strongpity | fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a

Analysis

max time kernel
79s
max time network
179s
platform
windows7_x64
resource
win7-en-20211208
submitted
24-01-2022 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe
Size

7.2MB
MD5

7560bc4862c99de7d33cd3ae6c93ba8a
SHA1

ec1b474aaf772c85c0714e70f8096825a3b63b12
SHA256

fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a
SHA512

c209e4bde2e6e36e5480edf11ca67a887724fa5b46836ce4fffc1c814f67132ce88f59b46bb3a1861db28943b8df80e8f0606f52ba0918a68f9f2256fbeb7591

Score

10^/10

strongpity xmrig evasion miner spyware stealer suricata

Malware Config

Signatures

StrongPity
StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.
stealer spyware strongpity

StrongPity Spyware 4 IoCs

Processes:

resource	yara_rule
\Windows\SysWOW64\winslui32.exe	family_strongpity
C:\Windows\SysWOW64\winslui32.exe	family_strongpity
\Windows\SysWOW64\winslui32.exe	family_strongpity
C:\Windows\SysWOW64\winslui32.exe	family_strongpity

suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
suricata
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 14 IoCs

Processes:

mshta.exe

flow	pid	process
7	1524	mshta.exe
8	1524	mshta.exe
10	1524	mshta.exe
12	1524	mshta.exe
14	1524	mshta.exe
16	1524	mshta.exe
17	1524	mshta.exe
19	1524	mshta.exe
21	1524	mshta.exe
23	1524	mshta.exe
25	1524	mshta.exe
27	1524	mshta.exe
29	1524	mshta.exe
30	1524	mshta.exe

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

DriverPack-17-Online.exeseceditr.exeseceditr.exewinslui32.exespools32.exe

pid process

1744 DriverPack-17-Online.exe
776 seceditr.exe
360 seceditr.exe
816 winslui32.exe
964 spools32.exe
Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031

pid	process
1744	DriverPack-17-Online.exe
776	seceditr.exe
360	seceditr.exe
816	winslui32.exe
964	spools32.exe

Loads dropped DLL 6 IoCs

Processes:

fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exeDriverPack-17-Online.exeseceditr.exewinslui32.exe

pid	process
536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe
536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe
1744	DriverPack-17-Online.exe
360	seceditr.exe
360	seceditr.exe
816	winslui32.exe

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery
T1063

Processes:

mshta.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast mshta.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	mshta.exe

Drops file in System32 directory 2 IoCs

Processes:

fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe

description	ioc	process
File created	C:\Windows\SysWOW64\seceditr.exe	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe
File created	C:\Windows\SysWOW64\winslui32.exe	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 3 IoCs

installer

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe	nsis_installer_2
C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe	nsis_installer_2
C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

mshta.exereg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Styles	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295"	reg.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Styles	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295"	reg.exe

Runs net.exe

Script User-Agent 9 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	127	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	129	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	131	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	135	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	27	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	29	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	30	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	130	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	134	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

seceditr.exe

pid process

360 seceditr.exe

pid	process
360	seceditr.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exeseceditr.exewinslui32.exeDriverPack-17-Online.exemshta.execmd.execmd.exenet.exe

