396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e

Analysis

max time kernel
141s
max time network
149s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-05-2023 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe
Size

6.0MB
MD5

c65a354ac28f2f45c7ca8a38e4f778d6
SHA1

42d84f6be5cfa1503dc7bd8275073872d71a4fc0
SHA256

396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e
SHA512

7acba2651fb1378a97c47ce6723808235ddd74d2cb736f5fb6f28a241f3b33188e9a511c6be2eb3ca8e7cad68c05a76a0c853edc5a417a16aacd5c0388950017
SSDEEP

98304:KSi1jH0UJukUYMwioEgGU9KM+ZFNIO05p0oO2gz8+fyTx:MUvkUMiij9KM+7Npc0R4+KTx

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DriverDoc\is-C9977.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-7SITG.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-BTSS5.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-BO64A.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-3AEH5.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-M3P2F.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-NG08B.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-LJD82.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-BS046.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0EN8U.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Russian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Brazilian.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-KIQ4E.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-L77LA.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0T9IM.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-S7IIT.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-B26P7.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-8Q3OF.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-421CB.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-U3AAG.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-N23MF.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-J7FNM.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-72OVI.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-8HDBD.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Dutch.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-CS1QO.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0HLSD.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-EHSK7.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-JD6PL.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-548O9.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-5QPR2.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-6P4P6.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-AM3GT.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Norwegian.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-QT5I8.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-O2TJJ.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-6R3O8.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Finnish.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Japanese.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\unins000.dat	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-P4N0M.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Italian.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Spanish.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-918HU.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-T2U1U.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DOCSchedule.exe	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Polish.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Portuguese.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\French.chm	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0JPMI.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\is-VVO3O.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\English.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\German.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-UKJAO.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-H7JK8.tmp	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp

Executes dropped EXE 4 IoCs

pid	Process
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
1948	DriverDoc.exe
584	DriverDoc.exe
564	DriverPro.exe

Loads dropped DLL 10 IoCs

pid	Process
324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
1948	DriverDoc.exe
584	DriverDoc.exe
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
564	DriverPro.exe
564	DriverPro.exe
584	DriverDoc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 4 IoCs

