02c87a31bee95e1cf1aa35b0064d7128cfdd2c685590742c20d5dfeec12252fe

Analysis

max time kernel
85s
max time network
86s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28-02-2024 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_DriverDoc_2024.exe
Size

6.2MB
MD5

dc46c709b10bf7bcac28dd7e80a94091
SHA1

7240476f0e1a1fdc1555e220bfe557d92078e2ce
SHA256

02c87a31bee95e1cf1aa35b0064d7128cfdd2c685590742c20d5dfeec12252fe
SHA512

f718a51654b07a2d8af649c4a95b55e93779c2ecec2521557622d7d7329970973a8d708e4beb6054aa89c7462e5a8d5be1e61fce3c9798830c6ecf3884cc2194
SSDEEP

98304:VkL25WZ2OKYMCwTDEULxHwpNa17GGcnkxFvq3cIM0mHKf/oN:2256AYcTDdLJwpNMGtnkxFvqxGKXc

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

Processes:

DriverDoc.exe

description ioc process

File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF DriverDoc.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF	DriverDoc.exe

Drops file in Program Files directory 64 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverPro.exe

description	ioc	process
File created	C:\Program Files (x86)\DriverDoc\is-AIV47.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-DK7I5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-V9S0U.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Swedish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-9J51R.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-MAIMU.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-6R9UO.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-GQ3K7.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-3JMCN.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\French.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-A8ODN.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Danish.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-G2S3P.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Korean.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-B7147.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-R10QL.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-93CAG.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Polish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-ENLEM.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-S7NN0.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\English.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\DriverDoc.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-21VS2.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-B3T6K.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-TM0HD.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-OPD0M.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Finnish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-348MQ.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-VNRAG.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Danish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-C9LLP.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Polish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Russian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-57CRS.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-ALIL4.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\German.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\7z.dll	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-R633K.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-ESTE7.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-IUNE9.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-HH3HH.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Portuguese.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-DC678.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-MT4U5.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Dutch.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Spanish.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Norwegian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-C9IJB.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Brazilian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-HVRT8.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-5BAOL.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-FSL1Q.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Italian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-TQTCT.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-UJLIM.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-8F9IQ.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-28M2I.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-S8TPE.tmp	Setup_DriverDoc_2024.tmp

Drops file in Windows directory 6 IoCs

Processes:

DriverDoc.exe

description	ioc	process
File created	C:\Windows\INF\c_display.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_processor.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_monitor.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_volume.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	DriverDoc.exe
File created	C:\Windows\INF\c_media.PNF	DriverDoc.exe

Executes dropped EXE 5 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid process

1920 Setup_DriverDoc_2024.tmp
3796 DriverDoc.exe
3584 DriverDoc.exe
772 DriverPro.exe
4596 DriverDoc.exe
Loads dropped DLL 6 IoCs

Processes:

DriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid process

3796 DriverDoc.exe
3584 DriverDoc.exe
772 DriverPro.exe
4596 DriverDoc.exe
3584 DriverDoc.exe
3584 DriverDoc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3796	DriverDoc.exe
3584	DriverDoc.exe
772	DriverPro.exe
4596	DriverDoc.exe
3584	DriverDoc.exe
3584	DriverDoc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverDoc.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UINumberDescFormat	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UINumberDescFormat	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceCharacteristics	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LocationInformation	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ParentIdPrefix	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation	DriverDoc.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

DriverDoc.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	DriverDoc.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

5028 taskkill.exe
4492 taskkill.exe
1036 taskkill.exe
3608 taskkill.exe

pid	process
5028	taskkill.exe
4492	taskkill.exe
1036	taskkill.exe
3608	taskkill.exe

Modifies registry class 19 IoCs

Processes:

Setup_DriverDoc_2024.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\ = "DriverDoc Protected File"	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\DriverDoc\\Extra\\DriverPro.exe\" \"%1\""	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\DefaultIcon	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\DriverDoc\\DriverDoc.exe,0"	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1920	Setup_DriverDoc_2024.tmp
1920	Setup_DriverDoc_2024.tmp
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3796	DriverDoc.exe
3584	DriverDoc.exe
3584	DriverDoc.exe
772	DriverPro.exe
772	DriverPro.exe
4596	DriverDoc.exe
4596	DriverDoc.exe
104	msedge.exe
104	msedge.exe
3568	msedge.exe
3568	msedge.exe
3372	identity_helper.exe
3372	identity_helper.exe
1612	msedge.exe
1612	msedge.exe
5112	msedge.exe
5112	msedge.exe
3516	msedge.exe
3516	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