description	pid	process	target process
PID 536 wrote to memory of 1744	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	DriverPack-17-Online.exe
PID 536 wrote to memory of 1744	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	DriverPack-17-Online.exe
PID 536 wrote to memory of 1744	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	DriverPack-17-Online.exe
PID 536 wrote to memory of 1744	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	DriverPack-17-Online.exe
PID 536 wrote to memory of 776	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	seceditr.exe
PID 536 wrote to memory of 776	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	seceditr.exe
PID 536 wrote to memory of 776	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	seceditr.exe
PID 536 wrote to memory of 776	536	fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe	seceditr.exe
PID 360 wrote to memory of 816	360	seceditr.exe	winslui32.exe
PID 360 wrote to memory of 816	360	seceditr.exe	winslui32.exe
PID 360 wrote to memory of 816	360	seceditr.exe	winslui32.exe
PID 360 wrote to memory of 816	360	seceditr.exe	winslui32.exe
PID 816 wrote to memory of 964	816	winslui32.exe	spools32.exe
PID 816 wrote to memory of 964	816	winslui32.exe	spools32.exe
PID 816 wrote to memory of 964	816	winslui32.exe	spools32.exe
PID 816 wrote to memory of 964	816	winslui32.exe	spools32.exe
PID 1744 wrote to memory of 1468	1744	DriverPack-17-Online.exe	reg.exe
PID 1744 wrote to memory of 1468	1744	DriverPack-17-Online.exe	reg.exe
PID 1744 wrote to memory of 1468	1744	DriverPack-17-Online.exe	reg.exe
PID 1744 wrote to memory of 1468	1744	DriverPack-17-Online.exe	reg.exe
PID 1744 wrote to memory of 1524	1744	DriverPack-17-Online.exe	mshta.exe
PID 1744 wrote to memory of 1524	1744	DriverPack-17-Online.exe	mshta.exe
PID 1744 wrote to memory of 1524	1744	DriverPack-17-Online.exe	mshta.exe
PID 1744 wrote to memory of 1524	1744	DriverPack-17-Online.exe	mshta.exe
PID 1524 wrote to memory of 612	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 612	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 612	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 612	1524	mshta.exe	cmd.exe
PID 612 wrote to memory of 1900	612	cmd.exe	netsh.exe
PID 612 wrote to memory of 1900	612	cmd.exe	netsh.exe
PID 612 wrote to memory of 1900	612	cmd.exe	netsh.exe
PID 612 wrote to memory of 1900	612	cmd.exe	netsh.exe
PID 1524 wrote to memory of 1672	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 1672	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 1672	1524	mshta.exe	cmd.exe
PID 1524 wrote to memory of 1672	1524	mshta.exe	cmd.exe
PID 1672 wrote to memory of 468	1672	cmd.exe	netsh.exe
PID 1672 wrote to memory of 468	1672	cmd.exe	netsh.exe
PID 1672 wrote to memory of 468	1672	cmd.exe	netsh.exe
PID 1672 wrote to memory of 468	1672	cmd.exe	netsh.exe
PID 1524 wrote to memory of 1772	1524	mshta.exe	net.exe
PID 1524 wrote to memory of 1772	1524	mshta.exe	net.exe
PID 1524 wrote to memory of 1772	1524	mshta.exe	net.exe
PID 1524 wrote to memory of 1772	1524	mshta.exe	net.exe
PID 1772 wrote to memory of 1048	1772	net.exe	net1.exe
PID 1772 wrote to memory of 1048	1772	net.exe	net1.exe
PID 1772 wrote to memory of 1048	1772	net.exe	net1.exe
PID 1772 wrote to memory of 1048	1772	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe
"C:\Users\Admin\AppData\Local\Temp\fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe
  "C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\system32\reg.exe import "C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\Tools\patch.reg"
    3⤵
    - Modifies Internet Explorer settings
    PID:1468
- - C:\Windows\SysWOW64\mshta.exe
    C:\Windows\system32\mshta.exe "C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\run.hta" --sfx "DriverPack-17-Online.exe"
    3⤵
    - Blocklisted process makes network request
    - Checks for any installed AV software in registry
    - Modifies Internet Explorer settings
    - Suspicious use of WriteProcessMemory
    PID:1524
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_71770.txt""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:612
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
        5⤵
        
        PID:1900
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_78710.txt""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1672
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe"
        5⤵
        
        PID:468
  - - C:\Windows\SysWOW64\net.exe
      "C:\Windows\System32\net.exe" start wscsvc
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1772
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start wscsvc
        5⤵
        
        PID:1048
  - - C:\Windows\SysWOW64\net.exe
      "C:\Windows\System32\net.exe" start wscsvc
      4⤵
      PID:1756
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start wscsvc
        5⤵
        
        PID:1012
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58116.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_58116.txt""
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58116.log"
        5⤵
        
        PID:2132
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63499.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_63499.txt""
      4⤵
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63499.log"
        5⤵
        
        PID:2092
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71682.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_71682.txt""
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71682.log"
        5⤵
        
        PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72066.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72066.txt""
      4⤵
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72066.log"
        5⤵
        
        PID:2116
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41712.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41712.txt""
      4⤵
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41712.log"
        5⤵
        
        PID:2148
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_5921.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_5921.txt""
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_5921.log"
        5⤵
        
        PID:2156
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/DRP_TEAM-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_54995.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_54995.txt""
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/DRP_TEAM-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_54995.log"
        5⤵
        
        PID:2124
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47620.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_47620.txt""
      4⤵
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47620.log"
        5⤵
        
        PID:2140
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27256.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_27256.txt""
      4⤵
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27256.log"
        5⤵
        
        PID:2568
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/DRP_TEAM-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_21473.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_21473.txt""
      4⤵
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/DRP_TEAM-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_21473.log"
        5⤵
        
        PID:2560
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 kernel32,Sleep
      4⤵
      PID:2704
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47010.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_47010.txt""
      4⤵
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47010.log"
        5⤵
        
        PID:2832
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27993.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_27993.txt""
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27993.log"
        5⤵
        
        PID:2820
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86918.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_86918.txt""
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86918.log"
        5⤵
        
        PID:2844
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_17185.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_17185.txt""
      4⤵
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_17185.log"
        5⤵
        
        PID:2980
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73816.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_73816.txt""
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73816.log"
        5⤵
        
        PID:2988
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 kernel32,Sleep
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_70667.txt""
      4⤵
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe
        
        "tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120
        5⤵
        
        PID:1820
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_30845.txt""
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe
        
        "tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120
        5⤵
        
        PID:2052
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_76846.txt""
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe
        
        "tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120
        5⤵
        
        PID:1404
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_15678.txt""
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe
        
        "tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120
        5⤵
        
        PID:1436
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_55696.txt""
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\aria2c.exe
        
        "tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120
        5⤵
        
        PID:1596
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58868.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_58868.txt""
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58868.log"
        5⤵
        
