c30cf082a0d8e95d41a9b725501774dcd456aef8477a434528e74963ca9f5273

Analysis

max time kernel
82s
max time network
82s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

entry001/Setup_DriverDoc_2024.exe
Size

6.2MB
MD5

dc46c709b10bf7bcac28dd7e80a94091
SHA1

7240476f0e1a1fdc1555e220bfe557d92078e2ce
SHA256

02c87a31bee95e1cf1aa35b0064d7128cfdd2c685590742c20d5dfeec12252fe
SHA512

f718a51654b07a2d8af649c4a95b55e93779c2ecec2521557622d7d7329970973a8d708e4beb6054aa89c7462e5a8d5be1e61fce3c9798830c6ecf3884cc2194
SSDEEP

98304:VkL25WZ2OKYMCwTDEULxHwpNa17GGcnkxFvq3cIM0mHKf/oN:2256AYcTDdLJwpNMGtnkxFvqxGKXc

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverPro.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\DriverDoc\French.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Italian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-QU714.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-65EKN.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-DPLN3.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-SEGP5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-K5KVF.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-2VE5B.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-GFESF.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-K7UH8.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-99C7M.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-91N40.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Italian.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-FHLK0.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0JMLI.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\7z.dll	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Polish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-2BMPR.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-10N0C.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Spanish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-1LIJH.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Korean.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-FNPDG.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-M1L5B.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-RS2II.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\DriverDoc.exe	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Polish.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\Extra\is-QR91E.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-1SL95.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-ACKKR.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-U91LO.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\German.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Settings.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Swedish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-P2EEN.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-7H6PV.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-H3KRH.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Brazilian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-DKCGL.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-SV6S9.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-JRMVJ.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-SQPPH.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-M75HN.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-PUVMO.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-C8M0K.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DOCSchedule.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-EL07B.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-HV7D5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-ENGQT.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-VONTG.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Finnish.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Japanese.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\sqlite3.dll	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-QQIMK.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-GVGBD.tmp	Setup_DriverDoc_2024.tmp

Drops file in Windows directory 1 IoCs

Processes:

DriverDoc.exe

description ioc process

File opened for modification C:\Windows\INF\setupapi.app.log DriverDoc.exe
Executes dropped EXE 5 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid process

1032 Setup_DriverDoc_2024.tmp
2392 DriverDoc.exe
1248 DriverDoc.exe
2720 DriverPro.exe
2700 DriverDoc.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.app.log	DriverDoc.exe

Loads dropped DLL 11 IoCs

Processes:

Setup_DriverDoc_2024.exeSetup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid	process
1976	Setup_DriverDoc_2024.exe
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
2392	DriverDoc.exe
1248	DriverDoc.exe
1032	Setup_DriverDoc_2024.tmp
2720	DriverPro.exe
2700	DriverDoc.exe
2720	DriverPro.exe
1248	DriverDoc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

DriverDoc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	DriverDoc.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

2588 taskkill.exe
2548 taskkill.exe
2480 taskkill.exe
2484 taskkill.exe

pid	process
2588	taskkill.exe
2548	taskkill.exe
2480	taskkill.exe
2484	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0AEB3E1-E2D1-11EE-92D3-66DD11CD6629} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\Total = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com\ = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "51"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies registry class 19 IoCs

Processes:

Setup_DriverDoc_2024.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\DriverDoc\\DriverDoc.exe,0"	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\ = "DriverDoc Protected File"	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\DefaultIcon	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\DriverDoc\\Extra\\DriverPro.exe\" \"%1\""	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

DriverDoc.exeSetup_DriverDoc_2024.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	DriverDoc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	DriverDoc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Setup_DriverDoc_2024.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Setup_DriverDoc_2024.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Setup_DriverDoc_2024.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Setup_DriverDoc_2024.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Setup_DriverDoc_2024.tmp

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid	process
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
2392	DriverDoc.exe
2392	DriverDoc.exe
2392	DriverDoc.exe
2392	DriverDoc.exe
1248	DriverDoc.exe
1248	DriverDoc.exe
2720	DriverPro.exe
2720	DriverPro.exe
2700	DriverDoc.exe
2700	DriverDoc.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exeDriverDoc.exeDriverDoc.exeDriverDoc.exe

description	pid	process
Token: SeDebugPrivilege	2588	taskkill.exe
Token: SeDebugPrivilege	2548	taskkill.exe
Token: SeDebugPrivilege	2480	taskkill.exe
Token: SeDebugPrivilege	2484	taskkill.exe
Token: SeDebugPrivilege	2392	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	2392	DriverDoc.exe
Token: SeImpersonatePrivilege	2392	DriverDoc.exe
Token: SeLoadDriverPrivilege	2392	DriverDoc.exe
Token: SeDebugPrivilege	1248	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	1248	DriverDoc.exe
Token: SeImpersonatePrivilege	1248	DriverDoc.exe
Token: SeLoadDriverPrivilege	1248	DriverDoc.exe
Token: SeDebugPrivilege	2700	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	2700	DriverDoc.exe
Token: SeImpersonatePrivilege	2700	DriverDoc.exe
Token: SeLoadDriverPrivilege	2700	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe
Token: SeRestorePrivilege	1248	DriverDoc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeiexplore.exe

pid	process
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
1032	Setup_DriverDoc_2024.tmp
2700	DriverDoc.exe
2700	DriverDoc.exe
2700	DriverDoc.exe
2912	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

