Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EPSONOPOSADKV3.00ER10.zip

Overview

General Information

Sample name:EPSONOPOSADKV3.00ER10.zip
Analysis ID:1585671
MD5:76afb557129adfa8f9a2b0cbf64d2b3a
SHA1:6189f91d560020b39491d7b923c08de0dbcb78fb
SHA256:3a16fb42a5737bc79ee2b1d99389ff0ca6d2a3a7d54cc9d67162594b812adf77
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Installs new ROOT certificates
Sample is not signed and drops a device driver
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly
Uses regedit.exe to modify the Windows registry
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to detect Joe Sandbox
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 2652 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • svchost.exe (PID: 6964 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6152 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 7152 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6256 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 432 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 4336 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 3484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6580 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • EPSON_OPOS_ADK_V3.00ER10.exe (PID: 5996 cmdline: "C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe" MD5: FF977888ED8A60675C172B91D007FEC0)
    • EPSON_OPOS_ADK_V3.00ER10.exe (PID: 5860 cmdline: "C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.clean.room="C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560 MD5: EC7D781FF597D391E89EA6B4E65C10F0)
      • EPSON_OPOS_ADK_V3.00ER10.exe (PID: 3816 cmdline: "C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe" -q -burn.elevated BurnPipe.{D5D5A840-F047-439C-9553-FB044969F341} {28004D24-267E-493F-9AB5-7E646BC3FBFD} 5860 MD5: EC7D781FF597D391E89EA6B4E65C10F0)
        • vcredist_x86.exe (PID: 4112 cmdline: "C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe" /q MD5: CEDE02D7AF62449A2C38C49ABECC0CD3)
          • Setup.exe (PID: 1948 cmdline: c:\158708e7c5ec5138b5e887b350f3\Setup.exe /q MD5: 9A1141FBCEEB2E196AE1BA115FD4BEE6)
        • Setup.exe (PID: 6708 cmdline: "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe" -s2 MD5: BF42BF5D40BA5B5F5591BA04F8372179)
          • Setup.exe (PID: 5692 cmdline: "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\Setup.exe" -s2 MD5: D17902B18A5AD47410831225B9F2F6DD)
            • DPInst.exe (PID: 640 cmdline: TMUSB64\dpinst.exe /s /se /sw /sa /el MD5: 7CE61B7C402728CE373FBC0DC9214066)
        • pcsInstaller.exe (PID: 3896 cmdline: "C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe" /i MD5: 6ECEA205F1D913C29183D95BBFE8321E)
          • msiexec.exe (PID: 1864 cmdline: msiexec /i PCS64.msi VERUP=0 /q MD5: 9D09DC1EDA745A5F87553048E57620CF)
        • PCSSetting64.exe (PID: 3968 cmdline: "C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe" ENABLE_REPLACE_TO_LOWER_MODEL Enable string MD5: 3EC483711F021829375C4EB7F5DE09FA)
  • VSSVC.exe (PID: 2660 cmdline: C:\Windows\system32\vssvc.exe MD5: 875046AD4755396636A68F4A9EDB22A4)
  • svchost.exe (PID: 3964 cmdline: C:\Windows\System32\svchost.exe -k swprv MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SrTasks.exe (PID: 2848 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)
    • conhost.exe (PID: 3020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 2604 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 4036 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4124 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0A1DA348F0E315A6A64FF65FE94757FA E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • cmd.exe (PID: 3752 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\OPOS\Epson3\Install.bat"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4540 cmdline: cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regedit.exe (PID: 6756 cmdline: regedit.exe /s OPOSReg.reg MD5: 999A30979F6195BF562068639FFC4426)
        • reg.exe (PID: 6308 cmdline: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f /v "OposDir" /d "C:\Program Files (x86)\OPOS\Epson3" /t REG_SZ MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • sc.exe (PID: 5880 cmdline: sc stop "EPSON_OPOS_Parallel_Port_Driver" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • regsvr32.exe (PID: 3616 cmdline: regsvr32 /s PrintUnicodeAdapter.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4528 cmdline: /s PrintUnicodeAdapter.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 2356 cmdline: regsvr32 /s DisplayUnicodeAdapter.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3596 cmdline: /s DisplayUnicodeAdapter.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 5528 cmdline: regsvr32 /s PortControl.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4896 cmdline: /s PortControl.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 424 cmdline: regsvr32 /s PortPCS.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6084 cmdline: /s PortPCS.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6880 cmdline: regsvr32 /s Port80211.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2724 cmdline: /s Port80211.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 5232 cmdline: regsvr32 /s PortHCom.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6136 cmdline: /s PortHCom.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 4856 cmdline: regsvr32 /s PortLpt.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3688 cmdline: /s PortLpt.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3948 cmdline: regsvr32 /s PortNet.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 5952 cmdline: /s PortNet.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1360 cmdline: regsvr32 /s PortUSB.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6700 cmdline: /s PortUSB.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6684 cmdline: regsvr32 /s SoCScn140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6412 cmdline: /s SoCScn140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6936 cmdline: regsvr32 /s SoDrw14.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6092 cmdline: /s SoDrw14.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1344 cmdline: regsvr32 /s SoDrw140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3920 cmdline: /s SoDrw140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 4796 cmdline: regsvr32 /s SoDrw200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 1164 cmdline: /s SoDrw200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3180 cmdline: regsvr32 /s SoDspG14.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 1560 cmdline: /s SoDspG14.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 2504 cmdline: regsvr32 /s SoDspG140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6896 cmdline: /s SoDspG140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3012 cmdline: regsvr32 /s SoDspG200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2212 cmdline: /s SoDspG200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 4040 cmdline: regsvr32 /s SoDspL14.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2464 cmdline: /s SoDspL14.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3428 cmdline: regsvr32 /s SoDspL140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4956 cmdline: /s SoDspL140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 716 cmdline: regsvr32 /s SoDspL200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3044 cmdline: /s SoDspL200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3052 cmdline: regsvr32 /s SoEJ140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3644 cmdline: /s SoEJ140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 688 cmdline: regsvr32 /s SoEJ200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2228 cmdline: /s SoEJ200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1108 cmdline: regsvr32 /s SoLCDsp140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 1272 cmdline: /s SoLCDsp140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3020 cmdline: regsvr32 /s SoLCDsp200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3252 cmdline: /s SoLCDsp200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 2628 cmdline: regsvr32 /s SoLCDspG200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2604 cmdline: /s SoLCDspG200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1956 cmdline: regsvr32 /s SoMICR15.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2352 cmdline: /s SoMICR15.