        PID:2064
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_3451.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_3451.txt""
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_3451.log"
        5⤵
        
        PID:612
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35129.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_35129.txt""
      4⤵
      PID:1164
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_3430.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_3430.txt""
      4⤵
      PID:1488
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93828.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_93828.txt""
      4⤵
      PID:1772
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_61052.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_61052.txt""
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_61052.log"
        5⤵
        
        PID:852
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_8985.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_8985.txt""
      4⤵
      PID:1084
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63548.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_63548.txt""
      4⤵
      PID:2528
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35306.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_35306.txt""
      4⤵
      PID:2500
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97942.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97942.txt""
      4⤵
      PID:2564
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23977.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_23977.txt""
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23977.log"
        5⤵
        
        PID:3060
- C:\Windows\SysWOW64\seceditr.exe
  C:\Windows\system32\\seceditr.exe help
  2⤵
  - Executes dropped EXE
  PID:776

C:\Windows\SysWOW64\seceditr.exe
C:\Windows\SysWOW64\seceditr.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:360
- C:\Windows\SysWOW64\winslui32.exe
  "C:\Windows\system32\\winslui32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\spools32.exe
    "C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\spools32.exe"
    3⤵
    - Executes dropped EXE
    PID:964

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_3430.log"
1⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35129.log"
1⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93828.log"
1⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63548.log"
1⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35306.log"
1⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_8985.log"
1⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\tools\driverpack-wget.exe
"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97942.log"
1⤵
PID:2892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043031828_0.sft

MD5
2c47f383ec82a2f6cda95a75f2f92e2d

SHA1
3781ce967d1fef94427a1663cdf7ad23d6c67a20

SHA256
de969d58de17488942b8fe332b8dd6c929c009aa7317db86a74a9d120129169b

SHA512
2c0bb8ed577e7b3007020e0b48c2fa945e4e0baaa8ed021338c101c32192228af529dcd39556b073e450742f1e326f0ab0a8b248fb28e7c4cf5cb74567c44293

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043031828_1.sft

MD5
f61f09df2cec0101021c26920c378b0f

SHA1
3755f950aa03e9393e759788af3cb6fcca840bd3

SHA256
01167a0d3686a09bc7b577e369248b5c797a18929bf68e40cf592e254e39b450

SHA512
5cbe9477c183adf67d500a6c34618dd71ef9a8d7948a150390d48b5f02407a8b3f8d2637d57d8e7898500afb2ca89350ca7f5739cf21da696344a17f4e9dc848

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043031828_2.sft

MD5
e1fa6724c58bdbc6c525f52651dae86a

SHA1
c6e26393e96dc13f872b94ac9103ad1aa90a5591

SHA256
d9ce80ca7566be9891c23f20186ed018a3b12fe758774d9833f1c42f711b4b34

SHA512
7f4fbd37f909de20f9767a23fb3a3871cb6edb0b208a4270475a3cde4252984e435fb8afaae34192b3207e8640409b953933a30eef9cf39269f235bb3a485505

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043031828_3.sft

MD5
b2708b04348c9625546318871fc0e3de

SHA1
735a462992580ad8bf1d5cc1d597c41daabea9f3

SHA256
095011133901673bd3b733e4eae5171bd0158b1c8cf1fdd3395c363c7e492707

SHA512
38b697e36d2018466aab30f07898e032b884199cbf2b3af315db9a4e11dd28b210becb80013a96eec95ea7b4ff995aec41908c84c7cb55dbb441feb560bf412d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032062_0.sft

MD5
37f0fb87f79733beebacb8d5964d95ba

SHA1
fb304ba16b55437205f2dc3cd4a77b052923c513

SHA256
294ee6dc47cb85ccdf6efee650a04a90202408c7a717b2f968aeec1e24f78aeb

SHA512
a1f6c22a02fb5a29ee84eb5e46d66864b0c90e302e0ba7dfca8fa8b19007e5cf06dcae619d233fea5dd03f70b338a8d9bbedb70fbe592f9197541d27b862b7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032311_0.sft

MD5
6990382119b394368b8de15c7856e492

SHA1
23c0777efc696e0d7cdc5c1a9fe73ba6d15e5335

SHA256
b552b4372767da415acdc041c20e4eed0f86f098afc7d3d50dca29f6e2dc2a91

SHA512
836d872e634032886f1b0058e2d1d691a5ab330eac1ade1b164d42da0d5a9e861fb9487c6e912665979c2c5e5a6b91b4dfc8ddd45e4531f1a2f8e78e794755e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032421_0.sft

MD5
49945b0cadc2a7a570f6e2269ac2e118

SHA1
126721c5707d68ce9bb28918828e663aaadf9b52

SHA256
a6c54ee5620f79155d5e34e0a2397c0aafeee2f7d2a2e75509158b20d2a83e0d

SHA512
10465c9bd7388edd0d823505151529bc248879724f1b7ba9af0c90d0b4453789c33d8bcd8095c1d9ec84321ad0dbae2e6b82d142fbc42c15f5f3e020bc6505bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032467_0.sft

