c30cf082a0d8e95d41a9b725501774dcd456aef8477a434528e74963ca9f5273

Analysis

max time kernel
88s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

entry001/Setup_DriverDoc_2024.exe
Size

6.2MB
MD5

dc46c709b10bf7bcac28dd7e80a94091
SHA1

7240476f0e1a1fdc1555e220bfe557d92078e2ce
SHA256

02c87a31bee95e1cf1aa35b0064d7128cfdd2c685590742c20d5dfeec12252fe
SHA512

f718a51654b07a2d8af649c4a95b55e93779c2ecec2521557622d7d7329970973a8d708e4beb6054aa89c7462e5a8d5be1e61fce3c9798830c6ecf3884cc2194
SSDEEP

98304:VkL25WZ2OKYMCwTDEULxHwpNa17GGcnkxFvq3cIM0mHKf/oN:2256AYcTDdLJwpNMGtnkxFvqxGKXc

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

DriverDoc.exeSetup_DriverDoc_2024.tmpDriverDoc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	DriverDoc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	Setup_DriverDoc_2024.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	DriverDoc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverPro.exe

description	ioc	process
File created	C:\Program Files (x86)\DriverDoc\is-LNNA3.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Russian.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Swedish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-0CGL5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-3JTAT.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Brazilian.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-UFQ7D.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-3AE7N.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Norwegian.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\sqlite3.dll	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Danish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-9P014.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Portuguese.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-O47I5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-AOD7C.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Danish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-KLGSA.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Polish.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Dutch.chm	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\German.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-V7G9L.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-NIICM.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\7z.dll	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-RCVJ5.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-E4QNO.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-M23J9.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-53V3P.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-8G8E1.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-8CR2Q.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-TGOCU.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-LO345.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-UGGHE.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-JTUSE.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Finnish.chm	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-RKDGP.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-TTSPE.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-KTN4L.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-92347.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-Q4HFQ.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-T1HED.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini	DriverPro.exe
File created	C:\Program Files (x86)\DriverDoc\is-B7RPI.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-CNK98.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\stub64.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-94E1A.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-LQU91.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Italian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-3ITET.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-SMJAF.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-JLRJC.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-GS8B9.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\unins000.dat	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-3MGPP.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-BUTVK.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\DriverDoc.exe	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\Extra\is-BM5PJ.tmp	Setup_DriverDoc_2024.tmp
File created	C:\Program Files (x86)\DriverDoc\is-M3PMV.tmp	Setup_DriverDoc_2024.tmp
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\English.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\DriverDoc\Extra\Korean.ini	DriverPro.exe

Executes dropped EXE 5 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid process

4764 Setup_DriverDoc_2024.tmp
4960 DriverDoc.exe
3856 DriverDoc.exe
2128 DriverPro.exe
3256 DriverDoc.exe
Loads dropped DLL 4 IoCs

Processes:

DriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exe

pid process

4960 DriverDoc.exe
3856 DriverDoc.exe
2128 DriverPro.exe
3256 DriverDoc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4960	DriverDoc.exe
3856	DriverDoc.exe
2128	DriverPro.exe
3256	DriverDoc.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

DriverDoc.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	DriverDoc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	DriverDoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	DriverDoc.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

4416 taskkill.exe
1004 taskkill.exe
1412 taskkill.exe
5112 taskkill.exe

pid	process
4416	taskkill.exe
1004	taskkill.exe
1412	taskkill.exe
5112	taskkill.exe

Modifies registry class 19 IoCs

Processes:

Setup_DriverDoc_2024.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\shell\open\command	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted\DefaultIcon	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\DriverDoc.exe\SupportedTypes	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe\SupportedTypes\.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.DOC_encrypted\OpenWithProgids\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\DriverDoc\\DriverDoc.exe,0"	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\DriverDoc\\Extra\\DriverPro.exe\" \"%1\""	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\DriverDoc.exe	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.DOC_encrypted\OpenWithProgids	Setup_DriverDoc_2024.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\DriverDoc.DOC_encrypted	Setup_DriverDoc_2024.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DriverDoc.DOC_encrypted\ = "DriverDoc Protected File"	Setup_DriverDoc_2024.tmp

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

Setup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exeDriverPro.exeDriverDoc.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4764	Setup_DriverDoc_2024.tmp
4764	Setup_DriverDoc_2024.tmp
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
4960	DriverDoc.exe
3856	DriverDoc.exe
3856	DriverDoc.exe
2128	DriverPro.exe
2128	DriverPro.exe
3256	DriverDoc.exe
3256	DriverDoc.exe
2648	msedge.exe
2648	msedge.exe
5052	msedge.exe
5052	msedge.exe
5816	identity_helper.exe
5816	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