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3228 cmdline: regsvr32 /s SoMICR140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 3224 cmdline: /s SoMICR140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1312 cmdline: regsvr32 /s SoPtr12.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6732 cmdline: /s SoPtr12.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 4404 cmdline: regsvr32 /s SoPtr140.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6760 cmdline: /s SoPtr140.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1084 cmdline: regsvr32 /s SoPtr200.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4884 cmdline: /s SoPtr200.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6552 cmdline: regsvr32 /s OPOSCashDrawer.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6996 cmdline: /s OPOSCashDrawer.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6012 cmdline: regsvr32 /s OPOSCheckScanner.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 5452 cmdline: /s OPOSCheckScanner.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 6608 cmdline: regsvr32 /s OPOSElectronicJournal.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4712 cmdline: /s OPOSElectronicJournal.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3904 cmdline: regsvr32 /s OPOSLineDisplay.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 2744 cmdline: /s OPOSLineDisplay.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 4864 cmdline: regsvr32 /s OPOSMICR.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4336 cmdline: /s OPOSMICR.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 3484 cmdline: regsvr32 /s OPOSPOSPrinter.ocx MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 4204 cmdline: /s OPOSPOSPrinter.ocx MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
    • msiexec.exe (PID: 5652 cmdline: C:\Windows\System32\MsiExec.exe -Embedding DF6E1B74EA694B1F8E3D3607854AFE08 MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2980 cmdline: C:\Windows\System32\MsiExec.exe -Embedding DB87DB855A7A24307C9DA0315D37EB21 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
  • svchost.exe (PID: 6488 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 6196 cmdline: DrvInst.exe "4" "8" "C:\Users\user\AppData\Local\Temp\{c4d9f904-ea8b-464d-84d1-82f15b2a5055}\tmusb64.inf" "9" "42421e863" "000000000000016C" "WinSta0\Default" "0000000000000184" "208" "c:\programdata\package cache\c9c2b3d3b2f26ef5837603c1189ca4d7224c7628\tmusb800\tmusb64" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • PCSVC.exe (PID: 5136 cmdline: "C:\Program Files\epson\portcommunicationservice\PCSVC.exe" MD5: 680840D56DDAA2E3A48DCFFD704F90C6)
  • DeviceControlLog.exe (PID: 6312 cmdline: "C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe" MD5: A2F78CA7192CC8C995E55B89D920B7CF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat" , CommandLine: cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat" , CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\OPOS\Epson3\Install.bat"", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3752, ParentProcessName: cmd.exe, ProcessCommandLine: cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat" , ProcessId: 4540, ProcessName: cmd.exe
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: regsvr32 /s PrintUnicodeAdapter.dll, CommandLine: regsvr32 /s PrintUnicodeAdapter.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4540, ParentProcessName: cmd.exe, ProcessCommandLine: regsvr32 /s PrintUnicodeAdapter.dll, ProcessId: 3616, ProcessName: regsvr32.exe
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Package Cache\{6c3c556e-5622-4ef8-aab9-3897a6c7febb}\EPSON_OPOS_ADK_V3.00ER10.exe" /burn.runonce, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe, ProcessId: 3816, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{6c3c556e-5622-4ef8-aab9-3897a6c7febb}
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6964, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCS64.msi
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\BluetoothIO.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\EthernetIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\Info-ZIPlicense.txt
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\ParallelIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCSIF.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCSVC.exe
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PortConfig.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\Replace.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\SerialIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\USBIO31.DLL
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20250107_184636426-MSI_vc_red.msi.txt
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1033\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1041\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1042\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1028\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\2052\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1040\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1036\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1031\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\3082\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1049\eula.rtf
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\Info-ZIPlicense.txt
Source: C:\Windows\System32\msiexec.exeFile opened: c:\Windows\SysWOW64\msvcr100.dll
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\svchost.exeFile opened: d:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\System32\msiexec.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\NULL
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payEF5C0E45BE69D622685F1FCF3E48EAA7Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD1FB11A55FA8F697A3D799DCCDBE7F52Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay927811705D452D60115D384E7785346CJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payF7361A3A14F94EDEDDC1F424F97B29B5Jump to dropped file

System Summary

barindex
Uses regedit.exe to modify the Windows registry
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\regedit.exe regedit.exe /s OPOSReg.reg
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\pcslpt.sys
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\4adac7.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDCDB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\atl100.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfc100u.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfcm100.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\SysWOW64\vcomp100.dll
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\4adaca.msi
Source: C:\Windows\System32\msiexec.exeFile created: c:\Windows\Installer\4adaca.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a63.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC38.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a65.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a65.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI166B.tmp
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a66.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E72.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EB1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EF1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5F11.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6144.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6174.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a69.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b0a69.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6EF2.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6F51.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6F81.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4adaca.msi
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f /v "OposDir" /d "C:\Program Files (x86)\OPOS\Epson3" /t REG_SZ
Source: classification engineClassification label: mal60.evad.winZIP@122/208@0/4
Source: C:\Windows\System32\msiexec.exeFile created: c:\Program Files (x86)\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3020:120:WilError_03
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat"
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe "C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe"