DriverDoc.exe

pid process

2700 DriverDoc.exe
2700 DriverDoc.exe
2700 DriverDoc.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2912 iexplore.exe
2912 iexplore.exe
2624 IEXPLORE.EXE
2624 IEXPLORE.EXE
2624 IEXPLORE.EXE
2624 IEXPLORE.EXE
2624 IEXPLORE.EXE
2624 IEXPLORE.EXE

pid	process
2700	DriverDoc.exe
2700	DriverDoc.exe
2700	DriverDoc.exe

pid	process
2912	iexplore.exe
2912	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 55 IoCs

Processes:

Setup_DriverDoc_2024.exeSetup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeiexplore.exe

description	pid	process	target process
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1976 wrote to memory of 1032	1976	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1032 wrote to memory of 2588	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2588	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2588	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2588	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2548	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2548	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2548	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2548	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2480	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2480	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2480	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2480	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2484	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2484	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2484	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2484	1032	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 1032 wrote to memory of 2392	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 2392	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 2392	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 2392	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 2392 wrote to memory of 1760	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1760	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1760	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1760	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1352	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1352	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1352	2392	DriverDoc.exe	schtasks.exe
PID 2392 wrote to memory of 1352	2392	DriverDoc.exe	schtasks.exe
PID 1032 wrote to memory of 1248	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 1248	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 1248	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 1248	1032	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 1032 wrote to memory of 2720	1032	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1032 wrote to memory of 2720	1032	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1032 wrote to memory of 2720	1032	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1032 wrote to memory of 2720	1032	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 1248 wrote to memory of 2700	1248	DriverDoc.exe	DriverDoc.exe
PID 1248 wrote to memory of 2700	1248	DriverDoc.exe	DriverDoc.exe
PID 1248 wrote to memory of 2700	1248	DriverDoc.exe	DriverDoc.exe
PID 1248 wrote to memory of 2700	1248	DriverDoc.exe	DriverDoc.exe
PID 1248 wrote to memory of 2912	1248	DriverDoc.exe	iexplore.exe
PID 1248 wrote to memory of 2912	1248	DriverDoc.exe	iexplore.exe
PID 1248 wrote to memory of 2912	1248	DriverDoc.exe	iexplore.exe
PID 1248 wrote to memory of 2912	1248	DriverDoc.exe	iexplore.exe
PID 2912 wrote to memory of 2624	2912	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 2624	2912	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 2624	2912	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 2624	2912	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe
"C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\is-KK5U5.tmp\Setup_DriverDoc_2024.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KK5U5.tmp\Setup_DriverDoc_2024.tmp" /SL5="$40112,5549910,808448,C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1032

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverDoc.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2588

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverPro.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCSchedule.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCTray.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2484

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /INSTALL
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2392

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Schedule" /F
4⤵
PID:1760

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Monitoring" /F
4⤵
PID:1352

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /START /INSTALLED
3⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1248

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /TRAY
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2700

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.solvusoft.com/en/driverdoc/install/
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
"C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe"
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2720

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
5.1MB

MD5
1dd6096d537116344b90f0c45606ef2f

SHA1
f663b19316a7c958484ce9f373a0b1e1d75a8d04

SHA256
cab1bbf537e810fa47f74219d90c996ead0c74a6e4cb766b334cb6b88b73aa39

SHA512
5bf71c4241bafff0ee333879207ea339776b4fa834d3f46fcc8eeba5d25fdd063556162d771cf3f5bed5378baa536b8ef7d24f251cf7a0fa4261319ba0e9763a

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
3.6MB

MD5
ec9d38928630b5462c90fe4789034700

SHA1
8203e11653ff54abb2dabd9ac109950a36ea4502

SHA256
649bbbe48fc472578179eb417c4952d711f0fb2cab2339745502f1082526580f

SHA512
c19f72fcc19d4b6b6b135381109b29781eb8430e93525c06324c26d55544c53194968c3f1d6d09d4afdb7cc1a1f81da86ab06296c7b13d39cfb2d99e8514c8bd