5052 msedge.exe
5052 msedge.exe
5052 msedge.exe
5052 msedge.exe
5052 msedge.exe
5052 msedge.exe
5052 msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exeDriverDoc.exeDriverDoc.exeDriverDoc.exe

description	pid	process
Token: SeDebugPrivilege	4416	taskkill.exe
Token: SeDebugPrivilege	1004	taskkill.exe
Token: SeDebugPrivilege	1412	taskkill.exe
Token: SeDebugPrivilege	5112	taskkill.exe
Token: SeDebugPrivilege	4960	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	4960	DriverDoc.exe
Token: SeImpersonatePrivilege	4960	DriverDoc.exe
Token: SeLoadDriverPrivilege	4960	DriverDoc.exe
Token: SeDebugPrivilege	3856	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	3856	DriverDoc.exe
Token: SeImpersonatePrivilege	3856	DriverDoc.exe
Token: SeLoadDriverPrivilege	3856	DriverDoc.exe
Token: SeDebugPrivilege	3256	DriverDoc.exe
Token: SeIncreaseQuotaPrivilege	3256	DriverDoc.exe
Token: SeImpersonatePrivilege	3256	DriverDoc.exe
Token: SeLoadDriverPrivilege	3256	DriverDoc.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

Setup_DriverDoc_2024.tmpmsedge.exeDriverDoc.exe

pid	process
4764	Setup_DriverDoc_2024.tmp
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
3256	DriverDoc.exe
3256	DriverDoc.exe
3256	DriverDoc.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exeDriverDoc.exe

pid	process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
3256	DriverDoc.exe
3256	DriverDoc.exe
3256	DriverDoc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup_DriverDoc_2024.exeSetup_DriverDoc_2024.tmpDriverDoc.exeDriverDoc.exemsedge.exe

description	pid	process	target process
PID 1140 wrote to memory of 4764	1140	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1140 wrote to memory of 4764	1140	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 1140 wrote to memory of 4764	1140	Setup_DriverDoc_2024.exe	Setup_DriverDoc_2024.tmp
PID 4764 wrote to memory of 4416	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 4416	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 4416	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1004	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1004	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1004	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1412	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1412	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 1412	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 5112	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 5112	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 5112	4764	Setup_DriverDoc_2024.tmp	taskkill.exe
PID 4764 wrote to memory of 4960	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4764 wrote to memory of 4960	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4764 wrote to memory of 4960	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4960 wrote to memory of 5076	4960	DriverDoc.exe	schtasks.exe
PID 4960 wrote to memory of 5076	4960	DriverDoc.exe	schtasks.exe
PID 4960 wrote to memory of 5076	4960	DriverDoc.exe	schtasks.exe
PID 4960 wrote to memory of 2648	4960	DriverDoc.exe	schtasks.exe
PID 4960 wrote to memory of 2648	4960	DriverDoc.exe	schtasks.exe
PID 4960 wrote to memory of 2648	4960	DriverDoc.exe	schtasks.exe
PID 4764 wrote to memory of 3856	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4764 wrote to memory of 3856	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4764 wrote to memory of 3856	4764	Setup_DriverDoc_2024.tmp	DriverDoc.exe
PID 4764 wrote to memory of 2128	4764	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 4764 wrote to memory of 2128	4764	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 4764 wrote to memory of 2128	4764	Setup_DriverDoc_2024.tmp	DriverPro.exe
PID 3856 wrote to memory of 3256	3856	DriverDoc.exe	DriverDoc.exe
PID 3856 wrote to memory of 3256	3856	DriverDoc.exe	DriverDoc.exe
PID 3856 wrote to memory of 3256	3856	DriverDoc.exe	DriverDoc.exe
PID 3856 wrote to memory of 5052	3856	DriverDoc.exe	msedge.exe
PID 3856 wrote to memory of 5052	3856	DriverDoc.exe	msedge.exe
PID 5052 wrote to memory of 3792	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 3792	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe
PID 5052 wrote to memory of 5076	5052	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe
"C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140

C:\Users\Admin\AppData\Local\Temp\is-MTQ6U.tmp\Setup_DriverDoc_2024.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MTQ6U.tmp\Setup_DriverDoc_2024.tmp" /SL5="$701E2,5549910,808448,C:\Users\Admin\AppData\Local\Temp\entry001\Setup_DriverDoc_2024.exe"
2⤵
- Checks computer location settings
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4764