evasion

pid	Process
1116	taskkill.exe
396	taskkill.exe
1108	taskkill.exe
320	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\Total = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006e8f12fa8cd8fd499ff2c01df6bc8a3c00000000020000000000106600000001000020000000fe330547283341f5d6313321b31e397082431747ad5359d48b9d8743e8eb38a3000000000e800000000200002000000039f1d448de27645f343ec633bb809d90c60b7e58e17999c085780776b3922f6f90000000c178575f05abf05ff42636aeb60426d6ccc31611d3b69dc5706517163f0de1e40d97ca3a99d09014b6a7ddd827a48cfc143b4acd46066ef12e6a40b3d3bca36e1d14cbe27dcdcfea867849ad7c0d1d325e87ec4e932ccd2868015096f3f025ae63e42f3fdec5289bfbfac0b0772f072d3fed1cb66ccd55254bfc4f57a8938517d716595e0c7f653423522029336949f74000000055a90809f7efed96f76d320b694017ac1c9613440cfbd40a0cbc2e6b65efe99b410cbc194aaad1ec73aa9b3a8d4605e4bbafd03f71626c3b064f98a0d8e74382	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "51"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com\ = "51"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006e8f12fa8cd8fd499ff2c01df6bc8a3c00000000020000000000106600000001000020000000ffae8fede6a0d1ca33b74f02bfa553f9b94bd8a281976565f3f2f07b569c321d000000000e8000000002000020000000e3b6385ccb63ebf3fc9a6aed95f31b86adaa3e61ac02c3aafc7fae65f330fe3220000000b024b762fb36c54e6b197424d9a5baac1c4e2407d09dfcaccabfb43f7948e51d400000005b8b72c8da4ce966033c6dd5989193a83351cd95ede09c40925721bd67616a90aeada0ce3b9684e91039df42e3d1d2fee75903eebda2761247c6359e80402736	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20dd25d29481d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5D7CD51-ED87-11ED-AC42-C227D5A71BE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	DriverDoc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	DriverDoc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	DriverDoc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverDoc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverDoc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverDoc.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
1948	DriverDoc.exe
564	DriverPro.exe
564	DriverPro.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
584	DriverDoc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	1108	taskkill.exe
Token: SeDebugPrivilege	320	taskkill.exe
Token: SeDebugPrivilege	1116	taskkill.exe
Token: SeDebugPrivilege	396	taskkill.exe
Token: SeDebugPrivilege	1948	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	1948	DriverDoc.exe
Token: SeImpersonatePrivilege	1948	DriverDoc.exe
Token: SeLoadDriverPrivilege	1948	DriverDoc.exe
Token: SeDebugPrivilege	584	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	584	DriverDoc.exe
Token: SeImpersonatePrivilege	584	DriverDoc.exe
Token: SeLoadDriverPrivilege	584	DriverDoc.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
1624	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1624	iexplore.exe
1624	iexplore.exe
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 324 wrote to memory of 2000	324	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe	26
PID 2000 wrote to memory of 1108	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	27
PID 2000 wrote to memory of 1108	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	27
PID 2000 wrote to memory of 1108	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	27
PID 2000 wrote to memory of 1108	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	27
PID 2000 wrote to memory of 320	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	30
PID 2000 wrote to memory of 320	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	30
PID 2000 wrote to memory of 320	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	30
PID 2000 wrote to memory of 320	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	30
PID 2000 wrote to memory of 1116	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	32
PID 2000 wrote to memory of 1116	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	32
PID 2000 wrote to memory of 1116	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	32
PID 2000 wrote to memory of 1116	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	32
PID 2000 wrote to memory of 396	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	34
PID 2000 wrote to memory of 396	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	34
PID 2000 wrote to memory of 396	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	34
PID 2000 wrote to memory of 396	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	34
PID 2000 wrote to memory of 1948	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	39
PID 2000 wrote to memory of 1948	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	39
PID 2000 wrote to memory of 1948	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	39
PID 2000 wrote to memory of 1948	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	39
PID 2000 wrote to memory of 584	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	40
PID 2000 wrote to memory of 584	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	40
PID 2000 wrote to memory of 584	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	40
PID 2000 wrote to memory of 584	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	40
PID 2000 wrote to memory of 564	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	41
PID 2000 wrote to memory of 564	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	41
PID 2000 wrote to memory of 564	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	41
PID 2000 wrote to memory of 564	2000	42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp	41
PID 584 wrote to memory of 1192	584	DriverDoc.exe	43
PID 584 wrote to memory of 1192	584	DriverDoc.exe	43
PID 584 wrote to memory of 1192	584	DriverDoc.exe	43
PID 584 wrote to memory of 1192	584	DriverDoc.exe	43
PID 584 wrote to memory of 1624	584	DriverDoc.exe	42
PID 584 wrote to memory of 1624	584	DriverDoc.exe	42
PID 584 wrote to memory of 1624	584	DriverDoc.exe	42
PID 584 wrote to memory of 1624	584	DriverDoc.exe	42
PID 584 wrote to memory of 1276	584	DriverDoc.exe	44
PID 584 wrote to memory of 1276	584	DriverDoc.exe	44
PID 584 wrote to memory of 1276	584	DriverDoc.exe	44
PID 584 wrote to memory of 1276	584	DriverDoc.exe	44
PID 1624 wrote to memory of 1592	1624	iexplore.exe	47
PID 1624 wrote to memory of 1592	1624	iexplore.exe	47
PID 1624 wrote to memory of 1592	1624	iexplore.exe	47
PID 1624 wrote to memory of 1592	1624	iexplore.exe	47

C:\Users\Admin\AppData\Local\Temp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe
"C:\Users\Admin\AppData\Local\Temp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:324
- C:\Users\Admin\AppData\Local\Temp\is-ET4G1.tmp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-ET4G1.tmp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp" /SL5="$70124,5347251,879104,C:\Users\Admin\AppData\Local\Temp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im "DriverDoc.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1108
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im "DriverPro.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:320
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im "DOCSchedule.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1116
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im "DOCTray.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:396
- - C:\Program Files (x86)\DriverDoc\DriverDoc.exe
    "C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /INSTALL
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1948
- - C:\Program Files (x86)\DriverDoc\DriverDoc.exe
    "C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /START /INSTALLED
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:584
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.solvusoft.com/en/driverdoc/install/
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1624
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1592
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Schedule" /F
      4⤵
      PID:1192
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Monitoring" /F
      4⤵
      PID:1276
- - C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
    "C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverDoc\7z.dll

Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\English.ini

Filesize
49KB

MD5
648ecf1406143431e9e7441a0e360e69

SHA1
97c6738339ac673d2aa8a4bb9d024f6d82f35dd4

SHA256
8389687dfb442db46dd861e2e9f9753c5aa206b177e3f139d854d9366a37fef3

SHA512
ebd86c1e5f6a671397705ab2f23449e73ef151fa02d34dbf8c8c6a6aeb9c9e7873c4dbdede18b0bd1e65ab26806c60c9d17337f9a16e23f571f86ca98be1cdd5

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini

Filesize
12KB

MD5
b24c70f0951a902d62e97321ee12be9d

SHA1
759555b579c811eaa2bc123edbf49fa6fdc0ab72

SHA256
226b01c08d3cd2f0099c6138d97e4ec3096207e220d0203400c9dbeabdf1a446

SHA512
b521e94e80d4d97ce6bbc76e954ed3cacfe06fbe9408e8228a442e71c1672218033ba10191083a8dec90e8f5eed475b59c8ad9112c4648099bd1c51778260ee0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Danish.ini

Filesize
12KB

MD5
c4e19798b19173eca54cc2f615a0b99e

SHA1
6638701c7b4991227e1f883414bcd1315b7b0864

SHA256
01539234b53ddc8ac82665ea18daeadd1edd2b4b918b21fa72f3848b6639a301

SHA512
4c976fc3282531d5ad32f5ec1f436378cf73f068c650c578e54b25cbe2911a4709bd14c46ebc74ef395afb771e8f8d9f28798b204d5f2a89589f8119ea7c8d20

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe

Filesize
4.9MB

MD5
5a1d85fb3c9062304547475d6bd383ed

SHA1
dc8722d155277e841ea9404beabb1c012c7eefc0

SHA256
de9a6adbda9378230f1a4caff8c23d208a0d19114dcec00391869a83e129787f

SHA512
681b4341548c34e2b7dce6731ef7cd35a2271ef482984e4f706b44c07962ee4673d5b2596020c2d2dd1f92867e7001ea84549ac517032f25b3e899313c758e3f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini

Filesize
12KB

MD5
cba424ebfd76fbab92e4c611ebbc6bdf

SHA1
9678ae22d9585dd12d692522c30aebc5b92a2249

SHA256
6951d18ba89c4875983cce91305f802f0f690675d76fd14fa0cb0f792b0aaea3

SHA512
22967f3bdd097fa5ffa06945a69d5d39c26b9bd21892a19e9efa234b24349fed7d7e62187506c8d18475055041af15e9b3a877f56ac7eae29478253bc31cc8dc

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\English.ini

Filesize
11KB

MD5
2e509dd5f4217be553fbe379a0a90c23

SHA1
9dd8f007d11ad0f4cf30cbc555bb3cf36d4c2a02

SHA256
a1e376b66a11846fd448708b81a894d279032d0247bd5c0f79f606c945397162

SHA512
6c11872669e593d77dbcefc4a5bd5257c49329bfa8a5260fcb743855d5e7dcfeaf48a69bbe16b81057b049957fca263c7efca630a257fc5813edb687467063cf

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini

Filesize
12KB

MD5
d140f9ae6ca875d2f8bcec576bb2c203

SHA1
871cc1e85dde0d2b4bdab5566defbe8483348fcf

SHA256
39fca6cb75735a2bc2abe2b35ca94cde8da856955de641c165c7e1e1f8b5b516

SHA512
5815e0d2e5f9242f587d6d79679232c32a9279b25fde308763f210a4cf365430e76d259b714de0aed9904277b586380fbb04a057dd66ae143cca0eef1329362c

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\French.ini

Filesize
13KB

MD5
637686253a68504cc01fe055a25346f7

SHA1
59e36e5a2e71887acb4eac090e1cdb8d240379b1

SHA256
f008522a75e279cdb23489e24b4835ce6516cf2a669df705c072b23f311b7a3a

SHA512
16377b987a8ede42a379a39b641cf3a6c2dc11c454e9cc460808ab3dc8dab5c5782de26923ce524eaeaa5d389bfce5ba46561791424a65b08de2a69b71652fda

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\German.ini

Filesize
13KB

MD5
cae7b08264859d094eccbcd1686e4b58

SHA1
31e000b5f93a4af158e3211e9ef6ee24a43df6ed

SHA256
1cdef54fcbaf02d46fb31cee5738e2e1f9d5bcd89b58f49ef98c011329266e69

SHA512
31646eba2f4e4d312fafe191608c5fa963c4ed1753cc55340314c9c6142424b36d819f67bd9218ad41c2627c8289c5764a752ebc449d3e8e43aa5ab833631771