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
152KB

MD5
8a6c5f6e6d81f057689f1c4adf659d71

SHA1
ce0410118908d613ece7518cadb1e70ca91b415a

SHA256
e6180b90c044f3805e1a7d623352e749898b750b9994e68a783d7607ff30b307

SHA512
cf245bade957f8c547a1502501be6d3eea20050d88d576d6223c48d75d0e4e7fda1a4dbff56b9600933bad7dc0321f30171db90d33b007ef18b77c9bbd5252f0

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
1.2MB

MD5
bfc5fcc51f4fd2c21ae1a032a2be24c1

SHA1
8692b726c915dc1a4e2440cc87e92022feeaf0ec

SHA256
935dbf762863671bfb5e11481be9457285c71b28559e958bd27ac8cee0cc372f

SHA512
7ca20e05bdd7dd39bfe1d8c6a5421a07c20ced3e7eab57dfa0a8d3bce94c421a08437a509d466f66963a8061a827eec83e01508daa57dd003b6f3d9d6e7f0be2

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
4.1MB

MD5
ca02f83ca700de7809d4f4e597f4e9e9

SHA1
dbc9b0a3d90a0aa67ebacfae84c92e3ca38f66d0

SHA256
2e08ef78fb6224c38a519f2a376c7cd1e02bf66c0d2ec3771293f5925004d2ba

SHA512
2142c8591f52a4ac0fc48fb319ae7f01be1838faa047350bded98d6e862e9f5569a51d586a0ff2338ebe06de905883544db01fa2112d2a6996908dc1af6eb218

Download Submit
C:\Program Files (x86)\DriverDoc\English.ini
Filesize
50KB

MD5
62b54950511f95d047312e81181c9b03

SHA1
7f7f17cc93bfac4730fc43981be3bc99246d71a3

SHA256
7472f84c630e3d743845a4c5187da48c28da4a45ca05d35652684ed6cfee7b67

SHA512
fa76c8cd62c514e726181e829fcbccbc4068e15745e11a86a0ca9ea4be95cc2016f2997948fbb713e97aeb6eeb3035a724f38990c2b2905dbbe66b63a99db7f6

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini
Filesize
17KB

MD5
02af48872d5deba9bfc2cc88800829f0

SHA1
82fb890d9468f9cdb375696284b84f3e60067835

SHA256
20f27b44a72952ec23517e73290f6310e4bc92963cad45b04073a71b8ff35b69

SHA512
60355c93a4d10ef5f018e743c67dbd4d7fb79a5919d1b45b50b1cfc0341b9ea061443f8018d1941a066e1de8b2776ac7148a07b856f239c2eb2b627ba9e59403

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Danish.ini
Filesize
16KB

MD5
0a59eda69be950bf91b9eb23bb45862d

SHA1
5c9c79b0dd8f0216e6cf42c6a5f053807b0c7d74

SHA256
9fc240d6ebc064b2d702a3b1710d19cf1874b30e7dda6fc720c9da0f56d7be5b

SHA512
3e7b501e201f6c3532ac1f517b2d02cb36a62e8bbeb7de5ccd85c64782f7f3cc2bcf6ca0436cdc9667a8da51e8810dd0ad743968058681f4681135b24ff8df39

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
Filesize
17KB

MD5
f33df99453cde83d9b3ea39103594ab6

SHA1
94dab556159cc6c1007f2db7d37230305427fd27

SHA256
a56cf657e4b7d3871a006436bed7704724e24368cbe7478e8783e5268c917af2

SHA512
8891a8d8171e52dce0b9c8a7cfff6da3f09711d04b082a63a48e87140eac51117d43bc70ea63d6d6ef58d85d6e9e9cdbf7610e7f06e84e147cd1ada311cb6e3e

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini
Filesize
17KB

MD5
59bd883cb54544343baa2de36d4c0218

SHA1
c16c606d470071fefdf8a149735f0986434d7ba9

SHA256
688e8ce9f141d68122cb6534d786f04aab75b2274922485cecaa8053ce39ae5c

SHA512
a74ab9e0d904b8340d77f70441f7522b38773227a32783299f0419a4aae695bd3de6c9ec4567ec07d932d156e95bdc02eca4772887a80bd30d7b050dfdbaea3a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\English.ini
Filesize
15KB

MD5
d390660ea23f596a83f7dfac4ee68932

SHA1
65cc9586d6deaac2782007de3156e49a18d6b426

SHA256
358cdbd213fe5cce8e5ab5fc11acf783816a898dbe543baf6d6e481b0761ae50

SHA512
8c9e52c80c689dc5bca220a3011797fc6b451e114522a60d90b9b0d6d1b348fc3a7fa8cadc89b446e364b3cd33b03e535f063501e4eeea893dac0f2df6a8a6b2

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini
Filesize
17KB

MD5
a92bc4a2c584191023bf50d2cb3cc668

SHA1
061f2e55938d0b19e73351eaaf5599cb9d3a7903

SHA256
e3561a15613aec70d1402619534abb55d97d46c860acbbd8961fdb0efc4bc0d8

SHA512
3ba93147052a2e500db77c8b5f32427b1abd7747a73ff10ae4f31d8ccbb4bfe0af6bffd7ffe274deb4b6a6c4d968855950c3ee9d193c8f48de97436f1ec14457