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverDoc.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4416

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DriverPro.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1004

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCSchedule.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1412

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "DOCTray.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5112

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /INSTALL
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Schedule" /F
4⤵
PID:5076

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "DriverDoc Monitoring" /F
4⤵
PID:2648

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /START /INSTALLED
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
"C:\Program Files (x86)\DriverDoc\DriverDoc.exe" /TRAY
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/driverdoc/install/
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff983746f8,0x7fff98374708,0x7fff98374718
5⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
5⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
5⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
5⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
5⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
5⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
5⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
5⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
5⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
5⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17966650854158231248,15889412549573465915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
5⤵
PID:6116

C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
"C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe"
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
7.7MB

MD5
03d44725ba1f41fa4948d7ff6526ea48

SHA1
67a903499edda6909499ff0762a51e8e387fb8a6

SHA256
23aa5d60ce76b6379688c69507d08932a9e95e7bb5eef8114916164ada275f1c

SHA512
7d0e833367b16a63e69daddb7551eb0fb0bd120f1a9a3cd39c4e8533e24a5ac6abb4c0ce6d3c359f754f3eff792b4e7f75a9442a00246acf4872f137a41b0ebc

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
6.5MB

MD5
dba78cecd79b5a0d940cdf3fa94dd81c

SHA1
70f573d1a1a6f6c3b00584991c584b184bf85a6e

SHA256
48eb8e3de335670633b751c2da1b9a1bfb9874417cebd820a1b79bfe46439ff1

SHA512
2d2ed0a0cef80b1973d7ad23d9a9d84ce6fff0f2abac0ed6d5b75f73051858e40b3a4a952b9c23ccf3ca7301e41001e61c622a4130a99f0c6da4a697f74046a9

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
1.4MB

MD5
add4cd01fafbbe3315f53af76334edc7

SHA1
e22888b32141a6ea78a58f236211dc88b50b5e76

SHA256
01300a9e0436ce024778e2b46be329e23812e0928c2cd60bc3ba734eb26f2282

SHA512
1b3f8c9377fd97ad7e972d787bb966e134105277cdc8eb4bde99a207eef2831e6b469516abaed6d2ac69707dcc9640a9d0dda1ea6a9b32cd186e742d40c2a6f4

Download Submit
C:\Program Files (x86)\DriverDoc\DriverDoc.exe
Filesize
14KB

MD5
01dcee91e668020c7db8d35aff820896

SHA1
b730fe2fe48ed03303fd3bccb6daf2c7a8d6ea6f

SHA256
ac898b33e0609c5d30ac3ffe093649fb9cf80102f27a89c5163352e7e033318e

SHA512
c1dd52eada700237deeedf591490e5b9118d1fe3419ab5d009e4269ccbbeff62788b38fe127316427a19eef21663ece4d52f982552b8a0e5b74e563d44ed0f4a

Download Submit
C:\Program Files (x86)\DriverDoc\English.ini
Filesize
50KB

MD5
62b54950511f95d047312e81181c9b03

SHA1
7f7f17cc93bfac4730fc43981be3bc99246d71a3

SHA256
7472f84c630e3d743845a4c5187da48c28da4a45ca05d35652684ed6cfee7b67

SHA512
fa76c8cd62c514e726181e829fcbccbc4068e15745e11a86a0ca9ea4be95cc2016f2997948fbb713e97aeb6eeb3035a724f38990c2b2905dbbe66b63a99db7f6

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Brazilian.ini
Filesize
17KB

MD5
02af48872d5deba9bfc2cc88800829f0

SHA1
82fb890d9468f9cdb375696284b84f3e60067835

SHA256
20f27b44a72952ec23517e73290f6310e4bc92963cad45b04073a71b8ff35b69

SHA512
60355c93a4d10ef5f018e743c67dbd4d7fb79a5919d1b45b50b1cfc0341b9ea061443f8018d1941a066e1de8b2776ac7148a07b856f239c2eb2b627ba9e59403

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Danish.ini
Filesize
16KB

MD5
0a59eda69be950bf91b9eb23bb45862d

SHA1
5c9c79b0dd8f0216e6cf42c6a5f053807b0c7d74

SHA256
9fc240d6ebc064b2d702a3b1710d19cf1874b30e7dda6fc720c9da0f56d7be5b

SHA512
3e7b501e201f6c3532ac1f517b2d02cb36a62e8bbeb7de5ccd85c64782f7f3cc2bcf6ca0436cdc9667a8da51e8810dd0ad743968058681f4681135b24ff8df39

