396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e

Analysis

max time kernel
1800s
max time network
1220s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2023 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_DriverDoc_2022.exe
Size

6.0MB
MD5

c65a354ac28f2f45c7ca8a38e4f778d6
SHA1

42d84f6be5cfa1503dc7bd8275073872d71a4fc0
SHA256

396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e
SHA512

7acba2651fb1378a97c47ce6723808235ddd74d2cb736f5fb6f28a241f3b33188e9a511c6be2eb3ca8e7cad68c05a76a0c853edc5a417a16aacd5c0388950017
SSDEEP

98304:KSi1jH0UJukUYMwioEgGU9KM+ZFNIO05p0oO2gz8+fyTx:MUvkUMiij9KM+7Npc0R4+KTx

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup_DriverDoc_2022.tmpDriverDoc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Setup_DriverDoc_2022.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	DriverDoc.exe

Drops file in System32 directory 1 IoCs

Processes:

DriverDoc.exe

description ioc process

File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF DriverDoc.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	DriverDoc.exe

Drops file in Program Files directory 64 IoCs

Processes:

Setup_DriverDoc_2022.tmpDriverPro.exesetup.exe

description	ioc	process
File created	C:\Program Files (x86)\DriverDoc\is-CKRU5.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Brazilian.chm	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-H5RP4.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-2GH5J.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-KH0KK.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\German.chm	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Russian.chm	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-338VU.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-T9REI.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-H77UP.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Danish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DOCSchedule.exe	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\French.chm	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-1I8F2.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\stub64.exe	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-TMP3M.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-VUC2D.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Polish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Danish.chm	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-NMKQF.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-V29VD.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-LA1EH.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-C8PF6.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-JNVIK.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-E0OU7.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\DriverDoc.exe	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-55DGT.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-I7GMJ.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-J40S4.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Russian.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-FFG58.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-V88K6.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-1GG78.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-8TIG2.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-HPQ17.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-QVECV.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-AA6DA.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Portuguese.chm	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Italian.chm	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-J78DQ.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-MLDPP.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-TC324.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-6IR71.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\af52b990-2163-4ed7-a967-23fc40379f0f.tmp	setup.exe
File created	C:\Program Files (x86)\DriverDoc\is-GE51O.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-CMUMM.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-J93OA.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\English.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-IBVSQ.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-G1U1U.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-K1P2S.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-HI38H.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-82NKR.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-MIK8G.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-6V9L9.tmp	Setup_DriverDoc_2022.tmp
File created	C:\Program Files (x86)\DriverDoc\is-IGQP1.tmp	Setup_DriverDoc_2022.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll	Setup_DriverDoc_2022.tmp

Drops file in Windows directory 6 IoCs

Processes:

DriverDoc.exe

description	ioc	process
File created	C:\Windows\INF\c_media.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_display.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_processor.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_monitor.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_volume.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	DriverDoc.exe

Executes dropped EXE 4 IoCs

Processes:

Setup_DriverDoc_2022.tmpDriverDoc.exeDriverDoc.exeDriverPro.exe

pid process

3164 Setup_DriverDoc_2022.tmp
4312 DriverDoc.exe
3188 DriverDoc.exe
700 DriverPro.exe
Loads dropped DLL 5 IoCs

Processes:

DriverDoc.exeDriverDoc.exeDriverPro.exe

pid process

4312 DriverDoc.exe
3188 DriverDoc.exe
700 DriverPro.exe
3188 DriverDoc.exe
3188 DriverDoc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4312	DriverDoc.exe
3188	DriverDoc.exe
700	DriverPro.exe
3188	DriverDoc.exe
3188	DriverDoc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverDoc.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ParentIdPrefix	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LocationInformation	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UINumberDescFormat	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ParentIdPrefix	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceCharacteristics	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ParentIdPrefix	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UINumberDescFormat	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	DriverDoc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

4424 taskkill.exe
2076 taskkill.exe
628 taskkill.exe
3184 taskkill.exe
Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

pid	process
4424	taskkill.exe
2076	taskkill.exe
628	taskkill.exe
3184	taskkill.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

Setup_DriverDoc_2022.tmpDriverDoc.exeDriverPro.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
3164	Setup_DriverDoc_2022.tmp
3164	Setup_DriverDoc_2022.tmp
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
4312	DriverDoc.exe
700	DriverPro.exe
700	DriverPro.exe
2808	msedge.exe
2808	msedge.exe
2652	msedge.exe
2652	msedge.exe
1428	identity_helper.exe
1428	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

