tmp (PID: 7788)
- winrgr.exe (PID: 7648)
Process drops legitimate windows executable
- wrsetup.tmp (PID: 7788)
Drops 7-zip archiver for unpacking
- wrsetup.tmp (PID: 7788)
Deletes scheduled task without confirmation
- schtasks.exe (PID: 1256)
Uses TASKKILL.EXE to kill process
- wrsetup.tmp (PID: 7788)
The process drops C-runtime libraries
- wrsetup.tmp (PID: 7788)
Adds/modifies Windows certificates
- winrgr.exe (PID: 7648)
Executes as Windows Service
- VSSVC.exe (PID: 9192)
- PresentationFontCache.exe (PID: 9064)
Detected use of alternative data streams (AltDS)
- powershell.exe (PID: 4432)
Application launched itself
- powershell.exe (PID: 4432)
Starts POWERSHELL.EXE for commands execution
- powershell.exe (PID: 4432)
- winrgr.exe (PID: 7648)
Checks Windows Trust Settings
- winrgr.exe (PID: 7648)
Reads browser cookies
- winrgr.exe (PID: 7648)
Searches for installed software
- dllhost.exe (PID: 8992)
- reg.exe (PID: 9072)
Write to the desktop.ini file (may be used to cloak folders)
- winrgr.exe (PID: 7648)
Reads Microsoft Outlook installation path
- reg.exe (PID: 9072)
The process checks if it is being run in the virtual environment
- reg.exe (PID: 9072)
Starts CMD.EXE for commands execution
- winrgr.exe (PID: 7648)
Checks for the .NET to be installed
- reg.exe (PID: 9072)
The process exported the data from the registry
- winrgr.exe (PID: 7648)
Reads the history of recent RDP connections
- reg.exe (PID: 9072)
INFO
Reads Microsoft Office registry keys
- firefox.exe (PID: 3888)
- winrgr.exe (PID: 7648)
- msedge.exe (PID: 6336)
- msedge.exe (PID: 7272)
- reg.exe (PID: 9072)
Application launched itself
- firefox.exe (PID: 5304)
- firefox.exe (PID: 3888)
- msedge.exe (PID: 6336)
- msedge.exe (PID: 7272)
Reads the software policy settings
- slui.exe (PID: 1952)
- winrgr.exe (PID: 7648)
- reg.exe (PID: 9072)
Checks supported languages
- ShellExperienceHost.exe (PID: 3056)
- TextInputHost.exe (PID: 8004)
- wrsetup.exe (PID: 6700)
- wrsetup.exe (PID: 1160)
- wrsetup.tmp (PID: 7788)
- wrsetup.tmp (PID: 5960)
- winrgr.exe (PID: 7648)
- csc.exe (PID: 8892)
- PresentationFontCache.exe (PID: 9064)
- identity_helper.exe (PID: 8688)
- csc.exe (PID: 8864)
- cvtres.exe (PID: 6040)
- cvtres.exe (PID: 8824)
Checks proxy server information
- slui.exe (PID: 1952)
- wrsetup.tmp (PID: 7788)
- winrgr.exe (PID: 7648)
Disables trace logs
- explorer.exe (PID: 2508)
- winrgr.exe (PID: 7648)
- reg.exe (PID: 9072)
Reads security settings of Internet Explorer
- explorer.exe (PID: 2508)
Reads the computer name
- TextInputHost.exe (PID: 8004)
- ShellExperienceHost.exe (PID: 3056)
- wrsetup.tmp (PID: 5960)
- wrsetup.tmp (PID: 7788)
- winrgr.exe (PID: 7648)
- identity_helper.exe (PID: 8688)
- PresentationFontCache.exe (PID: 9064)
Create files in a temporary directory
- wrsetup.exe (PID: 6700)
- wrsetup.tmp (PID: 7788)
- wrsetup.exe (PID: 1160)
- winrgr.exe (PID: 7648)
- csc.exe (PID: 8892)
- cvtres.exe (PID: 8824)
- csc.exe (PID: 8864)
- cvtres.exe (PID: 6040)
- reg.exe (PID: 9072)
Checks transactions between databases Windows and Oracle
- explorer.exe (PID: 2508)
- reg.exe (PID: 9072)
The process uses the downloaded file
- firefox.exe (PID: 3888)
Drops the executable file immediately after the start
- firefox.exe (PID: 3888)
Executable content was dropped or overwritten
- firefox.exe (PID: 3888)
Process checks computer location settings
- wrsetup.tmp (PID: 5960)
- wrsetup.tmp (PID: 7788)
- winrgr.exe (PID: 7648)
Creates a software uninstall entry
- wrsetup.tmp (PID: 7788)
Creates files in the program directory
- wrsetup.tmp (PID: 7788)
- winrgr.exe (PID: 7648)
Creates files or folders in the user directory
- winrgr.exe (PID: 7648)
Reads Environment values
- winrgr.exe (PID: 7648)
- identity_helper.exe (PID: 8688)
Manual execution by a user
- msedge.exe (PID: 7272)
Reads the machine GUID from the registry
- winrgr.exe (PID: 7648)
- csc.exe (PID: 8892)
- PresentationFontCache.exe (PID: 9064)