DriverDoc.exe

pid process

3584 DriverDoc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exemsedge.exe

pid process

3568 msedge.exe
3568 msedge.exe
3568 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe

pid	process
3584	DriverDoc.exe

pid	process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exeDriverDoc.exeDriverDoc.exeDriverDoc.exe

description	pid	process
Token: SeDebugPrivilege	5028	taskkill.exe
Token: SeDebugPrivilege	4492	taskkill.exe
Token: SeDebugPrivilege	1036	taskkill.exe
Token: SeDebugPrivilege	3608	taskkill.exe
Token: SeDebugPrivilege	3796	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	3796	DriverDoc.exe
Token: SeImpersonatePrivilege	3796	DriverDoc.exe
Token: SeLoadDriverPrivilege	3796	DriverDoc.exe
Token: SeDebugPrivilege	3584	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	3584	DriverDoc.exe
Token: SeImpersonatePrivilege	3584	DriverDoc.exe
Token: SeLoadDriverPrivilege	3584	DriverDoc.exe
Token: SeDebugPrivilege	4596	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	4596	DriverDoc.exe
Token: SeImpersonatePrivilege	4596	DriverDoc.exe
Token: SeLoadDriverPrivilege	4596	DriverDoc.exe

Suspicious use of FindShellTrayWindow 56 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exemsedge.exemsedge.exe

pid	process
1920	Setup_DriverDoc_2024.tmp
4596	DriverDoc.exe
4596	DriverDoc.exe
4596	DriverDoc.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

DriverDoc.exemsedge.exemsedge.exe

pid	process
4596	DriverDoc.exe
4596	DriverDoc.exe
4596	DriverDoc.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup_DriverDoc_2024.exeSetup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exemsedge.exe

description	pid	process	target process
PID 3112 wrote to memory of 1920	3112	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 3112 wrote to memory of 1920	3112	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 3112 wrote to memory of 1920	3112	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1920 wrote to memory of 5028	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 5028	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 5028	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 4492	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 4492	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 4492	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 1036	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 1036	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 1036	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 3608	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 3608	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 3608	1920	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1920 wrote to memory of 3796	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1920 wrote to memory of 3796	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1920 wrote to memory of 3796	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 3796 wrote to memory of 4536	3796	DriverDoc.exe	schtasks.exe
PID 3796 wrote to memory of 4536	3796	DriverDoc.exe	schtasks.exe
PID 3796 wrote to memory of 4536	3796	DriverDoc.exe	schtasks.exe
PID 3796 wrote to memory of 1388	3796	DriverDoc.exe	schtasks.exe
PID 3796 wrote to memory of 1388	3796	DriverDoc.exe	schtasks.exe
PID 3796 wrote to memory of 1388	3796	DriverDoc.exe	schtasks.exe
PID 1920 wrote to memory of 3584	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1920 wrote to memory of 3584	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1920 wrote to memory of 3584	1920	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1920 wrote to memory of 772	1920	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1920 wrote to memory of 772	1920	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1920 wrote to memory of 772	1920	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 3584 wrote to memory of 4596	3584	DriverDoc.exe	DriverDoc.exe
PID 3584 wrote to memory of 4596	3584	DriverDoc.exe	DriverDoc.exe
PID 3584 wrote to memory of 4596	3584	DriverDoc.exe	DriverDoc.exe
PID 3584 wrote to memory of 3568	3584	DriverDoc.exe	msedge.exe
PID 3584 wrote to memory of 3568	3584	DriverDoc.exe	msedge.exe
PID 3568 wrote to memory of 600	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 600	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe
PID 3568 wrote to memory of 2840	3568	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2024.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2024.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Users\Admin\AppData\Local\Temp\is-34GPF.tmp\Setup_DriverDoc_2024.tmp
"C:\Users\Admin\AppData\Local\Temp\is-34GPF.tmp\Setup_DriverDoc_2024.tmp" /SL5="$6021A,5549910,808448,C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2024.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverDoc.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5028

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverPro.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4492

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCSchedule.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1036

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCTray.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3608

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /INSTALL
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3796

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Schedule" /F
4⤵
PID:4536

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Monitoring" /F
4⤵
PID:1388

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /START /INSTALLED
3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3584

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /TRAY
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/driverdoc/install/
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb0bf3cb8,0x7ffcb0bf3cc8,0x7ffcb0bf3cd8
5⤵
PID:600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
5⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
5⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
5⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
5⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
5⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,13390973745820224860,13603723212984570928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/checkout/driverdoc/?bver=reg&driverstring=2
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb0bf3cb8,0x7ffcb0bf3cc8,0x7ffcb0bf3cd8
5⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
5⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
5⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
5⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
5⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
5⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
5⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
5⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,9691923650809944409,18382392829509966203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544

C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
"C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe"
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverDoc\7z.dll
Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
7.7MB