DriverDoc.exe

pid process

3188 DriverDoc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2652 msedge.exe
2652 msedge.exe
2652 msedge.exe
2652 msedge.exe
2652 msedge.exe
2652 msedge.exe

pid	process
3188	DriverDoc.exe

pid	process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exeDriverDoc.exeDriverDoc.exe

description	pid	process
Token: SeDebugPrivilege	628	taskkill.exe
Token: SeDebugPrivilege	3184	taskkill.exe
Token: SeDebugPrivilege	4424	taskkill.exe
Token: SeDebugPrivilege	2076	taskkill.exe
Token: SeDebugPrivilege	4312	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	4312	DriverDoc.exe
Token: SeImpersonatePrivilege	4312	DriverDoc.exe
Token: SeLoadDriverPrivilege	4312	DriverDoc.exe
Token: SeDebugPrivilege	3188	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	3188	DriverDoc.exe
Token: SeImpersonatePrivilege	3188	DriverDoc.exe
Token: SeLoadDriverPrivilege	3188	DriverDoc.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Setup_DriverDoc_2022.tmpmsedge.exe

pid process

3164 Setup_DriverDoc_2022.tmp
2652 msedge.exe
2652 msedge.exe
2652 msedge.exe
2652 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup_DriverDoc_2022.exeSetup_DriverDoc_2022.tmpDriverDoc.exemsedge.exe

description	pid	process	target process
PID 5028 wrote to memory of 3164	5028	Setup_DriverDoc_2022.exe	Setup_DriverDoc_2022.tmp
PID 5028 wrote to memory of 3164	5028	Setup_DriverDoc_2022.exe	Setup_DriverDoc_2022.tmp
PID 5028 wrote to memory of 3164	5028	Setup_DriverDoc_2022.exe	Setup_DriverDoc_2022.tmp
PID 3164 wrote to memory of 628	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 628	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 628	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 3184	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 3184	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 3184	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 4424	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 4424	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 4424	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 2076	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 2076	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 2076	3164	Setup_DriverDoc_2022.tmp	taskkill.exe
PID 3164 wrote to memory of 4312	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 4312	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 4312	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 3188	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 3188	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 3188	3164	Setup_DriverDoc_2022.tmp	DriverDoc.exe
PID 3164 wrote to memory of 700	3164	Setup_DriverDoc_2022.tmp	DriverPro.exe
PID 3164 wrote to memory of 700	3164	Setup_DriverDoc_2022.tmp	DriverPro.exe
PID 3164 wrote to memory of 700	3164	Setup_DriverDoc_2022.tmp	DriverPro.exe
PID 3188 wrote to memory of 3896	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 3896	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 3896	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 3772	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 3772	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 3772	3188	DriverDoc.exe	schtasks.exe
PID 3188 wrote to memory of 2652	3188	DriverDoc.exe	msedge.exe
PID 3188 wrote to memory of 2652	3188	DriverDoc.exe	msedge.exe
PID 2652 wrote to memory of 3764	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 3764	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe
PID 2652 wrote to memory of 2140	2652	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5028

C:\Users\Admin\AppData\Local\Temp\is-18TI4.tmp\Setup_DriverDoc_2022.tmp
"C:\Users\Admin\AppData\Local\Temp\is-18TI4.tmp\Setup_DriverDoc_2022.tmp" /SL5="$B0028,5347251,879104,C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"
2⤵
- Checks computer location settings
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3164

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverDoc.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:628

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverPro.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3184

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCSchedule.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4424

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCTray.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2076

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /INSTALL
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4312

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /START /INSTALLED
3⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3188

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Schedule" /F
4⤵
PID:3896

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Monitoring" /F
4⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/driverdoc/install/
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe053946f8,0x7ffe05394708,0x7ffe05394718
5⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
5⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
5⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
5⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
5⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
5⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
5⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
- Drops file in Program Files directory
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7bca75460,0x7ff7bca75470,0x7ff7bca75480
6⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
5⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
5⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11147204608558750206,4923706684640778849,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
5⤵
PID:868

C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
"C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe"
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverDoc\7z.dll
Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
C:\Program Files (x86)\DriverDoc\7z.dll
Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
C:\Program Files (x86)\DriverDoc\7z.dll
Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
6.9MB

