Malware Analysis Report

2024-09-23 14:49

Sample ID 240509-m1gs9sgf25
Target 299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118
SHA256 211c2b34bf222617bc590f0f219cc4232c4484de0302b5ae0843d5d4a55d8cef
Tags
execution evasion upx discovery spyware stealer qr link
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

211c2b34bf222617bc590f0f219cc4232c4484de0302b5ae0843d5d4a55d8cef

Threat Level: Likely malicious

The file 299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

execution evasion upx discovery spyware stealer qr link

Blocklisted process makes network request

Modifies Windows Firewall

UPX packed file

Reads user/profile data of web browsers

Checks installed software on the system

Modifies Windows Firewall

Downloads MZ/PE file

Loads dropped DLL

Program crash

Enumerates physical storage devices

One or more HTTP URLs in qr code identified

Command and Scripting Interpreter: JavaScript

Unsigned PE

NSIS installer

Runs net.exe

Script User-Agent

Suspicious use of WriteProcessMemory

Runs .reg file with regedit

Modifies Internet Explorer settings

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-09 10:55

Signatures

One or more HTTP URLs in qr code identified

qr link

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

122s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ar.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ar.js

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\az.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\az.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 205.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.196.184:443 www.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 184.196.17.2.in-addr.arpa udp
BE 2.17.196.184:443 www.bing.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

98s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bg.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bg.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.113:443 www.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 113.196.17.2.in-addr.arpa udp
BE 2.17.196.113:443 www.bing.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\cs.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\cs.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240508-en

Max time kernel

142s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 224

Network

N/A

Files

memory/2376-0-0x000000006E5C0000-0x000000006E5CD000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ca.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ca.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\de.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4788 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240215-en

Max time kernel

121s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\be.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\be.js

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\config.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\config.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240508-en

Max time kernel

122s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bg.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bg.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

135s

Max time network

101s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bn.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bn.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.91:443 www.bing.com tcp
US 8.8.8.8:53 205.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 91.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
BE 2.17.196.91:443 www.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

30s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Styles C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Styles C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\reg.exe
PID 1720 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\reg.exe
PID 1720 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\reg.exe
PID 1720 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\reg.exe
PID 1720 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 1720 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 1720 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 1720 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2768 wrote to memory of 2080 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2080 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2080 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2080 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2080 wrote to memory of 1612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2080 wrote to memory of 1612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2080 wrote to memory of 1612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2080 wrote to memory of 1612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2768 wrote to memory of 2084 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2084 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2084 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2084 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2084 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2084 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2084 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2084 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2768 wrote to memory of 1524 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 2768 wrote to memory of 1524 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 2768 wrote to memory of 1524 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 2768 wrote to memory of 1524 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 1524 wrote to memory of 1200 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1524 wrote to memory of 1200 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1524 wrote to memory of 1200 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1524 wrote to memory of 1200 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe import "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\Tools\patch.reg"

C:\Windows\SysWOW64\mshta.exe

C:\Windows\system32\mshta.exe "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\run.hta" --sfx "299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_51590.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_47999.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe"

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start wscsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start wscsvc

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe" http://download.drp.su/assistant/beetle/speed-test-5 -o "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\speed-test.log" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_11620.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_42343.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_42343.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_1068.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_1068.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76155.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_76155.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49796.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_49796.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe" http://download.drp.su/assistant/beetle/speed-test-5 -o "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\speed-test.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23284.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_23284.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50604.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_50604.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_1068.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41303.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41303.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76155.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49796.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68720.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_68720.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23284.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_42343.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41303.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50604.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68720.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82308.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_82308.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82308.log"

C:\Windows\SysWOW64\rundll32.exe

rundll32 kernel32,Sleep

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98160.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_98160.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_59644.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_59644.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82385.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_82385.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_59644.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98160.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82385.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48850.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_48850.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_34562.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_34562.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48850.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_34562.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_91612.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_91612.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72933.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72933.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_91612.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72933.log"

C:\Windows\SysWOW64\rundll32.exe

rundll32 kernel32,Sleep

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_47800.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_9941.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_85047.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_92981.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_7660.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60289.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_60289.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_66575.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_66575.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82585.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_82585.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_66575.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82585.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60289.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76854.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_76854.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6605.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_6605.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98155.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_98155.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16243.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_16243.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41522.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41522.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6605.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98155.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76854.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41522.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16243.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94297.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_94297.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94297.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97408.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97408.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33053.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_33053.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_91267.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_91267.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97408.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_91267.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33053.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-SETTINGS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49622.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_49622.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/EXPERT-SETTINGS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49622.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71464.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_71464.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41906.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41906.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97117.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97117.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_54899.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_54899.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71464.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41906.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_54899.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/START-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97117.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_12168.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe" -s || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_16414.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe" -s

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72301.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72301.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97262.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97262.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97262.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/P3-OPERA-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72301.log"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\install.cmd" -s "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comct232.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comct332.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comctl32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comdlg32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\dblist32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mci32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomct2.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomctl.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomm32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msdatgrd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msdatlst.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msflxgrd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mshflxgd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msinet.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msmask32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msstdfmt.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msstkprp.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mswinsck.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\picclp32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\richtx32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\sysinfo.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\tabctl32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msvbvm50.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/COMPILATION-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_64981.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_64981.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/COMPILATION-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_77289.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_77289.txt""

C:\Windows\SysWOW64\regedit.exe

regedit.exe /s VBA60_OCX_License.reg

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\libcrypto-1_1-x64.dll"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/COMPILATION-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_64981.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/COMPILATION-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_77289.log"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\libssl-1_1-x64.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\OpenAL32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\wrap_oal.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\atl70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\atl71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comct232.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comct332.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comctl32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comdlg32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\dblist32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libcrypto-1_1.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libeay32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libssl-1_1.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mci32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70chs.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70cht.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70deu.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70enu.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70esp.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70fra.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70ita.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70jpn.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70kor.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70u.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71CHS.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71CHT.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71DEU.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ENU.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ESP.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71FRA.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ITA.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71JPN.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71KOR.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71u.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomct2.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomctl.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomm32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msdatgrd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msdatlst.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msflxgrd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MShflxgd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msinet.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msmask32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msstdfmt.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MSSTKPRP.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvbvm50.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_1342.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_1342.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_1342.log"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvci70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MSVCP70.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcp71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcr70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcr71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcrt10.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mswinsck.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\OpenAL32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\picclp32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\richtx32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\ssleay32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\sysinfo.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\tabctl32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vb40032.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\wrap_oal.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vb40016.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\vbrun100.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\vbrun200.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vbrun300.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13628.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_13628.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93061.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_93061.txt""

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93061.log"

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en" "http://download.drp.su/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13628.log"