MD5
03d44725ba1f41fa4948d7ff6526ea48

SHA1
67a903499edda6909499ff0762a51e8e387fb8a6

SHA256
23aa5d60ce76b6379688c69507d08932a9e95e7bb5eef8114916164ada275f1c

SHA512
7d0e833367b16a63e69daddb7551eb0fb0bd120f1a9a3cd39c4e8533e24a5ac6abb4c0ce6d3c359f754f3eff792b4e7f75a9442a00246acf4872f137a41b0ebc

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
5.9MB

MD5
f0459ada195ece2848e181b3b93a7dd4

SHA1
b69446bc2035404e0ee125d69bc8e7ced7c14c02

SHA256
58021cb06a562b780df04875c558da57ba2df01eb2491cef9167815d78ff4fd4

SHA512
cdf38a08e16ef41c73157a005d740f8d8c9027cc5287858a4bb4dfc94dac3f659a900efe58f3be3fa9c11b78e55713af532948090ec0141586e21cf831730768

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
5.7MB

MD5
f408a9b380845093f2ea6ba35babaa9e

SHA1
f6fc57fef1ce2925f208759dfa017a58cce502b6

SHA256
b75d78ee4573dfd5ba106fe52167c86150fa636e2eedcd5d95ccf8b19f2f1b55

SHA512
9594284426688abf823379bc76f5ae0407b0cfd15d065c75283e4b8f8ce161ddd722d2ce0b45bb924545661334709d581f973a91ef41f9222aa9fedf22eea6d0

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
2.6MB

MD5
3bef9d9e7a8af352ff0c6d42d831be09

SHA1
8b6fdfc354f19717576b3a669251b7fcac3cca82

SHA256
d1398413644a686b226de68f39e03a96565aaf61e4427fa244e399b7619575e8

SHA512
53450cc42801bf2de99f92eb3868db5bf1eb51fbe09ccaffe2f8544578685af1315443e9f7c089708691631424f3466e433a0f12b08efb58aaa0f7a6413e5d59

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
2.5MB

MD5
765028bf42d549348938d269c85b7fba

SHA1
65d6dccd331711def6c504257c415b4a2d2e0cbf

SHA256
f81538c51ddf1a80b36b26c5923de8ebbf0e466c2213022dd765c33ec2503b79

SHA512
5599ebc5d44d2cfe8e7267774d62117a07fea0a36d0fb62c9ada2981d79c9c8b184979b7d4b1bf838178ccaa663245d1af5adb6e4c8dc72ddc5430ef16e92f4f

Download Submit
C:\Program Files (x86)\DriverDoc\English.ini
Filesize
50KB

MD5
62b54950511f95d047312e81181c9b03

SHA1
7f7f17cc93bfac4730fc43981be3bc99246d71a3

SHA256
7472f84c630e3d743845a4c5187da48c28da4a45ca05d35652684ed6cfee7b67

SHA512
fa76c8cd62c514e726181e829fcbccbc4068e15745e11a86a0ca9ea4be95cc2016f2997948fbb713e97aeb6eeb3035a724f38990c2b2905dbbe66b63a99db7f6

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini
Filesize
17KB

MD5
02af48872d5deba9bfc2cc88800829f0

SHA1
82fb890d9468f9cdb375696284b84f3e60067835

SHA256
20f27b44a72952ec23517e73290f6310e4bc92963cad45b04073a71b8ff35b69

SHA512
60355c93a4d10ef5f018e743c67dbd4d7fb79a5919d1b45b50b1cfc0341b9ea061443f8018d1941a066e1de8b2776ac7148a07b856f239c2eb2b627ba9e59403

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Danish.ini
Filesize
16KB

MD5
0a59eda69be950bf91b9eb23bb45862d

SHA1
5c9c79b0dd8f0216e6cf42c6a5f053807b0c7d74

SHA256
9fc240d6ebc064b2d702a3b1710d19cf1874b30e7dda6fc720c9da0f56d7be5b

SHA512
3e7b501e201f6c3532ac1f517b2d02cb36a62e8bbeb7de5ccd85c64782f7f3cc2bcf6ca0436cdc9667a8da51e8810dd0ad743968058681f4681135b24ff8df39

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
Filesize
2.7MB

MD5
772f0384700c92923659684de7be8b7d

SHA1
018cf87fbf8b3e3716a4b2452e62036995c00a24

SHA256
abace41c06bca3d8fa11f74c77a0b8eadcf0ae23c7e48dd2b670664777cfc346

SHA512
03e26f72efaaf4dab704c32ee6f6bb9e1582c3bae42c0d6dc778b5b8b66ce253ef3f0a440dd0f1658305da9f2225f1363b64a71f5de288f860d9f5432914e3db