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Italian.ini

Filesize
12KB

MD5
49c62ebd53b8d40b961ab63d16d1b18c

SHA1
b002185abcc6f84fb272445a3579cfe96972e19a

SHA256
9f47adfacf4d1855d0de2b806149084cf6051de2b6de09692fbf17a93b149343

SHA512
7895f99d82f95cb3f6c0f91a0c283472205f052c81e8321cd01ebae20d94813a9139262815a0d4258bd719e4cba63e5a2ae9457902f10244affaebed33e72d24

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini

Filesize
15KB

MD5
4cc34523cefbe42b62cf1839c0f54663

SHA1
fdaa0ad16c693906978f7e1364b1c850869354bf

SHA256
94c1b8fc0bda3ba585e92b4ed812421bc6dea4da29b2321b1286d27615571b79

SHA512
c0ffb819229709cc3bc340c859330da8c5c91763fb5ccccbaed073ed282150dbcefd329fbab440e88dafe30c39e8055be0009113a1400d9170a6701ba63b2824

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini

Filesize
11KB

MD5
3285372c3ad0355bd7eec8488f40629d

SHA1
48288694c5a5724e8c56339d675666d8476741aa

SHA256
2c402fd6e6aab9d8ffc93ca29f07fc55420a598ed1368ec2ad381cb4808195f2

SHA512
ea6bd5c5274deb99c4c70f29f17e324649139b5b47cc054a52a2e3b3c4f0e4b1fd80cd105fd32d0b3ab29af115cc09ced4c7f8529bd651f7a6d265dd3d00acab

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Polish.ini

Filesize
13KB

MD5
92bfc521b92d8ac30cb6fdb31ee37fb2

SHA1
14f04856f4a3661007fabb846b83499ebc34cdf7

SHA256
357ac44df2a8fa996a78061bc67531b8dd5d2770a3a4aa7ed1aad3c5c52e4050

SHA512
4dfc21cdaa3c00e93008ad55061bbb02d31504cec26271cb040356a1e04408fa766b12425aea0e91adb230fe0d231466de4392f0b48c1477b9f083e795ab9b66

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini

Filesize
12KB

MD5
d8bd59eb5dcd48a976d2ae97c2edb6a3

SHA1
a03eea088611d0acb75aa0d02f14b7c1e5a24e32

SHA256
2cb3920f6b44c3c0915c4b7e8f5f24b9c4e3ea0932e14c8c0742fafd07a992e2

SHA512
74fca4cd378009775c0eef179ee1e0961591e5ab0b3551dbb91e858edca9437bb1d99f581ced11752adee2c2d8b9c6dfc4329d9a0fdeb0385c09ba1012ba8109

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Russian.ini

Filesize
21KB

MD5
b4b289047fd327d99e5809234174736b

SHA1
c9f2e45efa8ce22720f2dc49bc85764dee49025d

SHA256
eb0f8c2bfd6f0d3744e16ddd7db56590e5c9a4f1960b4ea9c2240f691b2504e4

SHA512
dccac50a017bb1482e7657f5b166f0316336d049ef446ecc26b1a3cd38ca7e90cbb713bdac3b59414f8e2800fd0b25d25d3ccd4641993213052329e272b96f9a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Settings.ini

Filesize
73B

MD5
4dfd24933bec370032a0fde1452d9b14

SHA1
f3c3bc92eabe67c9072a0a29968322adad9489c2

SHA256
035c7dd8eef04f652d7d7b6b28c27ddb0b867502d088c1cba12319b5718fb1b6

SHA512
85ccd0c6cf38ee620b0a4a2289c4161fcb01fcd3546e1cf3ebfe83a087133972661e8b3854db5643caaadded1fcb3d621141a8f39490866d21b53b947f42d97f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini

Filesize
12KB

MD5
3eb3ce7cb9d27f10c18ba319882cc7ed

SHA1
7e09a5a88f46570f0d95d19602f38379ae01742e

SHA256
419ef75a40cc8d0ae3ae7767bc87f9c967b0068afa8bb03cd67b697c00f40cea

SHA512
5ec29890eaf47e4ea91dc948811bd1f9dc7dac27b8b116a620b634baf8e33ee605a6e815da04df45478c1460f4cca371ae469f7e4093e12184e24a3a934ef059