MD5
593731ec5ad57f5556ba30fbfab0d715

SHA1
f1134e4ee01c4a38888193130ea5255f6a782685

SHA256
5a5c40820ef02808d9d3759d915d8f8ff52dc6a3fc2590584f4c36a9ad3c1de4

SHA512
8d28fcbe6f9b044648c730a189dc860e6fd6330fed4c60feb973b8f296358b83a1977ebe57fcfb22837cffd7a649d0f2d963b77982436e38b344d613c2b3df1f

Download Submit
C:\Program Files (x86)\DriverDoc\English.ini
Filesize
49KB

MD5
648ecf1406143431e9e7441a0e360e69

SHA1
97c6738339ac673d2aa8a4bb9d024f6d82f35dd4

SHA256
8389687dfb442db46dd861e2e9f9753c5aa206b177e3f139d854d9366a37fef3

SHA512
ebd86c1e5f6a671397705ab2f23449e73ef151fa02d34dbf8c8c6a6aeb9c9e7873c4dbdede18b0bd1e65ab26806c60c9d17337f9a16e23f571f86ca98be1cdd5

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini
Filesize
12KB

MD5
b24c70f0951a902d62e97321ee12be9d

SHA1
759555b579c811eaa2bc123edbf49fa6fdc0ab72

SHA256
226b01c08d3cd2f0099c6138d97e4ec3096207e220d0203400c9dbeabdf1a446

SHA512
b521e94e80d4d97ce6bbc76e954ed3cacfe06fbe9408e8228a442e71c1672218033ba10191083a8dec90e8f5eed475b59c8ad9112c4648099bd1c51778260ee0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Danish.ini
Filesize
12KB

MD5
c4e19798b19173eca54cc2f615a0b99e

SHA1
6638701c7b4991227e1f883414bcd1315b7b0864

SHA256
01539234b53ddc8ac82665ea18daeadd1edd2b4b918b21fa72f3848b6639a301

SHA512
4c976fc3282531d5ad32f5ec1f436378cf73f068c650c578e54b25cbe2911a4709bd14c46ebc74ef395afb771e8f8d9f28798b204d5f2a89589f8119ea7c8d20

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
Filesize
4.9MB

MD5
5a1d85fb3c9062304547475d6bd383ed

SHA1
dc8722d155277e841ea9404beabb1c012c7eefc0

SHA256
de9a6adbda9378230f1a4caff8c23d208a0d19114dcec00391869a83e129787f

SHA512
681b4341548c34e2b7dce6731ef7cd35a2271ef482984e4f706b44c07962ee4673d5b2596020c2d2dd1f92867e7001ea84549ac517032f25b3e899313c758e3f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini
Filesize
12KB

MD5
cba424ebfd76fbab92e4c611ebbc6bdf

SHA1
9678ae22d9585dd12d692522c30aebc5b92a2249

SHA256
6951d18ba89c4875983cce91305f802f0f690675d76fd14fa0cb0f792b0aaea3

SHA512
22967f3bdd097fa5ffa06945a69d5d39c26b9bd21892a19e9efa234b24349fed7d7e62187506c8d18475055041af15e9b3a877f56ac7eae29478253bc31cc8dc

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\English.ini
Filesize
11KB

MD5
2e509dd5f4217be553fbe379a0a90c23

SHA1
9dd8f007d11ad0f4cf30cbc555bb3cf36d4c2a02

SHA256
a1e376b66a11846fd448708b81a894d279032d0247bd5c0f79f606c945397162

SHA512
6c11872669e593d77dbcefc4a5bd5257c49329bfa8a5260fcb743855d5e7dcfeaf48a69bbe16b81057b049957fca263c7efca630a257fc5813edb687467063cf

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini
Filesize
12KB

MD5
d140f9ae6ca875d2f8bcec576bb2c203

SHA1
871cc1e85dde0d2b4bdab5566defbe8483348fcf

SHA256
39fca6cb75735a2bc2abe2b35ca94cde8da856955de641c165c7e1e1f8b5b516

SHA512
5815e0d2e5f9242f587d6d79679232c32a9279b25fde308763f210a4cf365430e76d259b714de0aed9904277b586380fbb04a057dd66ae143cca0eef1329362c