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini
Filesize
17KB

MD5
59bd883cb54544343baa2de36d4c0218

SHA1
c16c606d470071fefdf8a149735f0986434d7ba9

SHA256
688e8ce9f141d68122cb6534d786f04aab75b2274922485cecaa8053ce39ae5c

SHA512
a74ab9e0d904b8340d77f70441f7522b38773227a32783299f0419a4aae695bd3de6c9ec4567ec07d932d156e95bdc02eca4772887a80bd30d7b050dfdbaea3a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\English.ini
Filesize
15KB

MD5
d390660ea23f596a83f7dfac4ee68932

SHA1
65cc9586d6deaac2782007de3156e49a18d6b426

SHA256
358cdbd213fe5cce8e5ab5fc11acf783816a898dbe543baf6d6e481b0761ae50

SHA512
8c9e52c80c689dc5bca220a3011797fc6b451e114522a60d90b9b0d6d1b348fc3a7fa8cadc89b446e364b3cd33b03e535f063501e4eeea893dac0f2df6a8a6b2

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini
Filesize
17KB

MD5
a92bc4a2c584191023bf50d2cb3cc668

SHA1
061f2e55938d0b19e73351eaaf5599cb9d3a7903

SHA256
e3561a15613aec70d1402619534abb55d97d46c860acbbd8961fdb0efc4bc0d8

SHA512
3ba93147052a2e500db77c8b5f32427b1abd7747a73ff10ae4f31d8ccbb4bfe0af6bffd7ffe274deb4b6a6c4d968855950c3ee9d193c8f48de97436f1ec14457

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\French.ini
Filesize
18KB

MD5
5174d17d94e389fce83ff0a113c28ef4

SHA1
3fb12b5657f6dbb28065a43a8e0c570eaf524810

SHA256
c41e34a265a2ac9cc02674cac6a5a5012ddb03bdb16c352a2ae6cde01a6dc68b

SHA512
69846e820720fd96e58016cf590e30343db66850273fbcf54b8e1745b1e48d7a6bc4a72145c126dcab13970e97d2d48775aadaf74437cd8e7a405d5ac93d2bec

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\German.ini
Filesize
18KB

MD5
a5e4aa95969239c7e4936b4eebaa604e

SHA1
d03606c38ae625d3d503107b8e5cb546e113c027

SHA256
d3ea43b89d5e39e1592060a7bc5010b072e73d6f85a5e0694571ed6cdb8c27d8

SHA512
58b5d47831a6d3ba034605e5974fd7bc0119db422a9a3bf6d321f723b6f15fd9b97a68e78c64e4a832a83eee7542a160c475ace57d4c3a02343b3125726355bc

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Italian.ini
Filesize
17KB

MD5
06a02f50a5741a2a20b2b98fecd46dfa

SHA1
f635b9c2b6626e4ba65a10e73fdbc8f628a688ec

SHA256
934dda48df532932f3a02595077990a4760dc384709ac237f7992349b914a263

SHA512
e3d047f1b2bc39051bda3b6e433ab7b39e9d36e5d9b5c2a8aa7b39ffc4879250cad2af33c87640c0c51dc112896f79be943e4cf5a1964af5eafdad6169d4c4e0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini
Filesize
21KB

MD5
80ee1595ea4b78a633430d6dce4b6840

SHA1
1e6274c9aaaf1e75fe8a64de0d35bcda8a4f4d98

SHA256
27eae11963fd42680f7c2caec95d79a81279db759d385582551e23486761ff51

SHA512
e3e897967ce1dd5e08adfe1b2f3f662e22da4e09d60d2a1b3be127c0bbdab74fd5f16a3788086c9960c736d2e58170100159640ca294581491f5618062ee76cd

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Korean.ini
Filesize
17KB

MD5
f197bde18fb1755640af0fa7eec6fd8a

SHA1
ef197b1c84f46285cd629974831968bdf1224564

SHA256
11eb6f73cdb528cc0d4d1f135410e85495003729db64c2ad25a54148dd1eb0dc

SHA512
dfdf182ae97812bbc41abd13525d430f84b7217dd1c2330626290654696fb39595db0d74e7d6ae2ff038736b3982cf39d4760068cc0a189781fd04b3fc5d214a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini
Filesize
16KB

MD5
47b35d4d7694c3a0bada72e18a3e15ac

SHA1
f1fb17aaa572af538164f1464c5ff8ff9de00d3a

SHA256
dd8d548438fc630845f70ad67c913867f7cf146a80c5c89e889bd51787399ee2

SHA512
8c8b604f206b69d8e7d6695eb0d9ac900f05fe7f71739bad378e43da9d0e0a7f1dd2ad00498c61020fec16b1b44212ae20633f88aeb0228670a8aa826a4d3703