MD5
1bb981ab58ab477defdf3dc28b820b44

SHA1
3b6e649fe4cdb35e29ff0348b519fc3c0d2839f9

SHA256
6c7f1df9d39b9fb4f7ef7884fb967bdb78165777f83051426eec34eec6d5b83f

SHA512
2058e2ca35ee2bb4464d097466cd411d625d4eac942a26fe8e802e31d7de66248dda0c42fb7ca3ec9430eb2387751dad6e11866006c6e28b45b8659a2112ab88

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_0.sft

MD5
9ff17d58d32e72731ec4ba1d0d29e74a

SHA1
38a0a16c339f76135ea7282d2902d4ec7e191929

SHA256
cc2415678118063201aea66d50171a7f1cc041dab2beea4e960297140408d079

SHA512
c25c93f85fcc4f537ee2477cb956cb5426eb00097c272add7515114348825afa8d8138add8431614e8de47ca5f808985e7c9bc2eb84479eaf84b570420eb5b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_1.sft

MD5
35cd94260a009c0eb1989a823ef41bf7

SHA1
971c5b5685d2eb805f6ffb5e603480f513a1acc6

SHA256
b43d49273edb1696abfb76f93b77fb9190dac51f3c76e52e2286d758417ea166

SHA512
0c1416bff30f5529a5292d3abc7a7025717ad99388f81bf31d19009eb22a3f8fd8b32b7c82fdf7f1f3297e64a64c5f3bf4e222fe4ff63c017ce608b9e7d2743c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_10.sft

MD5
d1e59740b954e8c2fe621d222c484d64

SHA1
8ba766a561b595e0bc81710dced93d1204cf188a

SHA256
cc80ac181cf6c5cfb7f50b5e5d29d8cb841d1959852ba42c2e8689527b8c43d9

SHA512
29d2bb8cb42d0d3847c606e2f271f61475333fe14f66764a7005a9c7f186cd6151a799239d6066c63c7d0f546fc93c8d6dbb5a1866b1422937620dd84a8e3482

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_2.sft

MD5
190170a298f7b5fbfe10860389e288f2

SHA1
f5104b81b05ce349535877dbe442329496740e24

SHA256
31f861baf1397f2e489a9b8fe6f4883245937177c27af4924ee6124900145eb3

SHA512
441ed4b009540bb62e0b6f3895734fabdf586cbd04e4c675b5607759ec40682ba5170c59a6dd02ea2f9116ab4483e0760e9ca949877daea7d51a3858738f169b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_3.sft

MD5
a90d472dcd8ee8fa6cab3b5156a0ce5d

SHA1
81fb8bba710cb0e6c1fd244478abf174e4d86548

SHA256
a273de8b32107fa14367fa4eacb9fce89def39139d0695aef9626054c6acb10d

SHA512
cd2be905db3572789d0df4a34f554ed8da5a9c5b94589019e4920e306208abc212864fe0d12af7c8d006b776afab47a1f22c93aea7ee1b5b3177d33d8606ccd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_4.sft

MD5
3c7cbaa3f5b5f9fa0144ef82588f09a6

SHA1
ba8168c22586c0904d37d7e19b11148394341b76

SHA256
6c703319d7772b3c714c56eb03539c29e08072541e3697557fb7c84254ef8a0e

SHA512
1f2b66abc930f9225192ee03edb0df351ed46aec4fa7e1c5df68f16c698faad4318a10b85c2bce2c4e8f8f328e69ca325bba1dcbe7323ce4d6277401c2010780

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_5.sft

MD5
0734f9cf4a51e337702b28f776100913

SHA1
56d86ba5bdff9528cf7e1b799b448281c355a225

SHA256
feda00e1628733be1eef2ab85b172fd71fb148889e68b3c14826c81a4cb773fa

SHA512
fe477880601a5e9b1041c710baba7fd15484975aa75f5c65d639e16f262231043a3482fd51d31029143390892a80f422ce4c148e0de11f4e927c3564ac2c917d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_6.sft

MD5
e42998fdbd961bf8eaa3baec90141cd9

SHA1
e258a0d248440bc5fb30dcf0c2949dc8167705fd

SHA256
3f686b0a3dc35ce39c52baca807a3a3ee93da5445868a7af4253b20942cacc11

SHA512
61c6ec47ab86d885e23ee3d9121c6def8e752175d52b8d6ae9b326884759fee73c20a3d86b597207e3c70e7caab76cde87592039ef2dff95dbc4bd361241e0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_7.sft

MD5
3f4206be40099e3c81f9795f8f53d9b5

SHA1
7335e19170156cc2229ac5decd87d22302ff4c58

SHA256
40586b277cb024d20554b99a7627dd3823894a5a157a3c2b81944a99d21d907f

SHA512
bb14fdf176e4353b6be041f1dc8c8db078cf634f37557ce163368f95754a651c9bf0ee3f0c789f842b966295698c2983a868d4939bed7e01753706935a3312fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_8.sft