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\DriverPro.exe
Filesize
4.9MB

MD5
2ada6d412a93cfabdcb01e2c1ad1e7b4

SHA1
92ab53673d7e862628a44a8312b688fa03133bdf

SHA256
d88006d7b0b3c8d23cec28c1a18ea53932b8782311b89b971cde6ef974486dba

SHA512
b790338c1add0dad287643663e83a9aaa3537c03881bf41cc7da2df43dc78141b5d0dcab514ec2acd64f32dd9caedc9c204844e45974095fdb0c3c6d3489b9e0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Dutch.ini
Filesize
17KB

MD5
59bd883cb54544343baa2de36d4c0218

SHA1
c16c606d470071fefdf8a149735f0986434d7ba9

SHA256
688e8ce9f141d68122cb6534d786f04aab75b2274922485cecaa8053ce39ae5c

SHA512
a74ab9e0d904b8340d77f70441f7522b38773227a32783299f0419a4aae695bd3de6c9ec4567ec07d932d156e95bdc02eca4772887a80bd30d7b050dfdbaea3a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\English.ini
Filesize
15KB

MD5
d390660ea23f596a83f7dfac4ee68932

SHA1
65cc9586d6deaac2782007de3156e49a18d6b426

SHA256
358cdbd213fe5cce8e5ab5fc11acf783816a898dbe543baf6d6e481b0761ae50

SHA512
8c9e52c80c689dc5bca220a3011797fc6b451e114522a60d90b9b0d6d1b348fc3a7fa8cadc89b446e364b3cd33b03e535f063501e4eeea893dac0f2df6a8a6b2

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Finnish.ini
Filesize
17KB

MD5
a92bc4a2c584191023bf50d2cb3cc668

SHA1
061f2e55938d0b19e73351eaaf5599cb9d3a7903

SHA256
e3561a15613aec70d1402619534abb55d97d46c860acbbd8961fdb0efc4bc0d8

SHA512
3ba93147052a2e500db77c8b5f32427b1abd7747a73ff10ae4f31d8ccbb4bfe0af6bffd7ffe274deb4b6a6c4d968855950c3ee9d193c8f48de97436f1ec14457

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\French.ini
Filesize
18KB

MD5
5174d17d94e389fce83ff0a113c28ef4

SHA1
3fb12b5657f6dbb28065a43a8e0c570eaf524810

SHA256
c41e34a265a2ac9cc02674cac6a5a5012ddb03bdb16c352a2ae6cde01a6dc68b

SHA512
69846e820720fd96e58016cf590e30343db66850273fbcf54b8e1745b1e48d7a6bc4a72145c126dcab13970e97d2d48775aadaf74437cd8e7a405d5ac93d2bec

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\German.ini
Filesize
18KB

MD5
a5e4aa95969239c7e4936b4eebaa604e

SHA1
d03606c38ae625d3d503107b8e5cb546e113c027

SHA256
d3ea43b89d5e39e1592060a7bc5010b072e73d6f85a5e0694571ed6cdb8c27d8

SHA512
58b5d47831a6d3ba034605e5974fd7bc0119db422a9a3bf6d321f723b6f15fd9b97a68e78c64e4a832a83eee7542a160c475ace57d4c3a02343b3125726355bc

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Italian.ini
Filesize
17KB

MD5
06a02f50a5741a2a20b2b98fecd46dfa

SHA1
f635b9c2b6626e4ba65a10e73fdbc8f628a688ec

SHA256
934dda48df532932f3a02595077990a4760dc384709ac237f7992349b914a263

SHA512
e3d047f1b2bc39051bda3b6e433ab7b39e9d36e5d9b5c2a8aa7b39ffc4879250cad2af33c87640c0c51dc112896f79be943e4cf5a1964af5eafdad6169d4c4e0

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Japanese.ini
Filesize
21KB

MD5
80ee1595ea4b78a633430d6dce4b6840

SHA1
1e6274c9aaaf1e75fe8a64de0d35bcda8a4f4d98

SHA256
27eae11963fd42680f7c2caec95d79a81279db759d385582551e23486761ff51

SHA512
e3e897967ce1dd5e08adfe1b2f3f662e22da4e09d60d2a1b3be127c0bbdab74fd5f16a3788086c9960c736d2e58170100159640ca294581491f5618062ee76cd