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\French.ini
Filesize
13KB

MD5
637686253a68504cc01fe055a25346f7

SHA1
59e36e5a2e71887acb4eac090e1cdb8d240379b1

SHA256
f008522a75e279cdb23489e24b4835ce6516cf2a669df705c072b23f311b7a3a

SHA512
16377b987a8ede42a379a39b641cf3a6c2dc11c454e9cc460808ab3dc8dab5c5782de26923ce524eaeaa5d389bfce5ba46561791424a65b08de2a69b71652fda

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\German.ini
Filesize
13KB

MD5
cae7b08264859d094eccbcd1686e4b58

SHA1
31e000b5f93a4af158e3211e9ef6ee24a43df6ed

SHA256
1cdef54fcbaf02d46fb31cee5738e2e1f9d5bcd89b58f49ef98c011329266e69

SHA512
31646eba2f4e4d312fafe191608c5fa963c4ed1753cc55340314c9c6142424b36d819f67bd9218ad41c2627c8289c5764a752ebc449d3e8e43aa5ab833631771

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Italian.ini
Filesize
12KB

MD5
49c62ebd53b8d40b961ab63d16d1b18c

SHA1
b002185abcc6f84fb272445a3579cfe96972e19a

SHA256
9f47adfacf4d1855d0de2b806149084cf6051de2b6de09692fbf17a93b149343

SHA512
7895f99d82f95cb3f6c0f91a0c283472205f052c81e8321cd01ebae20d94813a9139262815a0d4258bd719e4cba63e5a2ae9457902f10244affaebed33e72d24

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini
Filesize
15KB

MD5
4cc34523cefbe42b62cf1839c0f54663

SHA1
fdaa0ad16c693906978f7e1364b1c850869354bf

SHA256
94c1b8fc0bda3ba585e92b4ed812421bc6dea4da29b2321b1286d27615571b79

SHA512
c0ffb819229709cc3bc340c859330da8c5c91763fb5ccccbaed073ed282150dbcefd329fbab440e88dafe30c39e8055be0009113a1400d9170a6701ba63b2824

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini
Filesize
11KB

MD5
3285372c3ad0355bd7eec8488f40629d

SHA1
48288694c5a5724e8c56339d675666d8476741aa

SHA256
2c402fd6e6aab9d8ffc93ca29f07fc55420a598ed1368ec2ad381cb4808195f2

SHA512
ea6bd5c5274deb99c4c70f29f17e324649139b5b47cc054a52a2e3b3c4f0e4b1fd80cd105fd32d0b3ab29af115cc09ced4c7f8529bd651f7a6d265dd3d00acab

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Polish.ini
Filesize
13KB

MD5
92bfc521b92d8ac30cb6fdb31ee37fb2

SHA1
14f04856f4a3661007fabb846b83499ebc34cdf7

SHA256
357ac44df2a8fa996a78061bc67531b8dd5d2770a3a4aa7ed1aad3c5c52e4050

SHA512
4dfc21cdaa3c00e93008ad55061bbb02d31504cec26271cb040356a1e04408fa766b12425aea0e91adb230fe0d231466de4392f0b48c1477b9f083e795ab9b66

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini
Filesize
12KB

MD5
d8bd59eb5dcd48a976d2ae97c2edb6a3

SHA1
a03eea088611d0acb75aa0d02f14b7c1e5a24e32

SHA256
2cb3920f6b44c3c0915c4b7e8f5f24b9c4e3ea0932e14c8c0742fafd07a992e2

SHA512
74fca4cd378009775c0eef179ee1e0961591e5ab0b3551dbb91e858edca9437bb1d99f581ced11752adee2c2d8b9c6dfc4329d9a0fdeb0385c09ba1012ba8109

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Russian.ini
Filesize
21KB

MD5
b4b289047fd327d99e5809234174736b

SHA1
c9f2e45efa8ce22720f2dc49bc85764dee49025d

SHA256
eb0f8c2bfd6f0d3744e16ddd7db56590e5c9a4f1960b4ea9c2240f691b2504e4

SHA512
dccac50a017bb1482e7657f5b166f0316336d049ef446ecc26b1a3cd38ca7e90cbb713bdac3b59414f8e2800fd0b25d25d3ccd4641993213052329e272b96f9a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Settings.ini
Filesize
73B