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\French.ini
Filesize
18KB

MD5
5174d17d94e389fce83ff0a113c28ef4

SHA1
3fb12b5657f6dbb28065a43a8e0c570eaf524810

SHA256
c41e34a265a2ac9cc02674cac6a5a5012ddb03bdb16c352a2ae6cde01a6dc68b

SHA512
69846e820720fd96e58016cf590e30343db66850273fbcf54b8e1745b1e48d7a6bc4a72145c126dcab13970e97d2d48775aadaf74437cd8e7a405d5ac93d2bec

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\German.ini
Filesize
18KB

MD5
a5e4aa95969239c7e4936b4eebaa604e

SHA1
d03606c38ae625d3d503107b8e5cb546e113c027

SHA256
d3ea43b89d5e39e1592060a7bc5010b072e73d6f85a5e0694571ed6cdb8c27d8

SHA512
58b5d47831a6d3ba034605e5974fd7bc0119db422a9a3bf6d321f723b6f15fd9b97a68e78c64e4a832a83eee7542a160c475ace57d4c3a02343b3125726355bc

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Italian.ini
Filesize
17KB

MD5
06a02f50a5741a2a20b2b98fecd46dfa

SHA1
f635b9c2b6626e4ba65a10e73fdbc8f628a688ec

SHA256
934dda48df532932f3a02595077990a4760dc384709ac237f7992349b914a263

SHA512
e3d047f1b2bc39051bda3b6e433ab7b39e9d36e5d9b5c2a8aa7b39ffc4879250cad2af33c87640c0c51dc112896f79be943e4cf5a1964af5eafdad6169d4c4e0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini
Filesize
21KB

MD5
80ee1595ea4b78a633430d6dce4b6840

SHA1
1e6274c9aaaf1e75fe8a64de0d35bcda8a4f4d98

SHA256
27eae11963fd42680f7c2caec95d79a81279db759d385582551e23486761ff51

SHA512
e3e897967ce1dd5e08adfe1b2f3f662e22da4e09d60d2a1b3be127c0bbdab74fd5f16a3788086c9960c736d2e58170100159640ca294581491f5618062ee76cd

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Korean.ini
Filesize
17KB

MD5
f197bde18fb1755640af0fa7eec6fd8a

SHA1
ef197b1c84f46285cd629974831968bdf1224564

SHA256
11eb6f73cdb528cc0d4d1f135410e85495003729db64c2ad25a54148dd1eb0dc

SHA512
dfdf182ae97812bbc41abd13525d430f84b7217dd1c2330626290654696fb39595db0d74e7d6ae2ff038736b3982cf39d4760068cc0a189781fd04b3fc5d214a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini
Filesize
16KB

MD5
47b35d4d7694c3a0bada72e18a3e15ac

SHA1
f1fb17aaa572af538164f1464c5ff8ff9de00d3a

SHA256
dd8d548438fc630845f70ad67c913867f7cf146a80c5c89e889bd51787399ee2

SHA512
8c8b604f206b69d8e7d6695eb0d9ac900f05fe7f71739bad378e43da9d0e0a7f1dd2ad00498c61020fec16b1b44212ae20633f88aeb0228670a8aa826a4d3703

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Polish.ini
Filesize
17KB

MD5
7a73ac61ed3448ddb3f052e41952e5fb

SHA1
6e952588f49effb8ede01bb4de7e9cf8c5cf70f8

SHA256
b4b62ad89631fa8fed74410d0015862311204fc9f451827c6ef7023b788f0ec0

SHA512
e3e022b7adbde1f01358a19f2c78257d9437c375468b70ab98bc0f268e09fa9013af2535c88e5ae7c9aa048a5781d70af64279a37661aaf2b0dfd0f84652e810

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini
Filesize
17KB

MD5
73c3b30e115ef2593ed4ffdf84be90d1

SHA1
3a4e5cdecd57b091f7cc9617d4b9e860570a661f

SHA256
c0c274687a5b4869c07de711d324ae0b2606a212b49a334fb3416f7cd263f24c

SHA512
977517c9cd517a6faa4df6adf172450f78972a5da75df24dcb12323d4d91667a62396af71ccc032e55bd6037dc8f08e4efcb094d0782c409323ee95fbb5b8281

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Russian.ini
Filesize
25KB

MD5
70b5e745cf4595e2b3a8e7f61b448f3a

SHA1
004a01cbceaa37e388b345fd38776ff877555027

SHA256
6ab579a04d61c05326537a1afb2411c9345879b20eb533f890a3d8523c98a738

SHA512
c588ac29b4be43b70a388724a1ab2310d0400fe46f3af45d89dfb940e19116e3c5cfd818cc0b4e51c08d366b89289261aad9ab6275a16c2715ed407a23037f40