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Korean.ini
Filesize
17KB

MD5
f197bde18fb1755640af0fa7eec6fd8a

SHA1
ef197b1c84f46285cd629974831968bdf1224564

SHA256
11eb6f73cdb528cc0d4d1f135410e85495003729db64c2ad25a54148dd1eb0dc

SHA512
dfdf182ae97812bbc41abd13525d430f84b7217dd1c2330626290654696fb39595db0d74e7d6ae2ff038736b3982cf39d4760068cc0a189781fd04b3fc5d214a

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Norwegian.ini
Filesize
16KB

MD5
47b35d4d7694c3a0bada72e18a3e15ac

SHA1
f1fb17aaa572af538164f1464c5ff8ff9de00d3a

SHA256
dd8d548438fc630845f70ad67c913867f7cf146a80c5c89e889bd51787399ee2

SHA512
8c8b604f206b69d8e7d6695eb0d9ac900f05fe7f71739bad378e43da9d0e0a7f1dd2ad00498c61020fec16b1b44212ae20633f88aeb0228670a8aa826a4d3703

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Polish.ini
Filesize
17KB

MD5
7a73ac61ed3448ddb3f052e41952e5fb

SHA1
6e952588f49effb8ede01bb4de7e9cf8c5cf70f8

SHA256
b4b62ad89631fa8fed74410d0015862311204fc9f451827c6ef7023b788f0ec0

SHA512
e3e022b7adbde1f01358a19f2c78257d9437c375468b70ab98bc0f268e09fa9013af2535c88e5ae7c9aa048a5781d70af64279a37661aaf2b0dfd0f84652e810

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Portuguese.ini
Filesize
17KB

MD5
73c3b30e115ef2593ed4ffdf84be90d1

SHA1
3a4e5cdecd57b091f7cc9617d4b9e860570a661f

SHA256
c0c274687a5b4869c07de711d324ae0b2606a212b49a334fb3416f7cd263f24c

SHA512
977517c9cd517a6faa4df6adf172450f78972a5da75df24dcb12323d4d91667a62396af71ccc032e55bd6037dc8f08e4efcb094d0782c409323ee95fbb5b8281

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Russian.ini
Filesize
25KB

MD5
70b5e745cf4595e2b3a8e7f61b448f3a

SHA1
004a01cbceaa37e388b345fd38776ff877555027

SHA256
6ab579a04d61c05326537a1afb2411c9345879b20eb533f890a3d8523c98a738

SHA512
c588ac29b4be43b70a388724a1ab2310d0400fe46f3af45d89dfb940e19116e3c5cfd818cc0b4e51c08d366b89289261aad9ab6275a16c2715ed407a23037f40

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Settings.ini
Filesize
73B

MD5
4dfd24933bec370032a0fde1452d9b14

SHA1
f3c3bc92eabe67c9072a0a29968322adad9489c2

SHA256
035c7dd8eef04f652d7d7b6b28c27ddb0b867502d088c1cba12319b5718fb1b6

SHA512
85ccd0c6cf38ee620b0a4a2289c4161fcb01fcd3546e1cf3ebfe83a087133972661e8b3854db5643caaadded1fcb3d621141a8f39490866d21b53b947f42d97f

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Spanish.ini
Filesize
17KB

MD5
b81f346eb46ae2277d47182a310b1e38

SHA1
6216d3bb328135f09f12551bd6f418d3b431b8bd

SHA256
7f00de121cc37d3c6e2a398081ec3cff05e5d0cb1de869a1d569fd80d5d73469

SHA512
8e68891ebd5ea623c128a7ce99321aa9d630c7e6b5952a45febd8241795bb0d4e74bc2f1546bc3d450edfc7837f126a527bdff126d3099fe83a38429d9455be3

Download Submit
C:\Program Files (x86)\DriverDoc\Extra\Swedish.ini
Filesize
16KB

MD5
30d812019a9028bdc7f03ed26d85c3b8

SHA1
182721e4cf6e5c05113cee8ca4f17424794a8754

SHA256
798276387e105887b553cf98b7d8a0fc5323f9b80d79d59c1aadcd9827de6dbe

SHA512
adba76b9c030a744812809710d7696dd146a59974b92c224c9c0a4016777ebac916aeadae836b741bb0696d05920a13d4b5a04c7249f34f847f47a418d8d2fb0