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe "C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.clean.room="C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe "C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe" -q -burn.elevated BurnPipe.{D5D5A840-F047-439C-9553-FB044969F341} {28004D24-267E-493F-9AB5-7E646BC3FBFD} 5860
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe "C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.clean.room="C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560
Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe "C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe" /q
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeProcess created: C:\158708e7c5ec5138b5e887b350f3\Setup.exe c:\158708e7c5ec5138b5e887b350f3\Setup.exe /q
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe "C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe" /q
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c,"C:\Program Files (x86)\OPOS\Epson3\.\Install.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\regedit.exe regedit.exe /s OPOSReg.reg
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f /v "OposDir" /d "C:\Program Files (x86)\OPOS\Epson3" /t REG_SZ
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "EPSON_OPOS_Parallel_Port_Driver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PrintUnicodeAdapter.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PrintUnicodeAdapter.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s DisplayUnicodeAdapter.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s DisplayUnicodeAdapter.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortControl.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortControl.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortPCS.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortPCS.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s Port80211.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s Port80211.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortHCom.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortHCom.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortLpt.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortLpt.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortNet.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortNet.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PortUSB.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s PortUSB.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe" -s2
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoCScn140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoCScn140.dll
Source: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exeProcess created: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\Setup.exe "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\Setup.exe" -s2
Source: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\Setup.exeProcess created: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\DPInst.exe TMUSB64\dpinst.exe /s /se /sw /sa /el
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDrw14.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDrw14.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDrw140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDrw140.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDrw200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDrw200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspG14.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspG14.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspG140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspG140.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspG200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspG200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspL14.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspL14.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspL140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspL140.dll
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "8" "C:\Users\user\AppData\Local\Temp\{c4d9f904-ea8b-464d-84d1-82f15b2a5055}\tmusb64.inf" "9" "42421e863" "000000000000016C" "WinSta0\Default" "0000000000000184" "208" "c:\programdata\package cache\c9c2b3d3b2f26ef5837603c1189ca4d7224c7628\tmusb800\tmusb64"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoDspL200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoDspL200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoEJ140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoEJ140.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeProcess created: C:\158708e7c5ec5138b5e887b350f3\Setup.exe c:\158708e7c5ec5138b5e887b350f3\Setup.exe /q
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoEJ200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoEJ200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoLCDsp140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoLCDsp140.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoLCDsp200.dll
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoLCDsp200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoLCDspG200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoLCDspG200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoMICR15.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoMICR15.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoMICR140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoMICR140.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoPtr12.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoPtr12.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoPtr140.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoPtr140.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s SoPtr200.dll
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s SoPtr200.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSCashDrawer.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSCashDrawer.ocx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSCheckScanner.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSCheckScanner.ocx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSElectronicJournal.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSElectronicJournal.ocx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSLineDisplay.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSLineDisplay.ocx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSMICR.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSMICR.ocx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s OPOSPOSPrinter.ocx
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s OPOSPOSPrinter.ocx
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe "C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe" /i
Source: C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i PCS64.msi VERUP=0 /q
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DF6E1B74EA694B1F8E3D3607854AFE08
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DB87DB855A7A24307C9DA0315D37EB21 E Global\MSI0000
Source: unknownProcess created: C:\Program Files\epson\portcommunicationservice\PCSVC.exe "C:\Program Files\epson\portcommunicationservice\PCSVC.exe"
Source: unknownProcess created: C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe "C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe"
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe "C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe" ENABLE_REPLACE_TO_LOWER_MODEL Enable string
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\VSSVC.exe C:\Windows\system32\vssvc.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k swprv
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe" -s2
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe "C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe" /i
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe "C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe" ENABLE_REPLACE_TO_LOWER_MODEL Enable string
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DF6E1B74EA694B1F8E3D3607854AFE08
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DB87DB855A7A24307C9DA0315D37EB21 E Global\MSI0000