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini

Filesize
12KB

MD5
45b6b39f4009ef7a14dde07ceb42647a

SHA1
5372f2432e6a110ee2fff3b37e30a1443132f38f

SHA256
1388b135d43d916af79f2630308b7a28e010fb5e32205c70e796130c0828c7fb

SHA512
48936b2885b73c0c7841d237a78ad38b0c60f63cac5746e4da87342fbc3b234e7feb437e7456dcb5824c06d022e5351c237819231b3f0d013762c34a2c0844ec

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6870febec16d4075dcd02bbb68a16912

SHA1
6c0b0019b66b8fb1b433e1a3d90a073c10b37c23

SHA256
7a4f489a9d4eae25fc2a17a5efae4fbc8b249186fc8beef0ef711db0b385e617

SHA512
3c196a2bcdf58a7b0c29541edeec8d414428951b1281620ed640f8256068d0e13541b5b38f55bf9770c965bc0ab1e930cf6f6d747ee5c276e1ac73cd515ad1af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86a76393d44aeb0b8b1164cfa6c1901d

SHA1
a84572568ef6be54269def592ad9c967ee5f0ad7

SHA256
04e7a56dfff4329a23038cdea0e76def34c9fd1148eb534d94f15fc95b8480c6

SHA512
fcc79cd31af733078131d8c18ac3573582856c8e573546661cacd2926fd96e94ce9e1f527b9da19e735a0877b85be3eba8e6f7413a82e86d90c8ecc6daccb220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb8fe031bacdb5cf24e2aa600332dd01

SHA1
6bd31bda8774a6d43a765f17b47889614ba6df2a

SHA256
f39cbacebdf21978d29809b414abc0f170003ab59b052ffd4e70af46570a6e8a

SHA512
2045f428951c079b9d16a81a56b725d1cec578d7f90b8cc5c1f1061f946c39d04d10da8e516b57831af8a8f684ea531164a5c89d29cbfaa8169ceec124d6565f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7311ca73d82f66d1a61e8c97c1406e02

SHA1
f5e37c4e98903acefbe7c42064e06b5a20dbb763

SHA256
30269f16158ba9cd3d3ce901961ee5fefa7d49647d9e83f14395947f51e3bafc

SHA512
dd92f1a8d50dd90ca64e438a6ec0fd3c0405d83e8424155cc1aff19d49d5651a9217d0f241960a41b869df827b65a1515b17fdf4f1cce57ce01bb310d3478d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a13c0a608cc3b721ce2afe81e77e58e

SHA1
a2d5eeeaeca3929eb97ad2a134598606749c0861

SHA256
a87969705a010a602ec894da9cf910e676b811fc15ca6c14bd3cba00dc164f45

SHA512
ca23aa0d36b92fec7f298efbb427a1405850f3fc00bc55b4e33b9ebf26f6107799f2a56e10cb1b4e3e5f7416241add82add838ff4e03c6bce62b436e57be24c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67fe2f480e5e380f85bd34cdaabe21cc

SHA1
df5edb0cffd00c4393ffcccf6526e5cd46ba0bba

SHA256
852365ca257ae779acd8ce569c5a4d1c678ba56bc0b0d37e4a7141a7db33d8b1

SHA512
1caa1db888c032a63b507701ed0a05636b1cfc6073cc710a09165468e7b61073f582cd2113a210fe9f18f1ea802540cf334d24f6033cdfc3341c6fdef197db92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ead68551bebf05221ea774f610862779

SHA1
5f0dadafb2c3f83eca9b93148437bbf4526f96a2

SHA256
ecbba1fa7b9c63f51e93234e682292e8496335313c310da489699cf35ac27346

SHA512
f89eb293474c622feb1106f83e36e9e05f8746b633ca701d5a6ad5ff8000b73ab55d77e938a4545a719b3877868a9758f1f2d7e0fa81b8fdcce6c0753917ba91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec41375ba9c55269c11bf3749e97a752

SHA1
b76401f899f0647a9c6cfbc3e7aebba5c740ea6b

SHA256
4f91cbd0167e25adbd07e9060daae2497c2e8b785d77c40f578b80f0e28cd2bb

SHA512
8642b8320d66e413d635b61d06d2e11ebe1e71e733136170dd40b469b8af2205ecac6ada0b4669fb0a31ce542ad7e528f8d26ec59a51480ba9f2109f9a8661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14e6d6a272b981f5634430e4a17f05d2