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Settings.ini
Filesize
73B

MD5
4dfd24933bec370032a0fde1452d9b14

SHA1
f3c3bc92eabe67c9072a0a29968322adad9489c2

SHA256
035c7dd8eef04f652d7d7b6b28c27ddb0b867502d088c1cba12319b5718fb1b6

SHA512
85ccd0c6cf38ee620b0a4a2289c4161fcb01fcd3546e1cf3ebfe83a087133972661e8b3854db5643caaadded1fcb3d621141a8f39490866d21b53b947f42d97f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini
Filesize
17KB

MD5
b81f346eb46ae2277d47182a310b1e38

SHA1
6216d3bb328135f09f12551bd6f418d3b431b8bd

SHA256
7f00de121cc37d3c6e2a398081ec3cff05e5d0cb1de869a1d569fd80d5d73469

SHA512
8e68891ebd5ea623c128a7ce99321aa9d630c7e6b5952a45febd8241795bb0d4e74bc2f1546bc3d450edfc7837f126a527bdff126d3099fe83a38429d9455be3

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini
Filesize
16KB

MD5
30d812019a9028bdc7f03ed26d85c3b8

SHA1
182721e4cf6e5c05113cee8ca4f17424794a8754

SHA256
798276387e105887b553cf98b7d8a0fc5323f9b80d79d59c1aadcd9827de6dbe

SHA512
adba76b9c030a744812809710d7696dd146a59974b92c224c9c0a4016777ebac916aeadae836b741bb0696d05920a13d4b5a04c7249f34f847f47a418d8d2fb0

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
450940c501e331a9044408912e07e7bd

SHA1
14a2e26aa2dd0c2e85f60f8a83b7c46776b13aed

SHA256
123a02cd30b693d3c47c576e4957db194382fda830e83a6f0b4fd2d7119bfe81

SHA512
5830cc08884a5c699aa97987ae6eccaaced3a1aa5169d6237c4dbe53574b664c6a299acb472620418c4191843eaabb2adb6dedc5d45327a3ed80d39e090336ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b4fa2de0b309bbeded32887afe922ce6

SHA1
4e9a3fc3cbc0a0c65c78b6a08f72f5b8ae331b8c

SHA256
4f3c1ae5bdeafb8f1b0e7dff9aaae2cd320775608f8588ef47f1315fbac0512e

SHA512
1a92634e4de8621cadf2dd9a63b544fa3851dc0820c38c24d63a3fedc4062ef211033410a7421bb1c54d5dbb610b7c15358541ecd1d7f808876f9491d76d468f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a346a4be942bdc79104fb3d8f1662e52

SHA1
3edfc3d2f2a3d17791e315c353c4d37a18586a41

SHA256
21c5dc1606c839e4dda6a413f95b0a0295feab91dfe1cf443c6d4d642229db87

SHA512
363981a774731abda951852e0a71cbd4394c01fb3f3929eeb650e6d40b40677a792fa46a52145351d26e15112b0c4fbc8f59c94e17657851f4960d095c8d09ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
85d4647fa1f55e09c12f84fe71784703

SHA1
6f9a1fcce4a86b545e0ca3b720294c2a0afd64c4

SHA256
481cd818493a67467a4b934d518b7a8d08139350b4ecb37f0bb48d95206d4865

SHA512
bf5f8ee613af0d79331d45c5e4d408d0234b336fa6bdf92011faa416c50ddbd5f0c75b20b3e1a73ff010a937e81cb9a7b54fb0b05a572dfa0f36579c3f4ebb60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
23e7ee1c269e704308644e2bc3133ece

SHA1
a3755967fde8debc1e95e42356b4df3429ba2e3c

SHA256
12ea529b91febf16095d7f539795bf076a6460540b130f260fe7ebe731385656

SHA512
005131b4afe83a08bf6190a941c4b6f3269505b4c45ab4f801d352dbc7ae68bd91d03f258bcad409420f9812799cff19529698e41aa3ada26f88f3544e45fe98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a007f7636e9ac477e0a3fe21c88ed10e

SHA1
545480e3a3a997b67ced51b9206a0764049853e5

SHA256
41b1dd981e0f012b50a98bc6450cef2902d65c3b80e7f388bff8947041e59b7f

SHA512
c2afc0c5f58fd1c75a2b7ac04558e2ad49e2faada0198c29f62d7a5c18cf3472d215d269fafeda4509e8c277555eccaea312634687d1b98a10d121010a988c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3248810dbb168d268fc835e811c44788