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cabinet.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msxml3.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: feclient.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: srclient.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: spp.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: vssapi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: vsstrace.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: usoapi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: sxproxy.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exeSection loaded: vss_ps.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: clusapi.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: dnsapi.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: iphlpapi.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: wkscli.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: cscapi.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: netutils.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: cryptsp.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: rsaenh.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: feclient.dll
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: tsappcmp.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msihnd.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeSection loaded: msls31.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: apphelp.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: acgenral.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: uxtheme.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: winmm.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: samcli.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msacm32.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: version.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: userenv.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: dwmapi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: urlmon.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: mpr.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: sspicli.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: winmmbase.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: winmmbase.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: iertutil.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: srvcli.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: netutils.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: setupengine.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: winhttp.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: secur32.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: sqmapi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msasn1.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: windows.storage.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: wldp.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: profapi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: ntmarta.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: kernel.appcore.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msxml3.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: cryptsp.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: rsaenh.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: cryptbase.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: gpapi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: msisip.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: srpapi.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: tsappcmp.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: netapi32.dll
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winsta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: devobj.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: authz.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: virtdisk.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: bcd.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: es.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: samcli.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: vss_ps.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: samlib.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: propsys.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: catsrvut.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: mfcsubs.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: msxml3.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: clusapi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\VSSVC.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: swprv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: virtdisk.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vss_ps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: apphelp.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: version.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: windows.storage.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: wldp.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: profapi.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: devobj.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: msasn1.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\epson\portcommunicationservice\PCSVC.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCS64.msi
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\BluetoothIO.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\EthernetIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\Info-ZIPlicense.txt
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\ParallelIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCSIF.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PCSVC.exe
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PortConfig.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\Replace.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\SerialIO31.DLL
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\epson\portcommunicationservice\USBIO31.DLL
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}
Source: EPSONOPOSADKV3.00ER10.zipStatic file information: File size 26818108 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: c:\Windows\SysWOW64\msvcr100.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s PrintUnicodeAdapter.dll

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Sample is not signed and drops a device driver
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\pcslpt.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\lpt_x64\pcslpt.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\ParallelIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspL200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSCheckScanner.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exeJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\1033\SetupResources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspL14.dllJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\Setup.exeJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\sqmapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay3793A6D3F427DBCEBAD2F1C2E50F2101Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Ltfil12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortPCS.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pcsInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\lptInataller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\DisplayUnicodeAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoBase12.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoPtr140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD96CC85FD4558BCF17E2CBDDBC84F45CJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Lffax12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSCashDrawer.ocxJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\SetupEngine.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoEJ200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SerialIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\EPSON\portcommunicationservice\PCSIF.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\DevCore140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDrw200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspG200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\EAPBcdR0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\BmpToRaster.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\AutoUsb.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\EPSON\portcommunicationservice\PortConfig.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoPtr200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\EPSON\portcommunicationservice\DeviceControlLogLibrary.DLLJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\SetupUi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Lfcmp12n.