MD5
9afed35860119e59b1ee2332281310d1

SHA1
07a51446b2b693133deb86f36a17d75767524d00

SHA256
65bc32b94dd5e1866fae77689792b2c8982c32af7bf588553495e405a49cc3f1

SHA512
ee9ba835ff3fb1d93dc95d491f0bf9a43ffbc3b5e3f954599280bef5918e1c7e1a13327e2e1a3e92e52d7fb617bf52b894cde62110d7c0cc0055cbc9d41efb47

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032545_9.sft

MD5
83c91995a4176a979f5aebff2aa3e600

SHA1
2cbd43677dfa2ab333c954a10276dc497263d3b6

SHA256
99c722efdceb2edb406d721e476ac28b1301fb39ae4ef700b8dd22564334be21

SHA512
e15f0bf5f237f3f34403ce458f77cd1c004ec442dc94de08dda8aad785b146a1cb49a247e43d6de3db9d8c279a48e7b66368afb68e6ecbff6ace43c5cff0f309

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_0.sft

MD5
74479cda67c1b037fff17b3d22a4973b

SHA1
a10aa05b673957c3400f6ac0386336cff245d2f4

SHA256
7255d8c7d1bfc5d6519407116366d14252198d6a5a15837fc9e6ce4402e5af1e

SHA512
fd23dd0077c6bcb815e68119451c05105f32f8841fa17ae6ba1ea9a6dd674c2508aa9596eff62d72adb0830381aa2960d3fd8067e816c346294d2444be97ab63

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_1.sft

MD5
808d45b62aef6338ef2b230981988078

SHA1
a1861f266d9807b1d168f7f995c4646b72f0d995

SHA256
0834006926d649427f8d20ef2733f0d8583a018c87a912ef161b011156c493cb

SHA512
53db539be553903793b383c21e7bfa995f2f07d026557adfbdd30c96be169737caabd4ff9057d1575d276d1f3eef514d2daa77b99b15dab1073d1dc324f407e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_2.sft

MD5
bb32f8094961219057885e29f425c6d9

SHA1
2fa55d57ec6ccd0d8de4e17478d46fd872098d98

SHA256
df648066dd13721b3385f51a001238087e2da63423b083e83c758f2e51902d04

SHA512
f995b43e10476ccb1bd17e9e6368e966a191b63b95b93ddc4648300b0f2b66cc7708c4acfefb2b487f543ac96d9443ed71299a1a0fffca4b956749c741d726e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_3.sft

MD5
a33782734bfd8ae9dd6f674c6c0c0279

SHA1
1573c009ca4e59d30b6694f2ee683570d94c0e41

SHA256
71d0ecc005b8fe985479ca89d75c2c3b3b18797a9adfbe915b3da9cc0c31980d

SHA512
96d0e0eff2bf96631169085195d84ff2ccc64eb9e2318edcedda5ce2e0bde01d0085efb050736881bed0a328359df5ad5e4671a6931594b8084ae46901ffecfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_4.sft

MD5
89981fbebd2432e4c2a98b79703be2be

SHA1
dd7dec602b38af80856b4f18379002c41fd11c99

SHA256
60dfb1ec418f59889be1c626dadf2e151873f5a7ac7b0e5141b62978ee452bb5

SHA512
36824682cc7067c9a7e1be802ffc5f1ab14243025cbcac0bb9ba797b7010e369ca0dc28199c206c2108bded02ad8338c3f89e121785e5728ae23896f85f1a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_5.sft

MD5
11b2011f176b7f8b467dba9ebc372ee1

SHA1
ecfa343abeec386714a15dfaf841b9a44d82f269

SHA256
6df79bb25b98e72f7db90f50d85270db7f2856a5a9974d92a02a42bb4dee8f4c

SHA512
8493150dc89c78fef4d66b428ea09bdba645f160e7d333f907b9c79d2de4d076b401c807141ee1630b6533e7a1642880b3d8c22debc9634d1776a43669471e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_6.sft

MD5
354c796c2543b92b45cde0081982aeeb

SHA1
48378081c73f55222c80e0286da86908b7af9a67

SHA256
49364e18f85d234619a956928d32557361832c0c62793c2b646508ad3da2deed

SHA512
0d0f673b65526289336d1ad9bd5a0a616485a42a4bf325fa3b255019151100285fa29635c3cc1570333b419e75c9bd47b1d78a0f856731f2f4b87a00bc9fb062

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043032670_7.sft

MD5
c024ad0da82dbcdf16188f715480283b

SHA1
cb6128c30cbd64d922c56508092ccf2687e34480

SHA256
4423175ddb799a47d9fc447dbe55baaf4aa295658486efd0e43ce593ee62f597

SHA512
5658d965116e8fbd3627e37a787f3246653051ff8e1d20a729cd753edf28bc6f016e77c90841bfbac5034642b0d1bad8f5c5150f12e675455ca06c69b373ef71