SHA1
b623e2c99137df1ad5c2a8fb0a72a44799e526b3

SHA256
63a55be8e5f8bc39fe205835dbe188215e230f5e260bb8cf4f388e59d8a341ba

SHA512
3904563d20df85e49f3f943fa8937e6c784cb48ba956f776d32b1a102f39008bc6b58a4d76b9bac6191745afbd7622d7d9fd8a95cafc2e7f8c5ce641617951c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5a580c70daa83108ed6ba91011f1ee87

SHA1
dea99764c906db0ac56df0a6b5c8e49138c09cb6

SHA256
be72c0735a590d4d6c720e28bc2c90e563bb03572ff9440568f427a9a61ebf66

SHA512
ec38a0b090c0881d2e171a98636cf6374d4dcba8a658de2deb5f4d0066e31c6a32c44bbc55cdeae36c0d1ba241d49273e13b5afc3fa040cb74017e9a667c452d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0410f156a4f8e104bf3c334a7cfc7e62

SHA1
feb0ff8feb54294007655946ea2f28f9cbcfaaa8

SHA256
82583e1559bad696c3caf8f814721e1864af8c11652ef5cbd65b635a13d7839e

SHA512
b33618d303d6d241458d77163e270dd749184db5cc4514329f99093a69ea2ebb86289f7090d1b0f0be36b6687e9af0764c58f1ae8c70c178f37e84c6b0011745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ac46de52c6a19fb313e7da05df62243a

SHA1
72d2229a03a1496f9e9c31c939ad4dd9e3cc8813

SHA256
806120cb78f8b697b8c7c9aac83fbb622520aebcbda758c30411f97530df352c

SHA512
bb307a2e0e2e1340a26a52bba96c96a4973180535ed04f0434d99516cb0874484c37368326f70271e9c806de894afc2ce0ea592a0bca3bd2429b34191eb65a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6ca978327e3ca771b15d7560e69770fc

SHA1
0a8fca9c4ced9ba524a94889383e4fcdb5cf7a04

SHA256
ea1f2821bfea88aadd3ba4eb2cdf722334f89eb0c9b29b550331064e7ee528d9

SHA512
355d40c1e477bcde0f71bdc3a207b417925a24db7d661fa4d42b323dada54a08e4a4980467e98e476be7a4e8401526431e30661fb8ca23c893b00f3668c7efb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
93ba52490ce0ce51e48ad4985da6e941

SHA1
7d30a4abf6ac54822e1a42d6d03db61416a10332

SHA256
7b6f57c9a0618dca74ff848f5a12bb1512a641612ae3652d26f3f32ccaf6d48a

SHA512
be7d9a0850b3157357ffbe6e4a3422cdc003400b63d2c91a64f9b2b953dc98bab9ffa926d7260b39c68a6df81b69e1d7b12054799a8eab7ecbd6b4146117ca34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3fdf864ad4858e5d7c0a4aba4e8e73ff

SHA1
d88bb3f5d7211ce84d2c55d94684a74c73e71eba

SHA256
837e27313e4c96d172b8b0718eceeccbf1e18ad93b640f7e8cc5f623156ea2d0

SHA512
006045429435e6bd7f012136eaf4b8e8ce54be3148b37442a576b2eef6851cb76e91d60be4610e284f023457040e22c50f10b9b2ffaac06e63225f04bb13326a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
97c6b6f10454189b3e2da88ba5e93bf7

SHA1
f658cc3aba9a084944c617e13f48329dc52683b5

SHA256
620b20d788599ec0f49be1b83f81cc245a5146d6a3bbc1249e31a1f433ab6a98

SHA512
1103553863666a2f7b7f0f9cc1a2eeb93046e179367e20f28a8bb9b4cd924a6a31e0e9bbc348e091c053cf94c4d3bedb3845d242746de07dcfc6cedad33ec68e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2917d4f20b3e771d682f32f34bc88991

SHA1
62596f69213ba6155169e8bac95a6f51dec6e35b

SHA256
b20e4a94534551587a5a826722a004288ad4c3737270752ee8a0745d6598ecc6

SHA512
2b0ced567acb369352a98383979375ed11adfb0975bd37287c24f91f48b9ddb8a852924b61e6368188ab770abc63ff9e347a793223e7ff894a058625d29d1987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ad27dd278d6f800e0b94b1d371ddb8e6

SHA1
03e2932a7ae9e5d891c71cd1943e18e868ff84be

SHA256
11deb82a57b97ff455d78e6df535cd4e82dbb6e00a1cd5e89269692bd313e294

SHA512
3e3172387beb613df4bdf2b7d688b3334c3b5ec936d98431afb401a534db6ba43ff8089dba5f95e78a7f1c6be2d275761b86beb663e9802a7ab84db8ea3dd4cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5721d437d9265f63ca1edf340411b8b8