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Polish.ini
Filesize
17KB

MD5
7a73ac61ed3448ddb3f052e41952e5fb

SHA1
6e952588f49effb8ede01bb4de7e9cf8c5cf70f8

SHA256
b4b62ad89631fa8fed74410d0015862311204fc9f451827c6ef7023b788f0ec0

SHA512
e3e022b7adbde1f01358a19f2c78257d9437c375468b70ab98bc0f268e09fa9013af2535c88e5ae7c9aa048a5781d70af64279a37661aaf2b0dfd0f84652e810

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini
Filesize
17KB

MD5
73c3b30e115ef2593ed4ffdf84be90d1

SHA1
3a4e5cdecd57b091f7cc9617d4b9e860570a661f

SHA256
c0c274687a5b4869c07de711d324ae0b2606a212b49a334fb3416f7cd263f24c

SHA512
977517c9cd517a6faa4df6adf172450f78972a5da75df24dcb12323d4d91667a62396af71ccc032e55bd6037dc8f08e4efcb094d0782c409323ee95fbb5b8281

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Russian.ini
Filesize
25KB

MD5
70b5e745cf4595e2b3a8e7f61b448f3a

SHA1
004a01cbceaa37e388b345fd38776ff877555027

SHA256
6ab579a04d61c05326537a1afb2411c9345879b20eb533f890a3d8523c98a738

SHA512
c588ac29b4be43b70a388724a1ab2310d0400fe46f3af45d89dfb940e19116e3c5cfd818cc0b4e51c08d366b89289261aad9ab6275a16c2715ed407a23037f40

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Settings.ini
Filesize
73B

MD5
4dfd24933bec370032a0fde1452d9b14

SHA1
f3c3bc92eabe67c9072a0a29968322adad9489c2

SHA256
035c7dd8eef04f652d7d7b6b28c27ddb0b867502d088c1cba12319b5718fb1b6

SHA512
85ccd0c6cf38ee620b0a4a2289c4161fcb01fcd3546e1cf3ebfe83a087133972661e8b3854db5643caaadded1fcb3d621141a8f39490866d21b53b947f42d97f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini
Filesize
17KB

MD5
b81f346eb46ae2277d47182a310b1e38

SHA1
6216d3bb328135f09f12551bd6f418d3b431b8bd

SHA256
7f00de121cc37d3c6e2a398081ec3cff05e5d0cb1de869a1d569fd80d5d73469

SHA512
8e68891ebd5ea623c128a7ce99321aa9d630c7e6b5952a45febd8241795bb0d4e74bc2f1546bc3d450edfc7837f126a527bdff126d3099fe83a38429d9455be3

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini
Filesize
16KB

MD5
30d812019a9028bdc7f03ed26d85c3b8

SHA1
182721e4cf6e5c05113cee8ca4f17424794a8754

SHA256
798276387e105887b553cf98b7d8a0fc5323f9b80d79d59c1aadcd9827de6dbe

SHA512
adba76b9c030a744812809710d7696dd146a59974b92c224c9c0a4016777ebac916aeadae836b741bb0696d05920a13d4b5a04c7249f34f847f47a418d8d2fb0

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\729af564-2c41-4300-9c19-32965b516b10.tmp
Filesize
11KB

MD5
55fa5bf6a62b9c8d95d44d1f4e2d801b

SHA1
f30d22f9b3514cb363d47482c8abefa2464efb65

SHA256
415cdfc1bad2ba82cc98d4460a0148b2c45195d25d25ed41eb1b4e07b03c3a5d

SHA512
a0f40bcd5d10c08f2fc52776a25e71b3f2230ee02f8a86e644fc1b48336c0b0feb9c8f332ade3464ebe88436c0e56f20efbd03a69916fad8572af201e7fa6a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ebc8fd54671c2543a33a9bf0e90561e8

SHA1
89a7a693ed6e87f947cb9cc9ca3281c6d5b89ad6

SHA256
2d60c4d3483347eefe3b331032d534e7a623cb3a66ffe18257527aaf7c85174d

SHA512
83530202bb8e774d0fe4de9110ee101ea7fc2b88c81cef50404051110b5394556ccb83d8f8d9232aec805524286d2f3b428b48ae297c3ef6951526a3578c5f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ca88d08c651ae3d1f6f36545f70e086d

SHA1
489e4e58dfdc79d6620d9c69efeb9470945d3345

SHA256
60d9d38522e421790d12f5f75c67cefd63f0c24fcd1411a0a321265ea95a3175

SHA512
1178d771707b05f53c3ed04497f7c1c8473b2f67b463f7005b8855242e3eecf4cf60c2a3c3564e4faba3a4791ad90fe887af79b3485a1a7a22d4e9cd7c11486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d823075-081b-40fb-9ea8-ce78b3d546b7.tmp
Filesize
7KB