SHA1
235134624254c1caaab963901d5891cadd46292e

SHA256
40e08b572401edc953ccc6e110a785b9cd2cc68d7beda6dc5a5de0effd13f6bf

SHA512
909fe31435c0d1cb4858c405e3532083c2596b5e05d0d66d87678ef1a89e23ac2d2b753bf528a7b33fd9620de8b3bfd4d1add5f4d48da4b567082908d0dcf427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fec6337f1f9e5f999b57ce342740424c

SHA1
7d554a825daaac59899ba4fc0824e04c401874a8

SHA256
bdbf3ecd922d3aa21fd8980abe2a1d1b61726bcee26fda7bad4f27f58c7c093a

SHA512
8dff9dcf1882b0cfb8b28d1b8e32c91a8c767ed7cdb1f064f508c61d5675c3a92de76e8e5da77a1e81abb455b2cb66635ece4212f3565a3c6cd42c4c9f4d3141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd109dd5907acd80d7b2390b986528c

SHA1
9fb545657417957dc0cb729438b334a909f656a2

SHA256
70c4ecd43ac1b45130689f1a7e92d787abaa77437428ed6d06601605c71ab2bb

SHA512
d28e7d01330458e567f2508ea20357b5b681626d0da57a79dd39c0ded6d5f8d14dd5880ae88fe3c3f330242a5c73386e563de0d04f26b3f29e1158b5b24011a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46bde71c6db0980f742e9a6c30267ba2

SHA1
019ae1dfd8d141bc4dc790d4a401a9ba98389a45

SHA256
9d53224e6ba81c987ba28297d57e5e2c39faafbb5ab255725961c346d67e738a

SHA512
c86e33b7004433182a4bc106ff189a76a299c5be70c0f20c20d6f68a672603b2adc1bad9c2acba377161ecb4fa7ea085a85b4c9864eb72e39e865bd111751a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f42817fe95a8de11c93b365ee8bc4893

SHA1
8598e580408630dd0952dc59f733f55f1a852efd

SHA256
1836f18610ab8dcfed68f29d3e569db920fb1c60f2441919b0b49833627c4eeb

SHA512
faeca3f8489a0a1fb09e8a034532be2eb74232d4a6f0164b7e6fa36ab8f4c5d1f79c8cb64400ed8f950ec65569e51d802d72c9a0eb25b5fbc53186679d2da842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0eb31cbfa25f62c11e39c9e077b52fd4

SHA1
e02bd609eccce1c071653631a57f2047cf307bb1

SHA256
9f9fb5250d9526f16581eb5ae0a100117b48edf015c21618678d053bb3d46141

SHA512
bd34fb4b384676de6cc907eaf950c71d7408a8081f799a84f794cac95d09fa3103e62ca0b3da7aaad82c3752e0cd80bd0475fb654cdacc5afaf7ef55f5ec7f89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b52d9103002226f24aa8c14170bcb31

SHA1
df2673437b91900c1d92a001e6b213a5e43d9f78

SHA256
e69c51fbd5f5acb145b8b7e88075341dcb4dcf73b88f418d68f615052f036424

SHA512
bef8765042e937da48130a9d0bfe7c8a3d3180a24154e8d315ddadcec10ac7ec5816f99cef337f77b7053afeb8e7f8d95e640cd24b5f3e3a87408041a45b4100

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9713abac8d56ce8c8d56d80b78fa1593

SHA1
9541467988e6948ca45832fae33710f8fc41377c

SHA256
e57a8fb22cb06ff812f344b5f5b3b794aa1fc878ce1e82597d64168a4cb2340b

SHA512
eb95ef00a029525c9019cd7c83a074c670548f13e335bdd33ce6c58e01584aee565d799a74d8dd29265274dc5f2113a76890bc340a8dbfe2712d71ca76535b93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebdbc7062906f8c829927d349e26efd8

SHA1
f660b73e7eb075b5a156288750b8bb33c8ab1347

SHA256
7aee2cd58db3249c2dda35f3e3d556d86e6f8cb35908fa336c15acbbd3a3a21e

SHA512
ac08c389d6012790019e1eacedc8b2221853f4fa949a8a96c82daeab1cd35c843a2df98e1b460f54562d9753f7af14f85cf7ecac90253cdd275554dda35edf97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dfae36be3a6d39eb4d7448c0b67c452