Network

Country Destination Domain Proto
US 8.8.8.8:53 allfont.ru udp
US 172.67.209.192:80 allfont.ru tcp
US 172.67.209.192:443 allfont.ru tcp
US 8.8.8.8:53 auth.drp.su udp
GB 87.117.235.115:80 auth.drp.su tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 update.drp.su udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.231.157:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 93.158.134.119:443 mc.yandex.com tcp
US 8.8.8.8:53 download.drp.su udp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
RU 93.158.134.119:443 mc.yandex.com tcp
US 8.8.8.8:53 download.drp.su udp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.231.157:80 download.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.231.157:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 81.94.192.167:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.231.157:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
US 8.8.8.8:53 download-storage.driverpack.io udp
GB 95.154.194.108:80 download-storage.driverpack.io tcp
US 8.8.8.8:53 download.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 87.117.239.151:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.231.157:80 dl.drp.su tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.239.151:80 dl.drp.su tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.231.157:80 dl.drp.su tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.151:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 download.drp.su udp
GB 87.117.239.151:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
GB 87.117.239.151:80 download.drp.su tcp
GB 87.117.239.151:80 download.drp.su tcp
GB 87.117.239.151:80 download.drp.su tcp
GB 87.117.239.151:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 81.94.192.167:80 download.drp.su tcp
GB 87.117.239.150:80 download.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 87.117.231.157:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp

Files

\Users\Admin\AppData\Local\Temp\nst98F7.tmp\System.dll

MD5 8643641707ff1e4a3e1dfda207b2db72
SHA1 f6d766caa9cafa533a04dd00e34741d276325e13
SHA256 d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25
SHA512 cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\img\installation\drivers\Notebook.png

MD5 e9c35a488b41ffa9645c0592b13c8c15
SHA1 f54aefb44fe34cceae28a808c270fe8f670b922f
SHA256 025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9
SHA512 33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

memory/1720-453-0x0000000000400000-0x0000000000441000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\Tools\patch.reg

MD5 d49db2ec30494b46d332d516cead4969
SHA1 3d9ce116afe59760c9a1c149ddec92a2f92a0028
SHA256 c86ef9ed6e111d166818e8e0adb3cf5e2a3a5dfc6edc932abc298141ed6f2208
SHA512 1314c6bc4095e445c930c0a0a94a83ff39670081ed916337eed2f74e3453702ae0e0187c0e6c933d52868d80c36e9acbe558faf86f10146d0a825b97c3bc261d

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\run.hta

MD5 d20765817cdb05d0805f682ef9193386
SHA1 5dcee6bf0aeb0e5ffc9500a5d0bfe93ed1302cdc
SHA256 6d61529ce3e58354a6476c51aaff4b28e4ddda2433108376ee5f736e78ee1a04
SHA512 46a030efe7f87f625bd93f7f6487766b78565f9b1b7004d3afec5072969e5f7d93a46f3b446ffbaf0b3cc1a9d837eba17c3d83b07e40281082a1152a8c08a258

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\DriverPackSolution.html

MD5 ef5e55c1187442b6278452429b93ef85
SHA1 012bc5f42a31ccb817e12457c50d8ff51450e33b
SHA256 ba9168498ea0e20f95d9c1c67cfb9e4f79e0775db8aac50d2983494316e38281
SHA512 d8e20e220d156793d2c2da462c36cb9708396c2db08faa876aca7fef63bdcd6b7d31a6fc7d78659f682ba30cf73ab7b565a1f9226e434deaa8f86f7f9341c3b8

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\style.css

MD5 20589be5d23018b08a731926fa7a95c1
SHA1 45d848e1fe86188529829c32a3197e9adb3076c4
SHA256 e6fc08a2364fd4797ae92ab58d676f0448ead49c0971a6a4426a93f8ae507629
SHA512 704fe9cc99a8f58386fa0981f9b95b3f35e6ed844bab12f0b4a2f2e045c4e707e12eb7e16ce456d6b4ebd45a3c6bb1d674624e6677a3f8747fb9d3ab1bdb7354

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\icons.css

MD5 ebae852f3327fdaf3e2fc2bf1cdecb8f
SHA1 f9753fe176069974fc9bce49eae877745282e183
SHA256 b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c
SHA512 bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\icons-checkbox.css

MD5 3be98220035017d9b818f3cc94f87587
SHA1 bc07f11d0a59f942ac942dba02214a7041ad6e3a
SHA256 cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc
SHA512 d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\custom-control.css

MD5 f7f8703ada2176dc144343a2c2acb1cd
SHA1 091334a48056a8baafff0cd672232de1c1f6c838
SHA256 7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50
SHA512 27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\config.js

MD5 ac11e452f1fdbf0e70902e6f0ba6c170
SHA1 9f94c6ccd79b5d3b572566f5c1e49e432d094e87
SHA256 cde4e4d41ced1e56d245603b9a9b8f891255e3754222576dd2381a41e5a99ccc
SHA512 84e7c9fd3f9fa0a72a0c75e570c4945376c3ab168dafb1865f453b74a3e453ab3df9f6d84555a52597f1c8f681925a10755ec4df5a77048c8f92c7f8850d13a2

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\drp.js

MD5 3f79b5293be8c52ddd1ba1fbfd136fd9
SHA1 0f6b5e2dd8630d4b38d33b5f3efbddc5c5ce642f
SHA256 c777348d9c87b74a3d6195ebfa60b50ec5dfd19688cc7b61f543d63dbf4b87e7
SHA512 70dd47e16ce80764f1ae9ff557bace69cb9c2c4fd3f72292485a0700a2c4fa6d9e54d88c44bfe0b7a65a963dc66a23d7124cd476630089422a7f1f5a23b0b00a

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\drp.css

MD5 e211b4aa8fdcd2742d48ad039af46245
SHA1 b1e5552147066fa116887122f0f89f56b68bc80a
SHA256 5e3f7784269b62516b470d33ad3c94d7452af24063391e8e0d8e1788cf6cccab
SHA512 e781d7f178ad35bb2da988a527a4c6497081ca7d9bf9e129ef32d75363dfb8297dc110fe562355e741e04e264a5a1c9ee59a3421514321ff417243324d8e08ee

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\proximanova.css

MD5 cf0c65f6d17307ccd7914e984ac86a6f
SHA1 4fcef85545731123eb5e3e1886817f8014f22e21
SHA256 58a658fd04bb4aa2ff90ff7125ca6e1775b1a9d053e2cfa44b8697990f9f134e
SHA512 0f171b8839385cd192d10c5c06e1b2284e6f2d7d74b9a9d7559252d1b63b8f94c670aa5225e80a5dce9056e92e0fd1506754c6f94b74703a02b7c4687d4976ae

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\roboto.css

MD5 f5f5b5e4955262430e7b496247425d2d
SHA1 d4bea186a0d525ce3060e8dd7901311ae4a0735a
SHA256 2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa
SHA512 16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\open-sans.css