MD5
4dfd24933bec370032a0fde1452d9b14

SHA1
f3c3bc92eabe67c9072a0a29968322adad9489c2

SHA256
035c7dd8eef04f652d7d7b6b28c27ddb0b867502d088c1cba12319b5718fb1b6

SHA512
85ccd0c6cf38ee620b0a4a2289c4161fcb01fcd3546e1cf3ebfe83a087133972661e8b3854db5643caaadded1fcb3d621141a8f39490866d21b53b947f42d97f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini
Filesize
12KB

MD5
3eb3ce7cb9d27f10c18ba319882cc7ed

SHA1
7e09a5a88f46570f0d95d19602f38379ae01742e

SHA256
419ef75a40cc8d0ae3ae7767bc87f9c967b0068afa8bb03cd67b697c00f40cea

SHA512
5ec29890eaf47e4ea91dc948811bd1f9dc7dac27b8b116a620b634baf8e33ee605a6e815da04df45478c1460f4cca371ae469f7e4093e12184e24a3a934ef059

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini
Filesize
12KB

MD5
45b6b39f4009ef7a14dde07ceb42647a

SHA1
5372f2432e6a110ee2fff3b37e30a1443132f38f

SHA256
1388b135d43d916af79f2630308b7a28e010fb5e32205c70e796130c0828c7fb

SHA512
48936b2885b73c0c7841d237a78ad38b0c60f63cac5746e4da87342fbc3b234e7feb437e7456dcb5824c06d022e5351c237819231b3f0d013762c34a2c0844ec

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
c12f74a52635905dfbbd7b6b563bd382

SHA1
5e6d98fda127772eb5ccfd83c71f1305c304603a

SHA256
628197e856c3fc9f95033d05f621e2b371f1b100f0e5c65efc0f0a6cb814c8c6

SHA512
374fa03277821536c4dd047a9f635d371925c6f794c606869f17f4cc94095fb293489fb3c5fec7748b7a90a671fd8f6a8cbc5e6563d84dab2a7107a7a85f8d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57566d.TMP
Filesize
48B

MD5
bc1f9f011bf7ab8d743cc473bbb3aa20

SHA1
cfa732b41039b20a0ebaaf7dbd71bdf802b5faff

SHA256
1895391b4c8bf1f21bbf6bd2c3824aba95ada608ce76518296c525fe5d8c0884

SHA512
7470defd485765c436774511ebf1dd2de7b0ce68d3d56334dda49b4d6e03ade42422cd3c67fd5259212b97098ac0c309f93ec0f3b9172af9eec298639ce80331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
14e7a3003f9b72a7a02514d5f884343a

SHA1
b3d98f5ea673998a2dece94af223d509337ea2f2

SHA256
69776103086feacd2d09cfca3c67737dd990de415817b29599970e2f92fc416a

SHA512
d2fecac6dd67577e69671c283d0a6bb0ddf302779207c1287d1cb13e2de5d1c6e3126cf440996770c52885c69ea02c30a7a13f63aa02fd940743dbc72ce036de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
2f0b4f0d19285c065d2e48cecde69ef2

SHA1
444ddeddec0e6ff455878a2f631b2fabfad1f32d

SHA256
5486c7e2b61c50cd0c0e15a67e6b226db7b41680dc91067be486d7ec2fe2afb6

SHA512
0fdd2d2d267e6bb1973816bec9f2c8ecf090f0b0ea8fdde14bdb4582cd5a224513329002145ad3398b84fe14d2fb0470e69169826c51f2fc44f886b7535ffd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
dd9b6d2a0974c0de1747a7922a363b9e

SHA1
359ed47094fceb78511b148037a7c6d782192620

SHA256
53508922175fd4b022d86f2998947a537f2613ac857f2f8a0c5d898ac20f5649

SHA512
711c2f94148db07948b6f6007d092b3a04bf51cc9476b79a74fa121496ead4c5fc714151f7b9346ccbdd6b2d7b9d7972278da11ed09d80ab54c21897f321e246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d9930163fda21fc65a05963111b4525c

SHA1
00a2058c0fd9b87a35b6969643841552d39b44ca

SHA256
db03e55fe8e6101d071775cd78b6be90b1826ecaeffe15ab58baa161da9f691c

SHA512
51776df2a5e1f86d7f71fdba1e95ade7d5d6e7bf7ea1e3475360ef4361cc87dc0c2855ee0065c5a0c5166897439e2b73e84aa9cf61cc23e412db7a1148001ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
12372390704b54a30c4916af1522b30f