SHA1
a9af9b06b8c51a40fa36f20e053613be23c65b01

SHA256
0ce08fc7c4410e9926b875816e4fceda88238a4765829c659ad69ff0a70bc9a7

SHA512
d91f06fa187ab77d3cfd6afbe58f8834a838c927a256442b12c7cf3f78dec555c26bd517ce8b40b6d2b742b9d033a02e9907c76b65a0b3135803678c280e7245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fa80a38188d4c1d047223c527a0334b

SHA1
8e2501f59535822d4bc36d1f9afbb72c7bf7ef96

SHA256
0eb29461310b15524121a662e0babf1a8bc56520dd0cadc637151de13df8133c

SHA512
9a83c2e93e2de94116b940c6245056a0ea0ffe99cfb31f4c6235a855c3b3a2bf40aefadd0a3e7c5f969394accaf842d2ce1bf0c9def72a7fe43e6a654bfd9d34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
671206aaa4c70c9758042820474d0097

SHA1
011c3727b3eb73e4e011ea31d2a9034455630b6e

SHA256
524d68f3fe02e4130b91ff5b3438ddcec24b84754b73f7a7f607270a0d297e85

SHA512
b0d9746bb12ba1cd9956429a5d1246dd24042a91856c280193560d4b90387f7a487cb9b4faa84af458d8ce4d228ac72fd8e8868e4e3732225762b0ae54b53e8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4389f3c777c343fc1329b52b0696cb79

SHA1
c1035fa0acc1ba4cc8b0ef30a2bf667c452cf7f3

SHA256
ceecc99f819b93500ca25f5f87e445bda44e81d22161c6f68e33a2d784301b73

SHA512
77a21f50218b44158850ce7ae0e89fc9cad7c5ef15bb22987e4cd0e52b7169922d51bc7a1846080ec6ed9f7e9f2e9669cccd27657a38261103b99d6f98d2a72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b44cd7a814f3a7b53326899f7897bdce

SHA1
c61ed09c83aac5fb617ad1f052bac9dd43c73ce7

SHA256
e117c148218b277cfe50f334cdb616c740c0913c52113cd6303db03cf579e042

SHA512
8f4ad7be91b47512da1c23d0642a200c44382a890ed4741920376ec5e93d04dc4a7ec7fb655b182de4d2587fe2ef96a5180c7a65e87e6c18b1919a478b580255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6045b84c9e45a5c5c53fce149ff8dbdd

SHA1
b9c010895ee0c787cc10605b129bae84ca3e67ff

SHA256
ef35d3845b76cba62a041d63fa46e003c8dc4f729fdc1a0824ab1561a08cbdb6

SHA512
61d3d421b4a6e4aaaa8dcfc6b720fd2fd40cfabe2b49b8484d2d6095d790dad97d25ea4142cee645c55e6cb215ea9a2d8463cef36abc1f985ba1ceb6084d4e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
468aec038ca65ccfa7a433751dc00923

SHA1
1b29a448c00b590c766bc7c733790291886bd9fe

SHA256
713ebfe208cfab03e782963cfb73eed08dc502dca9069c53252c9510a4f0cd4a

SHA512
b48e457cab4fe0f101356bc38bdd86deb02ff24470361d23d68acac3d4488ced77e97f39cf2657fc9ce5267b0c3b569dcf5575009791f8bdeb7967bba6d732f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f37ce57fd3595ba7f3fc32ce39bb7a83

SHA1
1b653b05749d5a78a372132f312fe373596a4255

SHA256
abcf00742733dbb85b99d51f0b49bbe0994927c6aa6b185247944ae5e8fc8f03

SHA512
88e7337e61acd8380c07f8ca561197950d338ab2817d193965a76f20f96442d66e1d0882281852ca32e4646c04373a8a36943a4de2a5a4e7dae5f94bc2be70f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6525b63c10b9b0e9c8c315c09fa7e401

SHA1
9f501ec9451b526702932b378fdf0b1eb0dddc99

SHA256
99a07847ec1a03b9fa87e86b6bd82d2aaa34486013dcff73d2c66d953127639a

SHA512
ed0c753d4aadcc583ca5f7da0d7fa774fdbd742db10f4bc25c2815869c9193cfa5d0612f32bdf8702a0e64e8cd4227fcf5752762e1190b0ed8a2ca42f694f222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat

Filesize
5KB

MD5
a5ac6a8d8ed162668bf9b9c676ba883f

SHA1
2e62ed72c4baea5d1bf9e3e167e535e8085082a1

SHA256
9e2ca670cc2a309c21cbb9f719e834de665f9dc09a4934f4e9314f05e7c584ea

SHA512
349806bb416bf3389da8a9383ad54df1e2f4b51dbcf0d932400b0b3c2fcd20da8be07b767fa488990286487770d7e7f5997e4a507aca7e735c8651309641825e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\favicon[1].ico

Filesize
1KB

MD5
3b1838e50f36c4d1d9e140ef2447b904

SHA1
87069e2a3cd8976e3989cb8ba0beb455b83a3dad

SHA256
efc434422806534c8364743f5cf71bf6919d742758d10cf57fd6c8c68c824c57

SHA512
51787de2791c760247296b8afdac9ae030d776805aa6a2f6640bf46eb59da67eaceb82c7cd2e972f468cbcca7a044ac7b9fa4a7b686d59412427cfbbdf6477f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab792.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ET4G1.tmp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp

Filesize
3.1MB

MD5
d70a98daf7a810ee18ce451ec673e399

SHA1
274dff37313f3fbdf82dfc4afd94582359b79fee

SHA256
9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

SHA512
a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ET4G1.tmp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp

Filesize
3.1MB

MD5
d70a98daf7a810ee18ce451ec673e399

SHA1
274dff37313f3fbdf82dfc4afd94582359b79fee

SHA256
9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

SHA512
a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

Download Submit
C:\Users\Admin\AppData\Roaming\DriverDoc\program.log

Filesize
2KB

MD5
ed49f4ecf022b31e1ae0e6099d897d29

SHA1
4fc6dfdca3702e47042f85b40d6264f85d9526a8

SHA256
186fa5a34027f7fd5cc7f8f837922954150232189f9699922ff12649ba96f29f

SHA512
0b26273325b38b05dfed1f3d99d98c5a826384e508d35dae5c327e90141084550299f89047bd1ebb0cbb3b0981a22af9f1fdb654f1e0637f462f550268d289c4

Download Submit
\Program Files (x86)\DriverDoc\7z.dll

Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe

Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
\Program Files (x86)\DriverDoc\Extra\DriverPro.exe

Filesize
4.9MB

MD5
5a1d85fb3c9062304547475d6bd383ed

SHA1
dc8722d155277e841ea9404beabb1c012c7eefc0

SHA256
de9a6adbda9378230f1a4caff8c23d208a0d19114dcec00391869a83e129787f

SHA512
681b4341548c34e2b7dce6731ef7cd35a2271ef482984e4f706b44c07962ee4673d5b2596020c2d2dd1f92867e7001ea84549ac517032f25b3e899313c758e3f

Download Submit
\Program Files (x86)\DriverDoc\Extra\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
\Program Files (x86)\DriverDoc\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
\Program Files (x86)\DriverDoc\sqlite3.dll

Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
\Program Files (x86)\DriverDoc\unins000.exe

Filesize
3.1MB

MD5
a6562a204b32cd7e974aeab499a49369

SHA1
e3f67815f49f49316bc114774c219cb62b0acae8

SHA256
9827360e1e72a66f60bec68402142e3f3c493abcc474d29b34d1630adf8e1ac4

SHA512
959b7030628f7ce0296f9a4bfd0d26a2ca850638aeead1bfecae8deafb93a1ee12d30088c14b2a92851e88b972ad1bfed946e53911dc3b5da888c69dd8404174

Download Submit
\Users\Admin\AppData\Local\Temp\is-ET4G1.tmp\42d84f6be5cfa1503dc7bd8275073872d71a4fc0.tmp

Filesize
3.1MB

MD5
d70a98daf7a810ee18ce451ec673e399

SHA1
274dff37313f3fbdf82dfc4afd94582359b79fee

SHA256
9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

SHA512
a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

Download Submit
memory/324-232-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/324-54-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/324-65-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/564-270-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/564-269-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/584-1278-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1288-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-231-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/584-1292-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1030-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1290-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-582-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/584-1280-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1284-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1282-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-875-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/584-580-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1264-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1269-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/584-1270-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/584-1276-0x0000000000D40000-0x0000000001433000-memory.dmp

Filesize
6.9MB

Download
memory/1948-214-0x0000000000080000-0x0000000000773000-memory.dmp

Filesize
6.9MB

Download
memory/1948-212-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/1948-215-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2000-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2000-66-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2000-186-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2000-229-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download