MD5 9ed298542b45ef98492e159f68e89f48
SHA1 c4521d9a5dff8a71804c40a909378e8eb5bd66c2
SHA256 b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f
SHA512 1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\normalize.min.css

MD5 e8908cf9cb9504b285327d240187f53b
SHA1 20eadf1695eb38bcd92d1706de5335db61b96502
SHA256 86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463
SHA512 9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\fonts\ProximaNova\proxima_nova_light-webfont.eot

MD5 ee9163c34f600221169f8ff531e97182
SHA1 57f0b2c837c94f2a0df47ee62b4639fd6426bfa0
SHA256 53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21
SHA512 d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\fonts\Open-Sans\opensans-regular-webfont.eot

MD5 88a9c629f26f8563a72eac95cb0744bc
SHA1 484bca13532678133dc14a668c580be2c1346526
SHA256 3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62
SHA512 b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\allfont[1].htm

MD5 5255b05e221a2ee9e73b8d9ca6eaa4ad
SHA1 28d5fbabcdcc49246e71721c45d49a0dd025cb0b
SHA256 ed2ae741d3478834f11bdecc1f4a8e179bc295a99e489936befac5ee4eaf4cc5
SHA512 59941bf156a18037f99367a8455137ffaad3ca0d2da6b3b604e6d17caa4299789b463908cf812e07477aee07e7a6fd4b7fcbad598ffb48d57a76a018da368e05

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\img\screens\new-logo.png

MD5 fafd3d362556a1f9e8cddbdaf26c5356
SHA1 04797d778ba3fc7ad4cc4485c7070297f6efb796
SHA256 efa3de8589b68a4ca83147ed77a67bc6af449928368aab0f740d81c11d78dd90
SHA512 3f532fa1677b50931fe98e9d0addb49c47784ae59a13415b3b91c05366c24c91a89f944a6675ca1feab123cc8d541739094bb25ea115372ac81233b1bbd9014b

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\languages\en.js

MD5 083ce2a9f9747ee4b31846fc70711ff7
SHA1 aa9106535103abfdc9d33462c867d84f9f3c4845
SHA256 1c93749df80fef09e3b7cbdb0ec4c84185f6ea835afa51a480ffc4b2b12410b9
SHA512 3b978d3d8f59c1cd48fd0329a27822f71e7ac4dfd365f9959e5d2d777a2c03104ece1f428b00d17231370b8a627aa118b58392cfa7f2a2a5afa018c07e617a0e

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\img\installation-loader.gif

MD5 753622cdb83a6a695b5e98d7410a3072
SHA1 aa08f1e0ffeea39d3279d5fc8c0f490458b4966a
SHA256 30f1b256b3c6f1b99a240ef7054cc5894aa19f1cd5aae2b977fc5beb9923b556
SHA512 849a4f08728901d4cd907b06b043e250e8166af09f343df3b127302eb5a66ebd4d127384c87d3b18efd27fc964f92e4d2fc9e928f69c40a96dc6cf9e8071ff33

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\fonts\DRPcheckbox\DRPcheckbox.eot

MD5 96d44740679ffaf2e5e1d2a8a75c48ee
SHA1 d7b354e3524bea85e065675d61e0d37c637c87e1
SHA256 c0c660ec085e958acdb6dab93f7df3b8c2375df26399ba9c62c79a14f4a23c58
SHA512 32f60040c4ef1d3e8a7c46f1d078ea0307bbf948761fc053ea14d7edd2dfd41fe6cc2506bed8d0a2275105cf0370592da12c0159824d4de174f7d5e003655ee6

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\fonts\ProximaNova\proxima_nova_regular-webfont.eot

MD5 e5835857d5dddda8d5f0725a386a2d0e
SHA1 4c92001174816e973c374986e52af2428af2f6b6
SHA256 750e86dc4965d1d63216327777239692fcaf377106e0ed9e3b1e73e7eb89b2a8
SHA512 4eee43c691475031bc219bd6bd7001128b62a22b69b89e7668434318b72db61942a58ee85ab49f4864abebeb451b68145543325f1d42840dae7f90b7ea363dd9

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\css\fonts\Roboto\roboto-light-webfont.eot

MD5 889478bc69a9cfe7ce00665a2d307606
SHA1 54ad4852e48a7e4762531fe1dce91b2b95dd5406
SHA256 1ee590bcbf3a5f0c1b70e93ab1332e6a230cd44dc21fdd87b80d7e8bd3ba1499
SHA512 ca1be8f6816206b0fcbd1b131a09424a7ab6c0fd4bf40d1643dde00f9d73fca6883add523ab27fc956d4d0244a4495bc6b6291eefb1ae59ea998e0b67c7fcdfc

C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_51590.txt

MD5 02466847c63e90c5041b8dd7990dce27
SHA1 fdcf71f16e2efcb8815730b4cca5f580b185cf5c
SHA256 195418a93d769a17558aa804568eff487979e62d0731aa8c63d8d0ffc1723321
SHA512 86b11957db369afa71831c72848b897aafd155887467a377484d0346dcaeaac88476cad2331e34a24e7f8ac3a07335dd1e639ae27bfa0d4491dcc6a48a7e6ff3

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\tools\driverpack-wget.exe

MD5 bd126a7b59d5d1f97ba89a3e71425731
SHA1 457b1cd985ed07baffd8c66ff40e9c1b6da93753
SHA256 a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599
SHA512 3ef1b83ea9821cb10f8bc149ec481d1e486d246a0cb51fe7983785529df42c6fe775e0d35c64a97f997cdf294464c7640df392239b96ce1be6143ce8f07b5a8a

memory/1604-554-0x0000000000540000-0x000000000062F000-memory.dmp

memory/2228-558-0x0000000001FC0000-0x00000000020AF000-memory.dmp

memory/2584-563-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2868-567-0x0000000000210000-0x00000000002FF000-memory.dmp

memory/2456-556-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2868-566-0x0000000000210000-0x00000000002FF000-memory.dmp

memory/2660-572-0x0000000002160000-0x000000000224F000-memory.dmp

memory/2020-590-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/848-589-0x0000000002000000-0x00000000020EF000-memory.dmp

memory/2856-608-0x0000000000240000-0x000000000032F000-memory.dmp

memory/2828-613-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2584-612-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2228-611-0x0000000001FC0000-0x00000000020AF000-memory.dmp

memory/2856-610-0x0000000000240000-0x000000000032F000-memory.dmp

memory/2640-594-0x0000000001FE0000-0x00000000020CF000-memory.dmp

memory/2640-593-0x0000000001FE0000-0x00000000020CF000-memory.dmp

memory/2240-585-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2576-584-0x0000000001FD0000-0x00000000020BF000-memory.dmp

memory/2060-583-0x0000000001FB0000-0x000000000209F000-memory.dmp

memory/2060-581-0x0000000001FB0000-0x000000000209F000-memory.dmp

memory/2840-580-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2576-579-0x0000000001FD0000-0x00000000020BF000-memory.dmp

memory/2660-571-0x0000000002160000-0x000000000224F000-memory.dmp

memory/2228-561-0x0000000001FC0000-0x00000000020AF000-memory.dmp

memory/1604-553-0x0000000000540000-0x000000000062F000-memory.dmp

memory/2660-630-0x0000000002160000-0x000000000224F000-memory.dmp

memory/2616-631-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2840-632-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2240-637-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DRIVERS-2.mp3