SHA1
dfb431238e11fcb5f9df726daadc9e6a1103629b

SHA256
10ecf448fdeb9a7cdc0ac2f237eabaf565dd14925ef16aaba583f5aea169fd14

SHA512
6400f1e67143d8597513f24ff1dd892342f4077918456b41409fde140610ae02ba193424d16447e9bad7bd539bd1a9e677243d5ee24ed6cad442dbeeaa262913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a326a9168ef8938b43313851d572db8f

SHA1
025daed4c40d6d77344982276d85d111ed8ca0df

SHA256
1ff1a7d4cf3c415689dc81129e277c132ec0053e89698e534a3b276214a0405c

SHA512
776c95dad484e7b19abc64cd35d19f8e6c544a69b8db9689d4ef6447b1713a10200959115f75d4c5e69d0e58712e7faf117e24fbc07774badf1f75b537be7bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
46fa8164740882d51079689746b98291

SHA1
9594ee153ad46dfb4461b269c453340a48403813

SHA256
ca2bf06cbf83368db9b27af23909c705d24b0f3f4036d51147ec9f6c64c585b9

SHA512
dbaa9d3681f12d707cdd4d30d1a95864b8f3de817dc99f221aad34cbb70b43a445a0f2022447790cd371f5ea9b118c46f5f0f5c110de276772df97aee4dbfebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8cbbbecbaf9830d3ba03dbba7726f90

SHA1
f21da1cf5883bf27b37dc4fc28694563aff89557

SHA256
55da6e6a597923000d92a168c51f10a4ae6b1235ca986d8b1b646cc3d34069aa

SHA512
aaffea751ac3c59e2fd0095c3afd5336106928db5a7438d051fcb61fba6fb88cd52006608cadbd2e6a53aefbc6090899a704836939be59ff14a9d95697638685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TZJIL6NF\www.solvusoft[1].xml
Filesize
145B

MD5
980705a38ba435c193982594d650c145

SHA1
e6b15563e7e5d52f999690e9edb050d6f795d450

SHA256
4de2e41a05b16c2a528266bbea061e22a97bb409cbc56a563c4eca9e27702f4a

SHA512
0137ab9027abc18d1b446bf7859824954bba485d7610fe99290bfb2a3619c46b38d5fe5c92a75f5193687f4a4e4086b1fc034b12ec85d4b59ecf220dd2b205c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
Filesize
1KB

MD5
360702de492bd55a6343df045f19ba5d

SHA1
d8eca5f9c9369bffa65677e47bfd38ef5328cb31

SHA256
35ab9eb35dff463f7216a6f78501d0dfdb5ca045dd0262805775ca8d1dad434c

SHA512
56a0983cf59b9a8474a3e60012442a6c7ba5ac54ef8cefae558d1a3e77b1c71129d269a1acb2ebfe12d82bfee9ae42603ec8170a9bdb2fea2f76c59f311635ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\favicon[1].ico
Filesize
1KB

MD5
3b1838e50f36c4d1d9e140ef2447b904

SHA1
87069e2a3cd8976e3989cb8ba0beb455b83a3dad

SHA256
efc434422806534c8364743f5cf71bf6919d742758d10cf57fd6c8c68c824c57

SHA512
51787de2791c760247296b8afdac9ae030d776805aa6a2f6640bf46eb59da67eaceb82c7cd2e972f468cbcca7a044ac7b9fa4a7b686d59412427cfbbdf6477f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42AD.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4FFD.tmp
Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
Filesize
3KB

MD5
cc77c523d70ecbe1bcc7d7007b361ee3

SHA1
fd31a8297561ac2a2581bb6602669b143a0cb495

SHA256
b25d0ac1ec77539a0c7fa675d15c0ab18f0ff4f424765187688e4f0c6b5fee8d

SHA512
bc581f6d062686d7b74f9b54bc5bf34eca10e13f13134db9b3734a576308835f3c0e41ba2716003e9ec7f9275586de6febe5854d1a95637adf38231fb139cfa3

Download Submit
C:\Users\Admin\AppData\Roaming\DriverDoc\program.log
Filesize
2KB

MD5
b858354c60af4a8f1e833ff6415148f3

SHA1
a0ff2f8a35f11e927587383cd842ef3436164559

SHA256
9b8c6ab9b7a80bbc938ff6b7f1ad3d986f302f5d503f3dce1db61c191e781ad2

SHA512
45bee801dd0781550f42d8148461a4fab063e57e11e1d93bf6a958e408588d127179c0ba14849d74e330eea2dcc338d9e1caf2e061cbfde270534c3cb970f69a

Download Submit
\Program Files (x86)\DriverDoc\7z.dll
Filesize
991KB

MD5
eeb340cd0317612256596870fdad903f

SHA1
c4cd2abe134b3d5e043593dd88c7d61d6d53e417

SHA256
aecadb80ac6e9bfdf585933d5bf3741a130206df61324cccbf613a31101a3d54

SHA512
a4c03aeada2f9f0b333db50bdf42612eef742b6f26eb39749aebe9d504f47aef4d3e098f49b04cfd10a2c2fb73a7bbb1b53bfd098e4e6ccdd9ce8a9e56554c9e