MD5
37f4809118140cf8e6fa499a89dea3d4

SHA1
0462ef3a4b08a28da739b8c2d1f11c34fd944a40

SHA256
b86c27246e52c364f52f8251d1b981775ebec3f1c7f408e458edd7adb290459d

SHA512
bebfce29a2e037de55cb4a60861186b2f5b8d4d579c561a1f24efa543666e3071e65d6af496effda910346579b71698b5cda7f69d374a320b15ddd685fbbec55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
5be5d9faabfc75d91c2912f1ad176406

SHA1
2eab88cb28a1caab905394ecefa1399a4c8d2694

SHA256
f7d14c39833eb4a63cb15c13cf34a552327f36f4a9080634c47be299f8955618

SHA512
01e6bdb04126f59fe01835813b2d184385f4a7a478c711cb6dc3fe27bd72a78c35718f238e13d99982e7aea3714431b4ced12512023ed3e13f7cb6c1138da1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
af58d158d736d64c2636757b3e399978

SHA1
c8de06506366d895a65bde6a70c58e3e6932e317

SHA256
fb3ec2185370369d726305891281893f14de8d132f4a2a621bab4264301778d1

SHA512
e3aa64f4385b598745e51f6c8c70c64231a9f18c5f46166d3ef6c0133a9c0a6f2bbf33d1e03678bd3284f5f7270face7c1ad86c2dacdc98b1df4ba21c64d83d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
ff73b2082ac042df0cd5f7eed0d2aee9

SHA1
759ee09dccca9d16047dc32ec958332d40e978a6

SHA256
53c0aeee1eeaaccb1e694044bc8a0d8612a882c98322cf283dea69481ce242a9

SHA512
1360f762101e2b0d36b96e70480f4daf18393ef1d3c5bc23a4b0be15286c386a42d5c03e8be168a50a9b4fe3b0615c4c9ce3aa94d747c96b7791ef3b0c026846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
fcf2fa3c882d84443e1ec7a43d8a802b

SHA1
43f7acfadb4dd1bb7bdd7ad1f662097756a6861a

SHA256
43b4c5b87e0cfd346a834c89d1e271498b0b0eeef07b3b18dc8986eba4872573

SHA512
efe14e790fb5b5df8f75b3d4661fc84303d9053982428d86334283e637225f4b173e9f57eecd31c283479cb77d375fd89e77ac3d0fc67c7a354cc57c56318d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
498B

MD5
57d261829f76090642ee33724393316a

SHA1
fdfe006e4c0912fb9dd41fa93316d2a8bf8a7469

SHA256
fa3ea343afd6c2e9fab48b264fb728f1d10259f1f813383ef97cb71a536f313c

SHA512
cd97f36b195ad26156020c32f9e75a12646fa843ff91a7e4d5ad23e4ac37f68193e890cabb4ac8b307d2a895d7d2ec24bb29074703babf2b4ef19a642a3d6f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
157B

MD5
4f9f19f258207fe399240902451e7bb9

SHA1
802ac8f613963e50a36b88c4c015b455a2113bcf

SHA256
35e31820883fbd45c8afeb0ac024a3dad26160cfd9ba0a55bd0a3fc72f2f247f

SHA512
a6679593dee99e5b0a5bd361575076b8bb200603745fbf5666534568c6afd31b2f3db95e4d95eff1b99ea15c16227caba02f158f80fcb41497af28a8fe90db3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
77e91d766cb0ab175d2811a60e084aec

SHA1
d0257a29e9077be13227b24343c23465ac2cb20f

SHA256
ecc91335621f4b8a986519022442bdeac9e94a16d71b950a0cc4c5775f1d2887

SHA512
a234ee78b9f027618be09373baf52ed509d9b3e471c2d920b5baf7fa97ec0ab6511758f1ca51a71d1cb93ed412a3cec5d41cbe95b79fa9136aed3d9a5c9fb8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f012a5f3a14f8595a381ca9fc2ff17e4

SHA1
1783519593572192f270edce9b5e23d5913135d6

SHA256
3fddb93413a15a7154352d0192316c2f91a95c27595685f43efc3d322fa8abcd

SHA512
7e069cb7188074d9216ce96d892c8e246a35c96a6be5aebe4a73b6082248fd48246daffc8afdb4e1b8ac17cf6ebac291fef6cc24ff58180adfce5ef0b3c5e9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
373ca9d121eaa3d50fba916ef3b41668

SHA1
3571d4deb17445ba44422019c659f8344fb190c0

SHA256
74f27e2ac1e8974eba631dbb2fa9876611b2fb722dd3b9e5f9243783b1d74ba2

SHA512
671768ecc4f80b83b79c719dbcaf3e26fdfd19fe38139054c0ad32d4748248c5a2f321d4eede58cc88c0eddcf52e5711f42007798cd66fb6a5ee63d097dbc19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
81d3e71b9856fa0e5243af8dbe878d1f