SHA1
cd66988d9b59b099a98f7c9c55e4e87ab6bafc5f

SHA256
7e7e5345ff95d06aea7039bd69f36924f132712be875218e6358f8b90b1d444f

SHA512
cfabffbebfdb67271ab20c35c6555c0414eb32c792aa25af71a308779d29a95cc18373339217f953ba841ce25339254e4ac29900eb947c3003eea21f336484a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
69b72d0a4a2f9cbec95b3201ca02ae2f

SHA1
fcc44ae63c9b0280a10408551a41843f8de72b21

SHA256
996c85ab362c1d17a2a6992e03fdc8a0c0372f81f8fad93970823519973c7b9c

SHA512
08d70d28f1e8d9e539a2c0fbac667a8447ea85ea7b08679139abbbbb1b6250d944468b128ed6b386782f41ca03020e3a82491acb1fe101b09635d606b1a298be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
155fb587d6747117f4dc010ae80113b5

SHA1
557234fc0b9e27aa6b7ee4a8340e835aaacb9ffe

SHA256
a2eb5ee708262aeb9c397bdbbdf350b2c3c64a6f246ed40f1d4b8d9b88e2d1a8

SHA512
cecaab798e5ce0fe526eefeebebd802486fb014c0da03b8fa87d60b293242b56a2a26cad4f66e5b638c4ef1c8617f4a55f57e991f771461feb5c77c7ab058979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e9bc71757f4fa93c2687a561fe25dc65

SHA1
50cb376b57ec08b277c55f9dd9c5557505f775eb

SHA256
d48bf7a4145119699b19ad73481a52c59be1a40b5c84bc34f76da56b271db801

SHA512
35ca1365eb23e59be72f490119837f645bcb98e007bab3b21c8b0d200f71eb295f415cf588e8aa5680a98693a8c18ea56fc04a4c5bf8b115c6893aca738b4e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-18TI4.tmp\Setup_DriverDoc_2022.tmp
Filesize
3.1MB

MD5
d70a98daf7a810ee18ce451ec673e399

SHA1
274dff37313f3fbdf82dfc4afd94582359b79fee

SHA256
9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

SHA512
a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-18TI4.tmp\Setup_DriverDoc_2022.tmp
Filesize
3.1MB

MD5
d70a98daf7a810ee18ce451ec673e399

SHA1
274dff37313f3fbdf82dfc4afd94582359b79fee

SHA256
9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

SHA512
a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

Download Submit
C:\Users\Admin\AppData\Roaming\DriverDoc\program.log
Filesize
2KB

MD5
cae13bab8f3f7365572304676f1cd3e3

SHA1
7fd802543806bbee4a002a8e63ba030678c5bfb2

SHA256
b69afd19afb204e5135582f3e19994a61bb4174f494ded5fa49d281dbe7dbad3

SHA512
38dbadad81f2fb031a611880526cfdbaba43c6c5f43130e00d105f12614e19c25a09b17473017edba733a47f8de9252058ce767b7e94289d13b5c307580a5325

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
cdcbb88d3d57bdc8c5053a1bb9fce8a3

SHA1
d2c8fe23644f51007c86c262ad230a5909fcd347

SHA256
d9e944da54d8c0258589a620aff7ce401e81deae5c0066345cc43acf738ccbd8

SHA512
f173b90cfb58dd4c35e654d06d667c8d14c301eda4540e96236c4f13b05861c6f334bb5de882d09d8dc05c6721998ebe09c94066778a1e331ade3f49ef8cbfba

Download Submit
\??\pipe\LOCAL\crashpad_2652_RWEXSKMLBKOUNWYE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/700-343-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/700-347-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/700-345-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/3164-143-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/3164-144-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/3164-284-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/3164-138-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/3164-346-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/3188-372-0x0000000005760000-0x0000000005862000-memory.dmp

Filesize
1.0MB

Download
memory/3188-787-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-463-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3188-462-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-803-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-801-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-799-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-656-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3188-646-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-797-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-795-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-793-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-305-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/3188-733-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-741-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-761-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-762-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3188-763-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-765-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-767-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-769-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-771-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-773-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-775-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-779-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-781-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-783-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-785-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-474-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/3188-789-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/3188-791-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/4312-297-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/4312-296-0x0000000000430000-0x0000000000B23000-memory.dmp

Filesize
6.9MB

Download
memory/4312-294-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download
memory/5028-348-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5028-133-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5028-142-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download