MD5 009af8af189f6446d8ac3552dc659623
SHA1 77878aa1bb829fcf950fcf0bacd0b5f89e44fbc4
SHA256 9f35f0dbff0fbd1362b8f221550bf9d63e5d30ee8487bb47c78edb1661a52b9b
SHA512 88fe7b3bf30ab34976d5f9ead3dce16861c19810bec70c32a7e651d75842390b0a024bd40ad070d0bf5665b4ef62795f03acaa8070aee2f79165797624bfc9fc

memory/2840-666-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2828-677-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41303.txt

MD5 d0d964be87663c957866cc96319a0f2e
SHA1 5a4af1923a1aa9fbdf7f92e9afbc2e47a0297e7f
SHA256 9a25234ae91ada142892f61bb4a52640d8854872909068b7b1c307a8e16591ed
SHA512 6f4ded4aeca348cd9234ca0ab1db569338793c586e086db06580a1a879c0c62258fcdfc25fe80d7da376508edd9f023d07183ab89c70ed8663d338ac4163b1e1

memory/2616-672-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\P3-OPERA-1.mp3

MD5 acdab38cb356d7bf803a0f4564a9daff
SHA1 d5a994483468219af45006c02931f4cef772bcba
SHA256 e47d2a223c5ba6ea94571d0a20f2343bd1852f8aea44ea0bef1463ca4a54b01c
SHA512 851122293616ff4ec6eb59d5e86da26d236d768198a55b81bd3767d983f4ee2668c4e56fb588ef086c9beee80c23f5687573879d45fd35b81e5d7a3b0fd60d3b

memory/1824-664-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2584-663-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DRIVERS-3.mp3

MD5 4314c886eb7bce481ec3209b96fad7f8
SHA1 e365140263b4903945d6b20926b3b1c66c8d6998
SHA256 540abfdf5e2894d09dded9dfffe2d1be207b484f32f8e0aa237aba52142eeb8a
SHA512 9f83709548764477e812157b86fbd0d958b189861b59e8b2f308f734be04f15f8b82938c178b4eda5ee23c12176791f3792ced856ab3f2fd4391513ee37eb706

memory/1844-658-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DRIVERS-1.mp3

MD5 540072f31fd5aa996268425beac11da8
SHA1 2aee0efdd9ed72e969a1bfa8bc4c84656f972f80
SHA256 1f19a45b24a98014ab4821a1c80b1d2120f54e24cf2517b73f015141d6aa98ed
SHA512 477fa6616ce8a55f5e6e7d0e28eba3e821189a08edc11a238b1066a4ae0f4930c85c5684e2570110f30cd04f4db5ecc230c1088a511f46ac5b8fa2168e72ceb1

memory/2020-656-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\START-2[1].mp3

MD5 76aaf0ec221005a029f871f74e091a72
SHA1 091671daa5d51fd57ea0aab700fcc2ec363554b3
SHA256 f99cdc39100c077170d63352ede27206dbdc439ac985de1a5752b8360d989a12
SHA512 fe333bd11826bb2c61eb1b80ea334127be8d1736b76bee12932cf2ed97ef5e64f5dcdf06800fa8c425c127e68e891670794d27ad9e42defe959bb9823bf85c8e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\intro[1].mp3

MD5 691c1edc79b032ea6d150fc291b7613d
SHA1 56049f75783bbed2aae6d03eb91b752bb16548c3
SHA256 8fcbf2cede0ba798aabc145593b273d3c76596ca9bce0a3138684fa7b416359f
SHA512 df1623c1542bbfe3ca2e6505d46538e6ec0eebbde8d712e03d32e8c22aa2a5e62b8369a3ae9263139f0e523826c15749c188b2005212ce6eb2e033054fdcaaa4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\START-3[1].mp3

MD5 1d67319175e862dd3ebcc415ae18692d
SHA1 6e0327f63b1c5d97aaf1c1e9d51430084c053ae5
SHA256 30895985c3858cd2f60bb1571904a07aae67e8d3b49bed90dd50408d90acceda
SHA512 0358f58871eb33c89dfe85473569fb1ea30a3395d892d42c8bbf0b77ff7178d7d7c4eee2b6b4e941355c073d05235cfee435700417443a6419f03df08805aa3e

memory/2524-705-0x00000000020B0000-0x000000000219F000-memory.dmp

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76155.log

MD5 c384ce97d1c51c038cb4c5ae2e8f1f22
SHA1 2e9b2be223084213a930ba3a51b879655b2bb1b2
SHA256 80c1115979df932739f2e68fa850aaeda1544b9a2ff4db553f666d78a6ef14eb
SHA512 0a8942aac717209a8aef583e2e3c8262059d777c0849534e1ec5fc855259bedadbfc526a62cedb49c791e244de7582b6d35db6a294f3d6013943e48f40d7d882

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68720.log

MD5 acad98c98c553c5d17668220a00e536a
SHA1 dc99e24bf33a1cff1eb00208908d295ec5abebbd
SHA256 29cafe1afc7bf15f5ce4b8235b15e39a0dd69a109d0edee6517a6d9c5167fae4
SHA512 f87bb6192356615af69d70ef5b2cd05a71da25e9127524ca7d56256a0d93a95e6d447aab8ffeeeb74162eeaf65796015e85e5a97a998ee0317f938f0ce6ab353

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50604.log

MD5 34abf3516a764e050ffddfe00d3f0ffc
SHA1 56c00344d7481a9b3c283eeb8d571ebb9846a28a
SHA256 284a02bede6088429ca8762d6e756c67ba405d69ba4727152deba7c212fd4b9b
SHA512 2618883d3bb6f9b73293c0d5941bfcfc5297e8f05a3c977efaa9aa21beffa5f0408050de0f7155b2b67780479e620c43b1eb323d77c8af7527fca37ec23ea340