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payB817A58592B86A58C1F9BA7DC8C72429Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDrw14.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortUSB.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Ltdis12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspG140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortControl.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\EAPBcd0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay2ED01CA94E938DDDC39A6C906E554BF9Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\RcSetPOS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\pcslpt.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Ltimg12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspG14.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortLpt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\LblBcd01.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoPtr12.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoCScn140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\BluetoothIO.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\EthernetIO31.DLLJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payDCB5286E01B9DE4C43422CE433335639Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PrintUnicodeAdapter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\lpt_x64\pcslpt.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\BluetoothIO.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\PCSVC.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\atl100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay7BD4773AC9B54A2A21AAEEC2DC0774D3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\DeviceSharing10.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortHCom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoMICR15.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDrw140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\libUconv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCD625093AC3B4D0C421A592FE082EAEBJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\PortConfig.DLLJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCB40CD10A10870E5AE1385FA0F1F3337Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\ParallelIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\lptInataller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SetupPOS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\UpdtUSB.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\PCSIF.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoEJ140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SetRegSA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSPOSPrinter.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Lfbmp12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\USBIO31.DLLJump to dropped file
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoLCDspG200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoLCDsp200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\ViewPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\pcsInstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSElectronicJournal.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\USBIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EB1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoLCDsp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\EthernetIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\SerialIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Port80211.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SetupPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Ltkrn12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoMICR140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\SoDspL140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\vcredist_x86.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\PortConnector31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\PortNet.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\Setup.exeJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\1042\SetupResources.dllJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: C:\158708e7c5ec5138b5e887b350f3\1041\SetupResources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\StartPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\Lftif12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\DevCore200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSLineDisplay.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\OPOS\Epson3\OPOSMICR.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\Replace.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\payD96CC85FD4558BCF17E2CBDDBC84F45C
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\payDCB5286E01B9DE4C43422CE433335639
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\pay3793A6D3F427DBCEBAD2F1C2E50F2101
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\payCD625093AC3B4D0C421A592FE082EAEB
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\pay2ED01CA94E938DDDC39A6C906E554BF9
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\PCSSetting64.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\Setup.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\pay7BD4773AC9B54A2A21AAEEC2DC0774D3
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\payCB40CD10A10870E5AE1385FA0F1F3337
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\PCSSetting32.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\payB817A58592B86A58C1F9BA7DC8C72429
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\vcredist_x86.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\pcsInstaller.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exePE file moved: C:\ProgramData\Package Cache\.unverified\lptInataller.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\atl100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EB1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCB40CD10A10870E5AE1385FA0F1F3337Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD96CC85FD4558BCF17E2CBDDBC84F45CJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCD625093AC3B4D0C421A592FE082EAEBJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay2ED01CA94E938DDDC39A6C906E554BF9Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payB817A58592B86A58C1F9BA7DC8C72429Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payDCB5286E01B9DE4C43422CE433335639Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay7BD4773AC9B54A2A21AAEEC2DC0774D3Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay3793A6D3F427DBCEBAD2F1C2E50F2101Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86Jump to dropped file
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20250107_184636426-MSI_vc_red.msi.txt
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeFile created: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1033\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1041\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1042\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1028\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\2052\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1040\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1036\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1031\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\3082\eula.rtf
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeFile created: c:\158708e7c5ec5138b5e887b350f3\1049\eula.rtf
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\epson\portcommunicationservice\Info-ZIPlicense.txt
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Source: C:\Windows\System32\SrTasks.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson OPOS ADK
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson OPOS ADK\SetupPOS.lnk
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {6c3c556e-5622-4ef8-aab9-3897a6c7febb}
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {6c3c556e-5622-4ef8-aab9-3897a6c7febb}
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {6c3c556e-5622-4ef8-aab9-3897a6c7febb}
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {6c3c556e-5622-4ef8-aab9-3897a6c7febb}
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "EPSON_OPOS_Parallel_Port_Driver"