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_0.sft

MD5
ba866f10a36210ec0c839096a9be05d0

SHA1
7d23bdedbe6a94b514863cc6a438223542c67a37

SHA256
90e28633475a9c8749e23b401e863934f4a1568b6682a2639b658493addb48a9

SHA512
f6163e20e82e007863272a8064b3d26a2b53100255e755d5e11aa7a97df9a1ecb1551c997c6fd0669108d5d6a39193a44850ac93f567e1d67ab7d8c00393a692

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_1.sft

MD5
10f0dc926f74824ad5d58f267681b01b

SHA1
c7c90cf4bdc7d58e0754c048ae33b96d13e03fbe

SHA256
32892376822257aa971b782815c6aba39b4c219c85fb8d94254bcdacb5d5ab09

SHA512
086b797f5292496cd1cca0d0b318c6340bbbe439b0a6ada39b8cb35d258739df587a1f07748b870b545fc3eb0d49ffaec1f997f8944d0a43c8bc4190d83c0695

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_10.sft

MD5
85c96781d048fac6d3882e28cd22cc6b

SHA1
84ef7970a9a68945be1c9b792a15e44b3c981379

SHA256
60a3f6819c2f43eb97f95aeb0713069458db9cb61363ff8ba4ef20869987f27e

SHA512
a43023eae58e3f442c0059d4e449e50030a0713a6179513982f02bf19a185733c913ccb2fe7809995b7f73811420988925be01045457fad6cbfbd4ef6c26b08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_2.sft

MD5
96d5562e079801fdbe2a299599ad44ab

SHA1
6c242bbf4034d70d64839446a5b552cf0533245d

SHA256
529a35d58a58009ae0f7384e2cbf02c5db36fe76c2b0744308e4a0f315edae08

SHA512
6a1d7c07a99ca11c42bf972d4f44a1949832ba868f1fd2349d8e2a3eb4c3a3cd799fc581b746cad56714a62cc6621d105a4f871ea6ed5ef275082009195302e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_3.sft

MD5
874141ce992f6d3aa18faea9e0bd9948

SHA1
b3d82d40be426470aefcf62fe0c8b749eabe78ab

SHA256
137e2c3e5aa5fdb568646e3c970316e2d407c6b7e903d7487c25aa90d2eab974

SHA512
71fd523a97af42cf7f8583438cef4c0618bcd8175922fc655767c42694ec29bd676b9f8ec4f8c578f2f5114a7da70e49ac869be56a00e05b32e2145108778fb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_4.sft

MD5
78cbf663ffa58deda18c2a2f83edbac3

SHA1
0fb768594ad455f25b7440063f7d91dd28104b66

SHA256
2e040460f475d299d0315f63d5f047e728724e2048b707f70417282c6dc06842

SHA512
de9f3f26d1ee43cd0a20c4f473e11c858b6c8f8fa0eac42d77016e857148d7583d68f4a5b455ca5ebb7f11a86734cd69712821f5bf66f5352aff037d40559240

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\guid_app0_335299157_0124043033185_5.sft

MD5
575051cba662618f64b0a6d3c12593c8

SHA1
427a838df7e342ef8de55a139720eed414fae526

SHA256
0e27e9d60f9aa7e4275bb0729f1d0507e3a5848c2ff68f8867650c57f44b1b97

SHA512
6a9009781d6827b1c6851b8472e4adbf3e4a77c5288657762bfca214c4010f6f2eaba0e062ff866b7cb653c8b33988f950dff06eafcf58d17db4067593296ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\spools32.exe

MD5
42033175ba348ce6b92b92ad9b59cef0

SHA1
7e7ddb580dfa9cb8d6b31e10565a8bdcce9979fc

SHA256
1017573354b3f082c68aae8fd583beb1018978863c90b2bdb2819349fc225498

SHA512
35973345e0e9bc26f69b07e22ef377bcca9edf10d511c0de60c695860179c38883fe62c72a09f602dc019bf0f12d15ee61e76489e551118b2908a4fd1222d2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\spools32.exe

MD5
42033175ba348ce6b92b92ad9b59cef0

SHA1
7e7ddb580dfa9cb8d6b31e10565a8bdcce9979fc

SHA256
1017573354b3f082c68aae8fd583beb1018978863c90b2bdb2819349fc225498

SHA512
35973345e0e9bc26f69b07e22ef377bcca9edf10d511c0de60c695860179c38883fe62c72a09f602dc019bf0f12d15ee61e76489e551118b2908a4fd1222d2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe

MD5
65975f0ec8f73437db3a5374b09a441b

SHA1
e5d72c831e501e7a049bf743ddb335c67028d8b8

SHA256
7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652

SHA512
f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe

MD5
65975f0ec8f73437db3a5374b09a441b

SHA1
e5d72c831e501e7a049bf743ddb335c67028d8b8

SHA256
7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652

SHA512
f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\DriverPackSolution.html

MD5
ef5e55c1187442b6278452429b93ef85

SHA1
012bc5f42a31ccb817e12457c50d8ff51450e33b

SHA256
ba9168498ea0e20f95d9c1c67cfb9e4f79e0775db8aac50d2983494316e38281

SHA512
d8e20e220d156793d2c2da462c36cb9708396c2db08faa876aca7fef63bdcd6b7d31a6fc7d78659f682ba30cf73ab7b565a1f9226e434deaa8f86f7f9341c3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\Tools\patch.reg