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49796.log

MD5 3c7798d99daf04eb6b8577085feac0e4
SHA1 92d04e2041f7fb0e0ace97650fc6d6a4ddc338e2
SHA256 b6fa0e3f4d1c8cd566d5e82d340b259ee3f31cdf1227bd66e99e08bdbcccd5c6
SHA512 b6ef1892b342d61c79241dcccb653ad6d421c83fcba317b572c3f8f291bfd5564292f6c0dde216f15d037e7b08b9dfad980dc38a35fe75347932f00ebe1130a5

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_42343.log

MD5 d0d604dd3d2d40050e22173bfac83238
SHA1 44c355b1f56e99e461af6c0c4d06d41faf083763
SHA256 657bddad3c1fa59eb61e8b9f8c83b46a22753045e32f1450f27e57672c90845b
SHA512 d602ed86e157a3a1b706c0cf55fc4425c8bbfb561424d1dc419c2ed2e6e5b596fb2fa03781a9ecd59124fd63329b9e267cd826a3459ec050581b85952c634550

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41303.log

MD5 a4ea093f9919f5a1cd48dbb869da0120
SHA1 fd4ef030246a1fce4f1ab29b972172120192a8b4
SHA256 eeab86c6104db6973077b1817ebf5ac41e0bc499a4654048c2645117d2309265
SHA512 aef8cb00f5b8df57bd217b4f1a03810cda05c93f9a39167e88a12ef3b20c3ab9a3476dadd0b17d41d074450d632da6d0efba5d75fec2959b177f465cefdf2a5a

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23284.log

MD5 53a10c3c8220483ce8a53eef147bd84c
SHA1 4e4a6e68a82242db403de876d135c3048ae9c3e2
SHA256 0ef44ba2250d967ecf20dbe317876ce729a0643848a7b8024dcb6edd6a27df12
SHA512 00d2b956e1528810817dab8b18b3cdb601c84c5f1e72414089304dd874ebd8ac3082bf89d2bfba59defc4939f0db1ec0fa1a7fbe634243c1342f5f1e32238abb

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_1068.log

MD5 3ed09a7cb0082ddc748bdf7b485f3d71
SHA1 bdb4fa451560dad139fd4e73f36ab608d2f7bc73
SHA256 117fffe2509b5ee640e41f1bc75d753196e707e834be3758c6bafcd451a06244
SHA512 682b1e6ee4c737ae311196efd95c68820ee0134aa021741530c7393a21b84299a7bfa3a13476855c20fe20e9579ff8c4bbe0a807467c14caea67026ff65801f5

memory/2456-717-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2456-721-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\P3-OPERA-2.mp3

MD5 bcf391863f1e2c7a79df9488c5fd61df
SHA1 7f1e33d2b2ac6584091bb0d60d5a85af6eac8e7b
SHA256 70f9baa47404c2e4d3da11aefd7fcc99fd3cb41110f4da813a6e6be3d6816e29
SHA512 66c2425fff291e59e9c8d0ce04b84234e3232dad94f88de0b5a85cb02eff0a372c3384ff10459e202abdcb9ff15c1afd6b3d90ffa20b9eff5da1931c65c056fa

memory/2172-728-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/952-735-0x0000000002130000-0x000000000221F000-memory.dmp

memory/564-740-0x0000000001FB0000-0x000000000209F000-memory.dmp

memory/1036-745-0x0000000002010000-0x00000000020FF000-memory.dmp

memory/2016-742-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/564-741-0x0000000001FB0000-0x000000000209F000-memory.dmp

memory/792-748-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/952-747-0x0000000002130000-0x000000000221F000-memory.dmp

memory/2948-749-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1036-746-0x0000000002010000-0x00000000020FF000-memory.dmp

memory/2948-756-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2016-759-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/792-755-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1996-763-0x0000000000280000-0x000000000036F000-memory.dmp

memory/1996-762-0x0000000000280000-0x000000000036F000-memory.dmp

memory/2636-764-0x0000000002060000-0x000000000214F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROGRAMS-1.mp3

MD5 f5d09d70c6d2a65691a2a81ede02e67d
SHA1 11185e544d995b3038afd0935b85185b8883e69e
SHA256 3a5402536eebf3a5c29ca1e80cb756f9eeacdc8b09762d9a67f344019ceb657d
SHA512 91341667b3b0bf254203fafd1b8144910557ab8a7d7c6e4cd71fa21489e49d4914e5fb00ae571e2e981e520387cb83621ad222b831eb0abec8cc1a199b57f68c

memory/620-781-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROGRAMS-2.mp3

MD5 a75bdbf4a6eaa47f072ecfb9365680e3
SHA1 8be8fb77603f01c593864cdffe74c227b52502ae
SHA256 a28895c390580f1c9748a6daa1ab37d92c8aec2c395e5484d180d5521a830dfe
SHA512 04b40a64ace4804a6529e1999cf48c33964afa55345d998390a982157c7625a2312d52c79bec8df75fb46f3cab32304dbfbf432141b8c955008218ff26d2e5a3

memory/2944-787-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2804-794-0x0000000002050000-0x000000000213F000-memory.dmp

memory/2804-793-0x0000000002050000-0x000000000213F000-memory.dmp

memory/1696-796-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1784-795-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1784-836-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1696-841-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3

MD5 c32b72662de149efdde414c6f62b755a
SHA1 219b03d40974b059bb3a162f61c2aa1446d0fa51
SHA256 a5062cbc572ce18afb6e590a74a299f288c593de995841c13981c25a5cc3fcf1
SHA512 f57805be7b781fbc160cabbe2594f3f0aaa45d74608eff486ec077b065abcd87ced756f60ede04d1c9b55bed2932fb7fceabc56e22aa80ec719fb62c6247cbbf

memory/2736-854-0x0000000001F80000-0x000000000206F000-memory.dmp

memory/1848-858-0x0000000002020000-0x000000000210F000-memory.dmp

memory/2948-857-0x0000000001F90000-0x000000000207F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROTECT-3.mp3

MD5 f0f1e1787b8a0a7080bb3b20cbefb6f1
SHA1 af6cd03851f375bd3606a47693ed7cfac3a91401
SHA256 996744756df49ce498243a7fcd70cf5cc9c55f399b8027ed712485c6843d1ced
SHA512 74075cf3563b27fee97792a20a8953b652a7047c60e82d70e7595159f5e132f3435349e19784d71252fb134a234b603917b5418c919ce4ac068de65692610a75

memory/2116-871-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2040-873-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2684-875-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2716-876-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2376-874-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2580-877-0x0000000000990000-0x0000000000F45000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROTECT-1.mp3

MD5 1c404baefb6d12a0792fc622b2d68cc7
SHA1 564a16fe633873ee52161ff439162bae299c3bcd
SHA256 9545c34922b77b59a2fb172bad55f064e14761cf213b89061164cdcbdf8963a7
SHA512 8af7ebf97b73182306e96e6f98a6103ffbb3f8faeee032cd1280326ec2607018c868822114bb4b9527692c5377880d280a2387067bd5a63e2fbfc22752a57ced