- cvtres.exe (PID: 8824)
- csc.exe (PID: 8864)
- cvtres.exe (PID: 6040)
.NET Reactor protector has been detected
- winrgr.exe (PID: 7648)
Reads product name
- winrgr.exe (PID: 7648)
Checks Windows language
- reg.exe (PID: 9072)
Reads Windows Product ID
- reg.exe (PID: 9072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
228
Monitored processes
78
Malicious processes
9
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 540 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4348 -childID 2 -isForBrowser -prefsHandle 4484 -prefMapHandle 4344 -prefsLen 36263 -prefMapSize 244343 -jsInitHandle 1320 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25754767-3d6c-4059-bbdf-9e171df4c949} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 1b3a9e36bd0 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 123.0 Modules
| |||||||||||||||
| 836 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1124 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x314,0x318,0x31c,0x310,0x324,0x7ffeedc85fd8,0x7ffeedc85fe4,0x7ffeedc85ff0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1132 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20240213221259 -prefsHandle 2184 -prefMapHandle 2180 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9b51dc7-4220-4e5e-b565-e95e62508478} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 1b39627ff10 socket | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 123.0 Modules
| |||||||||||||||
| 1160 | "C:\Users\admin\Downloads\wrsetup.exe" /SPAWNWND=$302BE /NOTIFYWND=$4020E | C:\Users\admin\Downloads\wrsetup.exe | wrsetup.tmp | ||||||||||||
User: admin Company: Bit Guardian GmbH Integrity Level: HIGH Description: Win Riser Setup Exit code: 0 Version: 1.0.0.7 Modules
| |||||||||||||||
| 1256 | "C:\Windows\System32\schtasks.exe" /delete /tn "Win Riser_launcher" /f | C:\Windows\SysWOW64\schtasks.exe | — | wrsetup.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Task Scheduler Configuration Tool Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1952 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2128 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 26706 -prefMapSize 244343 -jsInitHandle 1320 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f12d273-8624-4d5f-b1c5-fc418e180872} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 1b3a7f63f50 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 123.0 Modules
| |||||||||||||||
| 2508 | C:\WINDOWS\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 10.0.19041.3758 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2544 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | taskkill.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
499 653
Read events
499 078
Write events
540
Delete events
35
Modification events
| (PID) Process: | (5304) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Launcher |
Value: 007118C500000000 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Browser |
Value: 49BC19C500000000 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Progress |
Value: 0 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Progress |
Value: 1 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Installer\308046B0AF4A39CB |
| Operation: | delete value | Name: | installer.taskbarpin.win10.enabled |
Value: | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry |
Value: 0 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe |
Value: 0 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Theme |
Value: 1 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Enabled |
Value: 1 | |||
| (PID) Process: | (3888) firefox.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Default Browser Agent |
| Operation: | write | Name: | C:\Program Files\Mozilla Firefox|DisableTelemetry |
Value: 1 | |||
Executable files
71
Suspicious files
231
Text files
105
Unknown types
51
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.js | text | |