MD5
d49db2ec30494b46d332d516cead4969

SHA1
3d9ce116afe59760c9a1c149ddec92a2f92a0028

SHA256
c86ef9ed6e111d166818e8e0adb3cf5e2a3a5dfc6edc932abc298141ed6f2208

SHA512
1314c6bc4095e445c930c0a0a94a83ff39670081ed916337eed2f74e3453702ae0e0187c0e6c933d52868d80c36e9acbe558faf86f10146d0a825b97c3bc261d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\config.js

MD5
8be11d79a3a34088a7d7dc7732e7b367

SHA1
ebd04615a0460a95cd637efc2ff32ab7367d2b83

SHA256
e65ed786b887b3e028bda74c649f1fe84b2dc64f6d59f9cecd01e9aa3c8fe54f

SHA512
d4d04a28aa693c9d3994abec520332641c533db0c62aa6eead48078f544fe175ad77c040fd238e824754eb1104aa9e766333d90fa44b7173af8623572f19857c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\custom-control.css

MD5
f7f8703ada2176dc144343a2c2acb1cd

SHA1
091334a48056a8baafff0cd672232de1c1f6c838

SHA256
7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50

SHA512
27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\fonts\Open-Sans\opensans-regular-webfont.eot

MD5
88a9c629f26f8563a72eac95cb0744bc

SHA1
484bca13532678133dc14a668c580be2c1346526

SHA256
3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62

SHA512
b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\fonts\ProximaNova\proxima_nova_light-webfont.eot

MD5
ee9163c34f600221169f8ff531e97182

SHA1
57f0b2c837c94f2a0df47ee62b4639fd6426bfa0

SHA256
53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21

SHA512
d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\icons-checkbox.css

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\icons.css

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\normalize.min.css

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\open-sans.css

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\proximanova.css

MD5
cf0c65f6d17307ccd7914e984ac86a6f

SHA1
4fcef85545731123eb5e3e1886817f8014f22e21

SHA256
58a658fd04bb4aa2ff90ff7125ca6e1775b1a9d053e2cfa44b8697990f9f134e

SHA512
0f171b8839385cd192d10c5c06e1b2284e6f2d7d74b9a9d7559252d1b63b8f94c670aa5225e80a5dce9056e92e0fd1506754c6f94b74703a02b7c4687d4976ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\roboto.css

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\css\style.css

MD5
56f7f26870409fd4928952ca73d66007

SHA1
10383d748386deadaae752edcf0b7a39e9609d48

SHA256
3d09c0356af5403e0c5e0450fd1581b9e01cadce216c2d37450ff84350b004d0

SHA512
da83aecf7025ab1798648c932c59b00b8238bf3c2ec476078b761ef38f4c8db8a353cf696b7352ced931ef1f66ec48de69ff380f5a2c86546df926887e9091cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\drp.css

MD5
d576aace1958756a57d402d546f1ec87

SHA1
0ab2cc1b1b1eb6e192a08d5d7c1d55dc652983f2

SHA256
f6d7d4ddc2991b52eb6ffc9404dabf853e60da92eeabec0f18f5c5736b16c0d0

SHA512
89e7753c19eafe8ed435be7da56ad869b01ae8d3f0d05a3a6f13654ebd3fb4a786b6dc918c82b5ded493db69699f0bfe861735f75bec6fd8d992517fa88f8509

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\drp.js

MD5
5f388dd7663808c1c9d060fda99ea4e2

SHA1
02d151571871d251ac27679a212dd1977e4b865c

SHA256
9780da3ec181f013488f93b0385b1dec1087794c5eac63e11a402877626f1987

SHA512
6060fdcf90f4250f3d3b7ee19d31ef8ed1c7c2d9c825374906a2602d5706cee3ec3a206e30f0556d70d1dd0798edfa29c339f7102606e3d4fea77e08456cfacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2022012443025\run.hta

MD5
d20765817cdb05d0805f682ef9193386

SHA1
5dcee6bf0aeb0e5ffc9500a5d0bfe93ed1302cdc

SHA256
6d61529ce3e58354a6476c51aaff4b28e4ddda2433108376ee5f736e78ee1a04

SHA512
46a030efe7f87f625bd93f7f6487766b78565f9b1b7004d3afec5072969e5f7d93a46f3b446ffbaf0b3cc1a9d837eba17c3d83b07e40281082a1152a8c08a258

Download Submit
C:\Windows\SysWOW64\seceditr.exe

MD5
b1efa4b60dd5a320c46bd784ceca2b02

SHA1
a8cf6b8f55b0618fc35327ee1b8764270065aaa2

SHA256
bba57559a9f0c03308557697d462d8e3013b85a2e500fbb13318fc7be1f1df78

SHA512
e7d762c0af0d2fd9d309e398b6beb743336cc06be5ff3248751114107971fa8318185cd28fc64e2f8df02c802c765d115c7f67abfaf81104db9b7865705e88a5