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-PROTECT-2.mp3

MD5 b93826701c603537a71054bca4cde2f4
SHA1 28e4e28877a3fc864c42072770e604790656d98f
SHA256 82d48381d03dba7f4a566420a4921553c6aa15bc6a22bc6e08bb6e8466af8274
SHA512 8231dda9f00aa4517f2b43d55df704296615bb0022e3a04c779295382ea3866f194741b77838fc516cf1f4d1ce59801cb80a98ee010e9b3a719bb28155e3b6dc

memory/2704-885-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2472-887-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2540-897-0x0000000001F70000-0x000000000205F000-memory.dmp

memory/2564-899-0x0000000000180000-0x000000000026F000-memory.dmp

memory/2516-903-0x0000000002020000-0x000000000210F000-memory.dmp

memory/2680-907-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2600-906-0x0000000002090000-0x000000000217F000-memory.dmp

memory/1780-912-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1780-923-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2680-926-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1400-925-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DIAGNOSTICS-2.mp3

MD5 7afb5dcd2817c489e3a501b6e13c9729
SHA1 87ed1fdfd13c41d3e5afc9b9d2f9a5d843e79bca
SHA256 37570e3dd380a1c779db17d7b4ee8b0ca4a25a2302f7112f087c7ab7dc7da517
SHA512 3bd1eba015c363e685e1f7f916c7f522459b4d1fb6e8be678516180d460405097fd4f568c4cd70123fb434037e95ccd607cba36c388283286c9e1a9a98e95aad

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DIAGNOSTICS-1.mp3

MD5 3cb1be978be0c10212b4def521ea8d2c
SHA1 eb78e45b0f9a824d2395ee69dc341b34b7d0cddc
SHA256 f2bf2a1650d308c862394383a09529f8d7ab7313707d6545ceb35f841412645e
SHA512 bb0e0361e8077ab54734519c7b5c87bce18b65782c381cb7f32ad5727f86314563176c3bca76589f716c2a455360864321af6a2c2cd6c45acbf4a9080e417210

memory/2012-937-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2844-938-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1664-941-0x0000000001F50000-0x000000000203F000-memory.dmp

memory/1664-942-0x0000000001F50000-0x000000000203F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-DIAGNOSTICS-6.mp3

MD5 ee7ef721982941fedb8891f5778c99c0
SHA1 e105c9f19515e4238c3f0380fd6b25c5dfc0e886
SHA256 0116eef284c5228183cfd27992eda255775e5ea88b4e7739f2779967bd1b6fb8
SHA512 922c9fa44da70cf40e6de1d2c644db838fb78c0cc0ea0a89dc1c467ae66378aff77eb2302625b1efbb70108beaf7cb3d67c53872693219496b1480aa92e11022

memory/2740-957-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2472-959-0x0000000002030000-0x000000000211F000-memory.dmp

memory/2472-960-0x0000000002030000-0x000000000211F000-memory.dmp

memory/2504-964-0x0000000001FA0000-0x000000000208F000-memory.dmp

memory/1300-965-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1864-963-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2948-962-0x0000000001FF0000-0x00000000020DF000-memory.dmp

memory/1608-961-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1608-990-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1864-994-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1300-996-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-CONFIGURATOR-2.mp3

MD5 3c47fb862e42d7a657bb02ddacde77d7
SHA1 09d56b2f04121e0a59a5439499c3dd10fecfaf2a
SHA256 5a3e6a91181f9c87c354447d4e8c06a49cebfd06b2bb76683f44bb6a3200ee86
SHA512 9c19726deca2c6c509d1e3b74aecbe7aabb596f081a16c05d2f3a7691d1978bbbf5201bdb2fc09f0ece6e99308aed63ca51552fa020c379dff85ebdb1f8fe7d8

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-CONFIGURATOR-3.mp3

MD5 991ab55460152ce376b9bf282d7a2569
SHA1 294f940c04d58624aa4099d48e7752dc54f651d1
SHA256 78ae68bedd64b4cae4dadcf69c184b62c709756f9e2128bb178311431b4129ee
SHA512 4b470c1766eeb3a22d125768c0e7691cf81b9eb500f0e910bba2546601419a2a56bda79dc8e7bb7be56e71396ad09b6f3565242934b9f3ad02b31b7cc98f918b

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-CONFIGURATOR-1.mp3

MD5 922abcf8dbba88c31e06d3c359cf44bb
SHA1 7af83f4c518c37c925193348eb985c0f76468f2c
SHA256 3aa947528d8e22c95fc3c2c189a223293746f65aa04a034ab7e51f07108b0e63
SHA512 4529377aca4503dfcc6a2956f4e9b1fe357b71e7e15c0da6e8214e92d3409b4845bd6e9c66a8f0ec76d225ec5d4fe43f6eda4ebc4fec3304591ae71f999789bf

memory/2776-1000-0x0000000001FA0000-0x000000000208F000-memory.dmp

memory/2776-1001-0x0000000001FA0000-0x000000000208F000-memory.dmp

memory/2068-1010-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\EXPERT-SETTINGS-1.mp3

MD5 c71332f76d4e33dcdb1702b6f65c4b0d
SHA1 df6151eec74f279e30fea571e26e1a37f39a6c4c
SHA256 c924ba594bd39760e0939729a27a0bc201f61f8f2edc5123e4841f13cb7c5ccd
SHA512 f69e2b356e619de01196f8607043294fd143a5bb224beb7e72eba484107e1350dfc0b04df64186bfcb9ba96041ebe01b5566dd6af6ca3d902ef56ed6a3218361

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\START-1[1].mp3

MD5 a418fcd9166bd7d125af4c2239cbac01
SHA1 4848c54f7f244decb420cb6d5d8a9c3416030afd
SHA256 aa8ddf3226fc79b6c30f0734010be378623fdf22835a8b828bc7f7ff4d74dd10
SHA512 61fb80ad45a06432598db24367db7f5e5bf379cf60c286d17d4390fdff931c70e916708aa3a4e78f572c9b861bf5abf0c8e6b8f6fa880c3504e008c65520b76e

memory/2624-1034-0x0000000000420000-0x000000000050F000-memory.dmp

memory/1648-1033-0x0000000001F80000-0x000000000206F000-memory.dmp

memory/1648-1032-0x0000000001F80000-0x000000000206F000-memory.dmp

memory/964-1037-0x0000000001FD0000-0x00000000020BF000-memory.dmp

memory/1972-1036-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2624-1035-0x0000000000420000-0x000000000050F000-memory.dmp

memory/2116-1038-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2968-1059-0x0000000076BD0000-0x0000000076CCA000-memory.dmp

memory/2968-1058-0x0000000076CD0000-0x0000000076DEF000-memory.dmp

memory/2376-1063-0x0000000000990000-0x0000000000F45000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\install.cmd