MD5:7A97B8DBC4F98D175F958C00F463A52A | SHA256:92074D2ED1AA1FD621287E35DB9EF1AE3DC04777EFAE5F09E7A3B4534C201548 | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite | — | |
MD5:— | SHA256:— | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.bin | binary | |
MD5:DFC685CA828833FE9AA7299785B26B0A | SHA256:3F5D76B68463D9325A6FA8AA0F99BC91D77489F34141671816C261DDE8056BA7 | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmp | binary | |
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A | SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
| 3888 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.js | text | |
MD5:7A97B8DBC4F98D175F958C00F463A52A | SHA256:92074D2ED1AA1FD621287E35DB9EF1AE3DC04777EFAE5F09E7A3B4534C201548 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
139
DNS requests
135
Threats
1
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3888 | firefox.exe | POST | 200 | 142.250.185.67:80 | http://o.pki.goog/wr2 | unknown | — | — | unknown |
3888 | firefox.exe | GET | 200 | 34.107.221.82:80 | http://detectportal.firefox.com/canonical.html | unknown | — | — | whitelisted |
3888 | firefox.exe | POST | 200 | 184.24.77.46:80 | http://r11.o.lencr.org/ | unknown | — | — | unknown |
3888 | firefox.exe | GET | 200 | 34.107.221.82:80 | http://detectportal.firefox.com/success.txt?ipv4 | unknown | — | — | whitelisted |
3888 | firefox.exe | POST | 200 | 142.250.185.67:80 | http://o.pki.goog/wr2 | unknown | — | — | unknown |
3888 | firefox.exe | POST | 200 | 142.250.185.67:80 | http://o.pki.goog/wr2 | unknown | — | — | unknown |
3888 | firefox.exe | POST | 200 | 184.24.77.46:80 | http://r11.o.lencr.org/ | unknown | — | — | unknown |
3888 | firefox.exe | POST | 200 | 184.24.77.59:80 | http://r10.o.lencr.org/ | unknown | — | — | unknown |
3888 | firefox.exe | POST | 200 | 184.24.77.48:80 | http://r3.o.lencr.org/ | unknown | — | — | unknown |
3888 | firefox.exe | POST | 200 | 184.24.77.59:80 | http://r10.o.lencr.org/ | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
6012 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3060 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4512 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 104.126.37.179:443 | — | Akamai International B.V. | DE | unknown |
3952 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
3888 | firefox.exe | 142.250.186.170:443 | safebrowsing.googleapis.com | — | — | whitelisted |
3888 | firefox.exe | 34.117.188.166:443 | contile.services.mozilla.com | — | — | unknown |
3888 | firefox.exe | 34.107.243.93:443 | push.services.mozilla.com | — | — | unknown |
3888 | firefox.exe | 34.107.221.82:80 | detectportal.firefox.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
www.winriser.com |
| unknown |
prod.detectportal.prod.cloudops.mozgcp.net |
| whitelisted |
winriser.com |
| unknown |
example.org |
| whitelisted |
ipv4only.arpa |
| whitelisted |
contile.services.mozilla.com |
| whitelisted |
spocs.getpocket.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2284 | svchost.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
Process | Message |
|---|---|
winrgr.exe | 24-07-2024-03:19:00::C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Riser\Buy Win Riser.lnk
|
winrgr.exe | 24-07-2024-03:19:00::Install Date: 7/24/2024 3:19:00 PM
|
winrgr.exe | 24-07-2024-03:19:00::Register Date: 1/1/0001 12:00:00 AM
|
winrgr.exe | 24-07-2024-03:19:01::before firing url as silent build :
|
winrgr.exe | 24-07-2024-03:19:01::firing url as silent build : http://www.winriser.com/inw/install/win-riser/?
|
winrgr.exe | Native library pre-loader is trying to load native SQLite library "C:\Program Files\Win Riser\x64\SQLite.Interop.dll"...
|
winrgr.exe | 24-07-2024-03:19:02::DriverClassLibrary|RefreshDrivers|Started
|
winrgr.exe | 24-07-2024-03:19:03::DriverClassLibrary|RefreshDrivers|Success
|
winrgr.exe | NOT FOUND IN DB : IDS_SUF_MB
|
winrgr.exe | NOT FOUND IN DB : IDS_SUF_MB
|