Download Submit
C:\Windows\SysWOW64\seceditr.exe

MD5
b1efa4b60dd5a320c46bd784ceca2b02

SHA1
a8cf6b8f55b0618fc35327ee1b8764270065aaa2

SHA256
bba57559a9f0c03308557697d462d8e3013b85a2e500fbb13318fc7be1f1df78

SHA512
e7d762c0af0d2fd9d309e398b6beb743336cc06be5ff3248751114107971fa8318185cd28fc64e2f8df02c802c765d115c7f67abfaf81104db9b7865705e88a5

Download Submit
C:\Windows\SysWOW64\winslui32.exe

MD5
90b4df284bd28909047d179f7a0a3391

SHA1
733f28174db6a7462a9112b7c0e46d7b8ead3f9e

SHA256
bb4628f0b29d906f1ec4c41a5fe5f7fe1b53432b765d5ef0a560e8d2ef5e5541

SHA512
89b3850040f18631ea949960d98e64418cb7582aacd70bd41820646a9e87ddae4829bd73d9c6b22f5c257414fa0115d804d5484ec05c170539607bf6c1f13c1f

Download Submit
C:\Windows\SysWOW64\winslui32.exe

MD5
90b4df284bd28909047d179f7a0a3391

SHA1
733f28174db6a7462a9112b7c0e46d7b8ead3f9e

SHA256
bb4628f0b29d906f1ec4c41a5fe5f7fe1b53432b765d5ef0a560e8d2ef5e5541

SHA512
89b3850040f18631ea949960d98e64418cb7582aacd70bd41820646a9e87ddae4829bd73d9c6b22f5c257414fa0115d804d5484ec05c170539607bf6c1f13c1f

Download Submit
\Users\Admin\AppData\Local\Temp\ACB-D11C-335AAF\spools32.exe

MD5
42033175ba348ce6b92b92ad9b59cef0

SHA1
7e7ddb580dfa9cb8d6b31e10565a8bdcce9979fc

SHA256
1017573354b3f082c68aae8fd583beb1018978863c90b2bdb2819349fc225498

SHA512
35973345e0e9bc26f69b07e22ef377bcca9edf10d511c0de60c695860179c38883fe62c72a09f602dc019bf0f12d15ee61e76489e551118b2908a4fd1222d2b0

Download Submit
\Users\Admin\AppData\Local\Temp\DriverPack-17-Online.exe

MD5
65975f0ec8f73437db3a5374b09a441b

SHA1
e5d72c831e501e7a049bf743ddb335c67028d8b8

SHA256
7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652

SHA512
f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf

Download Submit
\Users\Admin\AppData\Local\Temp\nsy512E.tmp\System.dll

MD5
8643641707ff1e4a3e1dfda207b2db72

SHA1
f6d766caa9cafa533a04dd00e34741d276325e13

SHA256
d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25

SHA512
cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

Download Submit
\Windows\SysWOW64\seceditr.exe

MD5
b1efa4b60dd5a320c46bd784ceca2b02

SHA1
a8cf6b8f55b0618fc35327ee1b8764270065aaa2

SHA256
bba57559a9f0c03308557697d462d8e3013b85a2e500fbb13318fc7be1f1df78

SHA512
e7d762c0af0d2fd9d309e398b6beb743336cc06be5ff3248751114107971fa8318185cd28fc64e2f8df02c802c765d115c7f67abfaf81104db9b7865705e88a5

Download Submit
\Windows\SysWOW64\winslui32.exe

MD5
90b4df284bd28909047d179f7a0a3391

SHA1
733f28174db6a7462a9112b7c0e46d7b8ead3f9e

SHA256
bb4628f0b29d906f1ec4c41a5fe5f7fe1b53432b765d5ef0a560e8d2ef5e5541

SHA512
89b3850040f18631ea949960d98e64418cb7582aacd70bd41820646a9e87ddae4829bd73d9c6b22f5c257414fa0115d804d5484ec05c170539607bf6c1f13c1f

Download Submit
\Windows\SysWOW64\winslui32.exe

MD5
90b4df284bd28909047d179f7a0a3391

SHA1
733f28174db6a7462a9112b7c0e46d7b8ead3f9e

SHA256
bb4628f0b29d906f1ec4c41a5fe5f7fe1b53432b765d5ef0a560e8d2ef5e5541

SHA512
89b3850040f18631ea949960d98e64418cb7582aacd70bd41820646a9e87ddae4829bd73d9c6b22f5c257414fa0115d804d5484ec05c170539607bf6c1f13c1f

Download Submit
memory/1524-122-0x0000000006EAF000-0x0000000006EB0000-memory.dmp

Filesize
4KB

Download
memory/1524-121-0x0000000006EAF000-0x0000000006EB0000-memory.dmp

Filesize
4KB

Download
memory/1524-120-0x0000000006EA6000-0x0000000006EA7000-memory.dmp

Filesize
4KB

Download
memory/1744-57-0x00000000763B1000-0x00000000763B3000-memory.dmp

Filesize
8KB

Download