MD5 35364c85c52a67d49d59a010d2588247
SHA1 16b5d087a625f86a8906d62943cd109dd461e34a
SHA256 135bd8395ff08553815ebea4892331e801d36e2c601d1ec82a55ab1bbc6bb0fa
SHA512 9ab44039bd8e9c4cc748c98329cacc475d241345c4a934ecd875d0023115ede4a1aef7b93d299dbfcdc00ce9a9133691022ca39490744bb84d3388cff78e7c91

memory/2040-1369-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2716-1371-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2684-1370-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/2580-1372-0x0000000000990000-0x0000000000F45000-memory.dmp

memory/1536-1374-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\COMPILATION-2.mp3

MD5 23729fcb2e9a23176d38d28f15bf66f9
SHA1 514b08f62314a23819c58028500a0db307a97089
SHA256 d25c6a14bf6694641f0237ddeb0aef74112e1cae7acf77f753cbe20bb8bbd203
SHA512 1cdc4d9f4c5b5c5b81169b4e9191ca9aeb5bf5ed80abb0af38101df633716f62fff99d234a4b42ac080a3129112a485970b67c3534d21740ca2ce4c4ea5475de

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\COMPILATION-1.mp3

MD5 d5800b717dce8df22f91e4fd5d8f9eff
SHA1 f36a1dab13378844b90449f35dd76b7fa962b801
SHA256 ae70f1cc64550e94420d87adcaad724d1249982742c3bde5febad04eff28f988
SHA512 9ad4fc956b30ea4bbe35e8acb6837a9732d0cb43bb885857c5c244a9fb5a50a2826415b6f89631a27c3ed4ffd3eef3be93eb1375200fba7100694a098665f1e2

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105602\audio\en\CONTINUOUS-1.mp3

MD5 efa6f5d70c558614f18c17d54c155fe9
SHA1 5fcd5fe13f7e8dcb80c8f3f3febf6cdd00c67c9e
SHA256 571aed8d5306ecfa709dc894f6fe66176bc99380ee42694328b3da237fd6b989
SHA512 0e89ef7cb550ed7340b7e7fb612273938c5b0ce61edb8f4aca1782982067fbb51d099ae2fdf27782173ba0182f487c9fc6b11fe67b109f0c510ef8f2dc8f35cd

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240220-en

Max time kernel

120s

Max time network

125s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\run.hta"

Signatures

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Runs net.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 1492 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 1492 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 1492 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 1492 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 1492 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1492 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1492 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1492 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 3040 wrote to memory of 2664 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 2664 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 2664 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 3040 wrote to memory of 2664 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2664 wrote to memory of 1564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2664 wrote to memory of 1564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2664 wrote to memory of 1564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2664 wrote to memory of 1564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 3040 wrote to memory of 332 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 3040 wrote to memory of 332 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 3040 wrote to memory of 332 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 3040 wrote to memory of 332 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\net.exe
PID 332 wrote to memory of 1740 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 332 wrote to memory of 1740 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 332 wrote to memory of 1740 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 332 wrote to memory of 1740 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe
PID 3040 wrote to memory of 1696 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\run.hta"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_43761.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\Tools\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_30360.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\Tools\tools\aria2c.exe"

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start wscsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start wscsvc

C:\Windows\SysWOW64\rundll32.exe

rundll32 kernel32,Sleep

Network

Country Destination Domain Proto
US 8.8.8.8:53 allfont.ru udp
US 188.114.97.2:80 allfont.ru tcp
US 188.114.97.2:443 allfont.ru tcp
US 8.8.8.8:53 auth.drp.su udp
GB 87.117.235.115:80 auth.drp.su tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 update.drp.su udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 37.9.8.75:80 update.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 142.250.179.238:80 www.google-analytics.com tcp
GB 142.250.179.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.18.190.71:80 crl.microsoft.com tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\allfont[1].htm

MD5 5255b05e221a2ee9e73b8d9ca6eaa4ad
SHA1 28d5fbabcdcc49246e71721c45d49a0dd025cb0b
SHA256 ed2ae741d3478834f11bdecc1f4a8e179bc295a99e489936befac5ee4eaf4cc5
SHA512 59941bf156a18037f99367a8455137ffaad3ca0d2da6b3b604e6d17caa4299789b463908cf812e07477aee07e7a6fd4b7fcbad598ffb48d57a76a018da368e05

memory/3040-28-0x0000000005A70000-0x0000000005A90000-memory.dmp

memory/3040-29-0x0000000005A70000-0x0000000005A90000-memory.dmp

memory/3040-34-0x0000000005A70000-0x0000000005A90000-memory.dmp

C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_43761.txt

MD5 02466847c63e90c5041b8dd7990dce27
SHA1 fdcf71f16e2efcb8815730b4cca5f580b185cf5c
SHA256 195418a93d769a17558aa804568eff487979e62d0731aa8c63d8d0ffc1723321
SHA512 86b11957db369afa71831c72848b897aafd155887467a377484d0346dcaeaac88476cad2331e34a24e7f8ac3a07335dd1e639ae27bfa0d4491dcc6a48a7e6ff3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\collect[1].gif

MD5 28d6814f309ea289f847c69cf91194c6
SHA1 0f4e929dd5bb2564f7ab9c76338e04e292a42ace
SHA256 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
SHA512 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

memory/3040-112-0x0000000005A70000-0x0000000005A90000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

141s

Max time network

110s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\run.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Signatures

N/A

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\run.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
BE 2.17.196.106:443 www.bing.com tcp
US 8.8.8.8:53 106.196.17.2.in-addr.arpa udp
BE 2.17.196.91:443 www.bing.com tcp
US 8.8.8.8:53 91.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

137s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\drp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\drp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.122:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
BE 2.17.196.122:443 www.bing.com tcp
US 8.8.8.8:53 122.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\de.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240215-en

Max time kernel

118s

Max time network

127s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\modules\bugreport.hta"

Signatures

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\modules\bugreport.hta"

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240508-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\drp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\drp.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\el.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\el.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.96:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 96.196.17.2.in-addr.arpa udp
BE 2.17.196.96:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Styles C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Styles C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295" C:\Windows\SysWOW64\reg.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe import "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\Tools\patch.reg"

C:\Windows\SysWOW64\mshta.exe

C:\Windows\system32\mshta.exe "C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\run.hta" --sfx "299f2c755b4d230d0d1ed70d9026df3f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nst5083.tmp\System.dll

MD5 8643641707ff1e4a3e1dfda207b2db72
SHA1 f6d766caa9cafa533a04dd00e34741d276325e13
SHA256 d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25
SHA512 cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\img\installation\drivers\Notebook.png