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
Filesize
633KB

MD5
094c675f4e0bfb27c2e77457cbcd9cc7

SHA1
9026248bd7802de39282653b0f56d68edfef30a1

SHA256
d3dd110c4d330332a37f06268013e4595705981bc74e577f946485416651b83b

SHA512
f1730b831df2805e10d78dc984e6e877e437de57cd20488ebfe48f92db8ced1889c369e70d17aee5eb366aa2c7baa14d426cf6c30324b527fa303b1bfccfe0a7

Download Submit
C:\Program Files (x86)\DriverDoc\sqlite3.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
2e07fa7ec41e1cdcc207cc9389a11c6f

SHA1
0efb1392b54f4891e66aa2a1e3d1c1e883aa9a9d

SHA256
ad58f0ee1103eac1b918ce0f6734a764eda86eb35270fcdab8ea28ad5e9ad068

SHA512
c7f51f603b43eef846dabfa3962f4016c1d4b0d4158a958ac3ed2d1f246133402f66a46d73f077d69e18307409832dcde172bf4863cf207b90896c61f0de09ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a3619897e10b0148ce8d1b5a75813982

SHA1
6e3e57a6cdeb04d62baa89f86f4fb887b13d53c5

SHA256
7a135ac37400942f888c8c691bdd68c7e1bf0729539adbf3fa2f820a2be1d0c4

SHA512
f6bdb9a9e43689b26ff89ed746aaeae80dc47501a62383b7a45b5ada7f83806b17189ced877f80f7d3992621999ccc0e5b4308f93f45cfc5afd4b10ce317a251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8300032c2adf26f42be9d49240a5dbeb

SHA1
5ef45feef9e0ba0953005828b21abe2e4d34b8f8

SHA256
72912427a948a5857798b73194fbbe903e401a4b0d5c6373a99a86ec35e478fc

SHA512
95f756f33b6c11317acbe0c8173235baa74bb99ed5cbdb45c115a127d8144baf1584891ff86973bb3d7d47d1d2cdbf74229a9f034d005ed21f60765fe91a04ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ebb99498e1590a7e26b27184fbc3c6d9

SHA1
e92cd97de3fe92447f395ca30dcc85a4a6bf5874

SHA256
91c1a9b5cb3cd7e934918cba438f9ea8f54d6954a7b7734e74684f6f1a1f43ff

SHA512
b6d7d8eff25f9d2d25e2752bdfec1d700de2bcf02c95d4d2aebedd7856332eba4f24d63401c942f9142647d9698bd58fb20cb6b647d37588a0e8601c8254a1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MTQ6U.tmp\Setup_DriverDoc_2024.tmp
Filesize
3.0MB

MD5
10769b81758f0da3ae536dd80f68859b

SHA1
0a877c88a82e463b7c2f0b27441c4da638b744fe

SHA256
8163ed7f98f3d07ef9bd9bf25b530bde0c834b9645bdd394f57a3f74397bb6b4

SHA512
bfde093fa0297d9eb408db6b95ae2d453508a434ab569bf6354d86ee831e00a9a261ef1079705bfe3ec8d75819a77970f6a2f4dc34077373438c944f3cb5dd5f

Download Submit
C:\Users\Admin\AppData\Roaming\DriverDoc\program.log
Filesize
2KB

MD5
d7a71d5a6c5d16276c71ea361af00baa

SHA1
86d7a3f4699dd06f81ab2bf213992a1b363ffcae

SHA256
b796279f9532efec9d2082aec41a27f822699cd7562de1c910eb4b6d943aab8d

SHA512
12f13c29d902b106a371a637e3bbc882ee495786dd45fc67045e6bcb43e4e5283720f67b8c92bf78c4daa507724f0ce9c49e3e26a4205ed5dfa8160524569d0b

Download Submit
memory/1140-0-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1140-218-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1140-7-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2128-216-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/2128-191-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/2128-217-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3256-367-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3256-222-0x0000000001490000-0x0000000001491000-memory.dmp

Filesize
4KB

Download
memory/3256-335-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3256-356-0x0000000001490000-0x0000000001491000-memory.dmp

Filesize
4KB

Download
memory/3256-302-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3256-371-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3256-303-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3856-333-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3856-337-0x00000000019D0000-0x00000000019D1000-memory.dmp

Filesize
4KB

Download
memory/3856-300-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3856-369-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/3856-301-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3856-174-0x00000000019D0000-0x00000000019D1000-memory.dmp

Filesize
4KB

Download
memory/3856-365-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/4764-8-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/4764-15-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/4764-11-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/4764-5-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/4764-215-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/4960-163-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/4960-165-0x00000000007C0000-0x0000000000F7B000-memory.dmp

Filesize
7.7MB

Download
memory/4960-166-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download