SHA1
a08223e0b9c5d9e6a90f20c5872cb5fd94a22e59

SHA256
f8ac728f2b91e29b4502cf6c959ad03a4e444d817dd0076944b29f10772e363a

SHA512
123727e3a581866001389f2b64118facc379f7159f881a3cc8ea0d7ab7913757be77fc1c8b45707968d841886c2c473799f5e68b8de31d6e75f8fe4445cfa4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5befc05f05f46e9a2630ddc9ced296a0

SHA1
582687d2aa0bdf84f79b33eecdbf602feaa5f0d8

SHA256
4f606893f251960196ceb0593076fea863fe28ac311dfec0a1fe0683d843859a

SHA512
7d73d36192c0be7305d74fa0beeaaf67b7f44508c0bed651c6613af0111ee5a7d2e31fd7073216c5518e9221beb87e5041b128ef8d899eb9fa6a00f69b450ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5e147c12d2d403e9cb8fe605375a142e

SHA1
5aea0ec524f516d7914110ad6e34014eb908216e

SHA256
b525369e854f98e9c3c3e2e3d752def271003dad05c9d301a00f695531b4d47a

SHA512
8a9ef29a33f62ffa184c3e8f8d7a1c5ca6e144f6d970473e412bf638a65f4fe1d91dbe0790bce61404856333680c044f90e9b2ab96f9c7179764813098d16e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
48a6e28192697b9076731363b61c6c32

SHA1
c1c8cde6615ed2553ced473677dcd381becf0c3d

SHA256
2afe8c60dce87ca0015429c33f38bcfad6fa49f413eafa8bebfb75e0be1e9bc5

SHA512
767a5b1dd1170480b348410c614f1c9a467824ab67ade4490c5c2107cb41afab16308371042ab72175d63950db94ebb1a8f6b38b6466cf0806168c5fe21e4270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fb555eb74c9da6c91294a1e7512d0358

SHA1
ddd3c9dda811399208e34c96b02db2d76af35062

SHA256
77d064f544a8639db301bc79acaf14df17fc0a017e76c533115c621b754a0b47

SHA512
22ff560ed07613b8c436d99067ccc5fd5d6a08d0c6940c13870fc969f4fb60ed6052fe1c30df49de81475db09e6de0e4ad6aa7be77a17d70b1c01d7597f6b1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353633432019624
Filesize
2KB

MD5
ad3fd7104e01ec9b7c0335d55259a996

SHA1
2e1e0b8cff048fbf039e932490e255daa953f326

SHA256
52efd1067c68470aa968a50acdf05613936c5469ee40739f874461095217b7c4

SHA512
aa8912da693a4891773fd43aecdbc1bf83fb25d487df1359886875b8f0d86acbe7e7f8492525061a5280d4fe6de736f62a97b8c8e789b7f8aaf15c401eefaf98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
a0cec99e2c462cbeff37596e3f278908

SHA1
05a8f9c68929ae8c0a049590070fff13b402d65e

SHA256
995dea180b80c81f527f87870167ebe0fefa762f825f561a922346e1d94e42a9

SHA512
5d9b0cf9e830ee3e280edc223cec7e155f715dc97ed79aabb777c9bc48c4e4671995eb4d72901aeb8caf59a59c7cc32ee9d5121f436cec8f40f93ccfcd457490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
dd9a67fa647318bd9118c21f8d540e42

SHA1
24cef239a6bbcc55ca66de791da6f9a3c981574d

SHA256
946b02920cecb7db167fd972fe2abb66270e884ef2567d0213adc2ff80552fa8

SHA512
c4de35c7e20f5f3665c207a7c6095027e8526732c1db895c8dd2e90f43b714abfdfb2026d1ca4d5c5f517b4548501fa32cc648285c035ca97f7d04a2b17bad3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
7258c432a506990ef96d04e24a3112eb

SHA1
babce98dfaf4830fcdf511bddae9ddead84dbf2e

SHA256
a3c797959e69a04219cd1c0cccaf74a91d119603f66ed1433bc137fd31cb8f2f

SHA512
8e5c6b599b98d40e9b8386f24b50a053f435ee8e942f9829c42ddf85aaf9b6ba2b47d46b9d1f6f6e51be9416377d256b85da26a2d9dfd73ffcaa5f799a397219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c428c94375030c019556a89c946eddbf