MD5 e9c35a488b41ffa9645c0592b13c8c15
SHA1 f54aefb44fe34cceae28a808c270fe8f670b922f
SHA256 025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9
SHA512 33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

memory/4564-453-0x0000000000400000-0x0000000000441000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\Tools\patch.reg

MD5 d49db2ec30494b46d332d516cead4969
SHA1 3d9ce116afe59760c9a1c149ddec92a2f92a0028
SHA256 c86ef9ed6e111d166818e8e0adb3cf5e2a3a5dfc6edc932abc298141ed6f2208
SHA512 1314c6bc4095e445c930c0a0a94a83ff39670081ed916337eed2f74e3453702ae0e0187c0e6c933d52868d80c36e9acbe558faf86f10146d0a825b97c3bc261d

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\run.hta

MD5 d20765817cdb05d0805f682ef9193386
SHA1 5dcee6bf0aeb0e5ffc9500a5d0bfe93ed1302cdc
SHA256 6d61529ce3e58354a6476c51aaff4b28e4ddda2433108376ee5f736e78ee1a04
SHA512 46a030efe7f87f625bd93f7f6487766b78565f9b1b7004d3afec5072969e5f7d93a46f3b446ffbaf0b3cc1a9d837eba17c3d83b07e40281082a1152a8c08a258

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\DriverPackSolution.html

MD5 ef5e55c1187442b6278452429b93ef85
SHA1 012bc5f42a31ccb817e12457c50d8ff51450e33b
SHA256 ba9168498ea0e20f95d9c1c67cfb9e4f79e0775db8aac50d2983494316e38281
SHA512 d8e20e220d156793d2c2da462c36cb9708396c2db08faa876aca7fef63bdcd6b7d31a6fc7d78659f682ba30cf73ab7b565a1f9226e434deaa8f86f7f9341c3b8

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\style.css

MD5 20589be5d23018b08a731926fa7a95c1
SHA1 45d848e1fe86188529829c32a3197e9adb3076c4
SHA256 e6fc08a2364fd4797ae92ab58d676f0448ead49c0971a6a4426a93f8ae507629
SHA512 704fe9cc99a8f58386fa0981f9b95b3f35e6ed844bab12f0b4a2f2e045c4e707e12eb7e16ce456d6b4ebd45a3c6bb1d674624e6677a3f8747fb9d3ab1bdb7354

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\custom-control.css

MD5 f7f8703ada2176dc144343a2c2acb1cd
SHA1 091334a48056a8baafff0cd672232de1c1f6c838
SHA256 7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50
SHA512 27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\drp.js

MD5 3f79b5293be8c52ddd1ba1fbfd136fd9
SHA1 0f6b5e2dd8630d4b38d33b5f3efbddc5c5ce642f
SHA256 c777348d9c87b74a3d6195ebfa60b50ec5dfd19688cc7b61f543d63dbf4b87e7
SHA512 70dd47e16ce80764f1ae9ff557bace69cb9c2c4fd3f72292485a0700a2c4fa6d9e54d88c44bfe0b7a65a963dc66a23d7124cd476630089422a7f1f5a23b0b00a

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\config.js

MD5 ac11e452f1fdbf0e70902e6f0ba6c170
SHA1 9f94c6ccd79b5d3b572566f5c1e49e432d094e87
SHA256 cde4e4d41ced1e56d245603b9a9b8f891255e3754222576dd2381a41e5a99ccc
SHA512 84e7c9fd3f9fa0a72a0c75e570c4945376c3ab168dafb1865f453b74a3e453ab3df9f6d84555a52597f1c8f681925a10755ec4df5a77048c8f92c7f8850d13a2

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\drp.css

MD5 e211b4aa8fdcd2742d48ad039af46245
SHA1 b1e5552147066fa116887122f0f89f56b68bc80a
SHA256 5e3f7784269b62516b470d33ad3c94d7452af24063391e8e0d8e1788cf6cccab
SHA512 e781d7f178ad35bb2da988a527a4c6497081ca7d9bf9e129ef32d75363dfb8297dc110fe562355e741e04e264a5a1c9ee59a3421514321ff417243324d8e08ee

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\icons.css

MD5 ebae852f3327fdaf3e2fc2bf1cdecb8f
SHA1 f9753fe176069974fc9bce49eae877745282e183
SHA256 b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c
SHA512 bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\proximanova.css

MD5 cf0c65f6d17307ccd7914e984ac86a6f
SHA1 4fcef85545731123eb5e3e1886817f8014f22e21
SHA256 58a658fd04bb4aa2ff90ff7125ca6e1775b1a9d053e2cfa44b8697990f9f134e
SHA512 0f171b8839385cd192d10c5c06e1b2284e6f2d7d74b9a9d7559252d1b63b8f94c670aa5225e80a5dce9056e92e0fd1506754c6f94b74703a02b7c4687d4976ae

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\open-sans.css

MD5 9ed298542b45ef98492e159f68e89f48
SHA1 c4521d9a5dff8a71804c40a909378e8eb5bd66c2
SHA256 b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f
SHA512 1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\normalize.min.css

MD5 e8908cf9cb9504b285327d240187f53b
SHA1 20eadf1695eb38bcd92d1706de5335db61b96502
SHA256 86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463
SHA512 9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\icons-checkbox.css

MD5 3be98220035017d9b818f3cc94f87587
SHA1 bc07f11d0a59f942ac942dba02214a7041ad6e3a
SHA256 cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc
SHA512 d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

C:\Users\Admin\AppData\Local\Temp\DriverPack-20240509105555\css\roboto.css

MD5 f5f5b5e4955262430e7b496247425d2d
SHA1 d4bea186a0d525ce3060e8dd7901311ae4a0735a
SHA256 2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa
SHA512 16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\be.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\be.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
BE 2.17.196.184:443 www.bing.com tcp
US 8.8.8.8:53 184.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.253.116.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bn.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\bn.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240508-en

Max time kernel

120s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ca.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ca.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\cs.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\cs.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
BE 2.17.196.91:443 www.bing.com tcp
US 8.8.8.8:53 91.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
BE 2.17.196.184:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 184.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240508-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\az.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\az.js

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\js\soft.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\js\soft.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20231129-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\el.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\el.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win7-20240419-en

Max time kernel

120s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\config.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\config.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240226-en

Max time kernel

139s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4820 wrote to memory of 1028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4820 wrote to memory of 1028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4820 wrote to memory of 1028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1028 -ip 1028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3460 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 205.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.178.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/1028-0-0x000000006E5C0000-0x000000006E5CD000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

133s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\modules\bugreport.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Signatures

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\mshta.exe

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Tools\modules\bugreport.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4448 -ip 4448

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=996,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=1276 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

100s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\js\soft.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\js\soft.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-09 10:55

Reported

2024-05-09 10:58

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ar.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\languages\ar.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

N/A