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
5.9MB

MD5
af19ae590ccecd0504f7c92c10678131

SHA1
fd016ba2fcab51484c1f13a8e86f583c5183effd

SHA256
b462bdb6bb1668ce4f1bda0aa96c32d70fbab5ba1d04bcb63d12046c060d167a

SHA512
8eacc0e0619ddd2a4109242ea6044d085244a07475fc1f977b75d8b6e734df3735480b56881316ffcad17f4342cab580ba7fa638767716e400fa9fcd302f0800

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
5.4MB

MD5
d788e8925465be6d081d2a85d3953004

SHA1
85e4df34f9b183d018d173580f8b95a0bc9bd97d

SHA256
daab301d2bc44799cdf7a5bed9152a414e5456ce2d0218511bbce8c6ce27e54f

SHA512
093950f7522c48940cf1307e06e3ee848fd5648205f4798848804390b819e1713c141a59ff983387a8cbe90d8f137758aabdf5299825e85ca50709288a930977

Download Submit
\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
527KB

MD5
9825a9e5f9b484aeb4188bb2b86072ff

SHA1
7d5a489c8456035752842482a00eaa2ed2a597f4

SHA256
64eca717f34b30af053cb62fedeebbf7e76af774c797cfde2f003c2c40de25ab

SHA512
4b883ff01aaaebbd8b945aa506b7f3cec053286464cefda38c68acb4340e5a577b8173721ef69f7d43365c910d3834606477c4fd933147592fbcdceb4207ac2d

Download Submit
\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
Filesize
152KB

MD5
a40ece6d28e1faa334835fd3eb9b284a

SHA1
be4b3e5456a6e0bf65151c4bd82a7c1661e796d8

SHA256
205d9cacdc41a6f522c31a96f18878db69810919f88940ebcb327f3e9622b092

SHA512
76a040aaf38eb4bf7f73b8a0643221b2376c2ae451d4cf481228b2e71a981114ab394b548d7166100adfc0190520bb4c27fcd42e4abbff7d5d2724aa50c49470

Download Submit
\Program Files (x86)\DriverDoc\Extra\sqlite3.dll
Filesize
8KB

MD5
b096e344765e19bb4ebd3fe57fc613cb

SHA1
feaa5fb13df430e81435e36d5169d2aa78d13ee1

SHA256
a456a0ee1d82e2567cb6fe66016fe53e9165d050d282ca46d30c48d58f6e4c19

SHA512
ec76b6b404cbb46a052f53abbd47bcff124418a3d4a597a0ef299878c6748dd3ab86661e6bfc868399c8282bc5f981d5fc4e85d82cd48581a4fde103c8a3d393

Download Submit
\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
182KB

MD5
3c63cedd2bbb184fb3aaf043d80139c9

SHA1
ace8ea510ddee988f5a3dd0c5248669740047f08

SHA256
1027cf38e087ac4df8e36fad1b923b61fdf018cff16293b0e223b6eede76d95c

SHA512
839965521198471182d555099f054e371081e87a01cf70f6a0e8780cb662d4ede64232ca4ea8350ef00168170dccf84a2edc9d5b84cf752eebadf41aebb166ba

Download Submit
\Program Files (x86)\DriverDoc\unins000.exe
Filesize
3.0MB

MD5
c36b429c5d3ea4ef2492287b068213b4

SHA1
a05ce35586d1fbced550bba9b9c2bd8f919ab0f2

SHA256
07959a6c60ef0b3e61a79d70e53d579647e0fa4628a83ce3078bd205f27530e5

SHA512
32fd40425682617549e1ecf61c7981e754dbdb8291578b1c4088393e8b57aabb813602c473750c6c78cb4974989a9d549529d3f12019ebc995c5cc4d9d53d277

Download Submit
\Users\Admin\AppData\Local\Temp\is-KK5U5.tmp\Setup_DriverDoc_2024.tmp
Filesize
3.0MB

MD5
10769b81758f0da3ae536dd80f68859b

SHA1
0a877c88a82e463b7c2f0b27441c4da638b744fe

SHA256
8163ed7f98f3d07ef9bd9bf25b530bde0c834b9645bdd394f57a3f74397bb6b4

SHA512
bfde093fa0297d9eb408db6b95ae2d453508a434ab569bf6354d86ee831e00a9a261ef1079705bfe3ec8d75819a77970f6a2f4dc34077373438c944f3cb5dd5f

Download Submit
memory/1032-259-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1032-77-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1032-238-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1032-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1032-93-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1976-297-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1976-1-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1976-28-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2392-244-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2392-239-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2392-243-0x0000000001190000-0x000000000194B000-memory.dmp

Filesize
7.7MB

Download
memory/2720-300-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2720-260-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2720-299-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download