SHA1
c195fdf4fe01884a76c9d3e34eca8d290a22ff14

SHA256
0da09aeafc7a72f6ed4f44057556456c6906f3ef3056860e4e195846ca414c78

SHA512
4105c173b2aaa8d43bee0d6df41b7adf2ab4ed8c1ce245b5ae96260fe4947b5c8259991856dc5d80bcc03b862a56783dc4ff08f002fa50bf41d5165293bf35e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
eb286462de6a2236105b65b512a606bf

SHA1
0ecd4d573423a0f06aa75812ae761b298fe967d9

SHA256
0a585c8ccc8cd8369316f0e7b2f6c92dd5fdeb655da6ee96590e5b8e73f0a724

SHA512
9fe33e89c70aa1ed1512e2e68d4b2a8dcf1271eeaa809da6f92dd41b2a088306ac11fe94ec2a8ea1c18933c3abf7ecc22a54a66b3d19d5a7d7e24ac05deedc03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
756KB

MD5
bedb8d451c2558ee5a9594a78f2e8bd8

SHA1
f3a3dfe8a4daf1b38af491124045cb57f3a9b412

SHA256
d0f2cfc1777aa3c2f9982e3b2b85e8cb538491be58bd8cf64efb07b3685368ac

SHA512
29b7f1317de76244d2283ef96100380a72410a34c7e62f9ed5d9187d4706254903ba0cb8611b272172add9b0fbf890f34845a55b1b85ebaf397ffa620f4c1d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5984212df76b33c2f1fd557c80461ebf

SHA1
a375b1ca364495b08fa33b717de6e18230f8ea58

SHA256
65b6bc76722bb852d36ea580c4e0f04c0cc77f228175e90b6ca0e06e43f6edbf

SHA512
74171a94efde09b7e1dec21799fc5b95955e0493786cf3425aa6d85c9c4e53478550115871a3def9e3c41071ecc59401a65872d1fa5f7cc4cf998b6abcdaab3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
270214130d8f02c931d0bb0f60931691

SHA1
64cc058d12311908bb9d46d19bbdb62d4416685b

SHA256
2abb534179d8b7953e81730769f004e1fc6b2610a1b97af5b8439e690f69b9c9

SHA512
656b591f37adc071e0832ce1348b0edd85c51431c7cee82a0df93f389e269621196b85adb2a7f7344ce01ec1d6f82a128ca575f3c241ef9be1eeea21aae8d377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
637f5321772f157544171b2579ca44d0

SHA1
086753ec2d0676acc2e241f30c8a42a4ec6e6aaf

SHA256
50fe7074a1752751501317677471bc5fbcf54fc83a436c4032bc8e182f5f2eeb

SHA512
8d8f1a918ece7bbceff5d73056afc4a159d296cf4ce89cfb5c1e9cf42fcf26c0929737b02d3b8f34d99575f39f3f4df63f97bd0e7756f0906af146e229c337ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-34GPF.tmp\Setup_DriverDoc_2024.tmp
Filesize
3.0MB

MD5
10769b81758f0da3ae536dd80f68859b

SHA1
0a877c88a82e463b7c2f0b27441c4da638b744fe

SHA256
8163ed7f98f3d07ef9bd9bf25b530bde0c834b9645bdd394f57a3f74397bb6b4

SHA512
bfde093fa0297d9eb408db6b95ae2d453508a434ab569bf6354d86ee831e00a9a261ef1079705bfe3ec8d75819a77970f6a2f4dc34077373438c944f3cb5dd5f

Download Submit
C:\Users\Admin\AppData\Roaming\DriverDoc\program.log
Filesize
2KB

MD5
5bf4cc7c8fdf078c6ec8d1277ad870de

SHA1
1405effcd472a779da6d6f81087d0226c8085cb5

SHA256
11b0bb614b9951f39cc48537c19660ba03ca7ab8574a447cf0c6be15afa53c16

SHA512
6e11e20f117a7fa1911b52e08b617bc3dc2038697ed67d39a421be8d04354872c2e6b09f02272b49cc9e9382bc75e61e0b23eb773319dce11fac4364c2841036

Download Submit
\??\pipe\LOCAL\crashpad_3568_WXCZPFBWQQRAZSKJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/772-210-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/772-215-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/772-213-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1920-209-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1920-5-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1920-157-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/3112-156-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3112-214-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3112-0-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3584-486-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-553-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-762-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-321-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3584-320-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-266-0x0000000005E60000-0x0000000005F62000-memory.dmp

Filesize
1.0MB

Download
memory/3584-497-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-487-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3584-626-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3584-166-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/3584-490-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/3584-491-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/3796-158-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/3796-161-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3796-160-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-579-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-216-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/4596-488-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-644-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-348-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/4596-499-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-494-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-496-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/4596-344-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download
memory/4596-764-0x0000000000C20000-0x00000000013DB000-memory.dmp

Filesize
7.7MB

Download