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\VSSVC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeFile opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\ParallelIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSCheckScanner.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspL200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dllJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\1033\SetupResources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspL14.dllJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\sqmapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay3793A6D3F427DBCEBAD2F1C2E50F2101Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Ltfil12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortPCS.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pcsInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\lptInataller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoBase12.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\DisplayUnicodeAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoPtr140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD96CC85FD4558BCF17E2CBDDBC84F45CJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Lffax12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSCashDrawer.ocxJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\SetupEngine.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoEJ200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SerialIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\EPSON\portcommunicationservice\PCSIF.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\DevCore140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDrw200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspG200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\EAPBcdR0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\BmpToRaster.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\AutoUsb.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\EPSON\portcommunicationservice\PortConfig.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoPtr200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\EPSON\portcommunicationservice\DeviceControlLogLibrary.DLLJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\SetupUi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Lfcmp12n.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payB817A58592B86A58C1F9BA7DC8C72429Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDrw14.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortUSB.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Ltdis12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspG140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\EAPBcd0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay2ED01CA94E938DDDC39A6C906E554BF9Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\RcSetPOS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\pcslpt.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Ltimg12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspG14.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\LblBcd01.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortLpt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoPtr12.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoCScn140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\BluetoothIO.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\EthernetIO31.DLLJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payDCB5286E01B9DE4C43422CE433335639Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PrintUnicodeAdapter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\lpt_x64\pcslpt.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\BluetoothIO.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay7BD4773AC9B54A2A21AAEEC2DC0774D3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\DeviceSharing10.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortHCom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoMICR15.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDrw140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\libUconv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCD625093AC3B4D0C421A592FE082EAEBJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\PortConfig.DLLJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCB40CD10A10870E5AE1385FA0F1F3337Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\ParallelIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\lptInataller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SetupPOS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\UpdtUSB.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\PCSIF.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoEJ140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SetRegSA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSPOSPrinter.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Lfbmp12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\USBIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoLCDsp200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoLCDspG200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\ViewPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\pcsInstaller.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSElectronicJournal.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\USBIO31.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5EB1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoLCDsp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\SerialIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\EthernetIO31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Port80211.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SetupPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Ltkrn12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoMICR140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\SoDspL140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\PortConnector31.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\PortNet.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\Setup.exeJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\1041\SetupResources.dllJump to dropped file
Source: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exeDropped PE file which has not been started: C:\158708e7c5ec5138b5e887b350f3\1042\SetupResources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\StartPOS.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI160C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\Lftif12n.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\DevCore200.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSMICR.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\OPOS\Epson3\OPOSLineDisplay.ocxJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\epson\portcommunicationservice\Replace.DLLJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dllJump to dropped file
Source: C:\Windows\System32\SrTasks.exe TID: 3900Thread sleep time: -80000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7052Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile operation: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\tmusbxp.sys
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile operation: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\tmusbxp.sys
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\Windows FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\NULL
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeProcess information queried: ProcessInformation
Source: C:\158708e7c5ec5138b5e887b350f3\Setup.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe "C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.clean.room="C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe "C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe" /q
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe "C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe" -s2
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe "C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe" /i
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe "C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe" ENABLE_REPLACE_TO_LOWER_MODEL Enable string
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe "c:\users\user\appdata\local\temp\{93020c0e-e0e4-4b6a-b1e7-58acc6b18324}\.cr\epson_opos_adk_v3.00er10.exe" -burn.clean.room="c:\users\user\desktop\epsonoposadkv3.00er10\epson_opos_adk_v3.00er10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560
Source: C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exeProcess created: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe "c:\users\user\appdata\local\temp\{93020c0e-e0e4-4b6a-b1e7-58acc6b18324}\.cr\epson_opos_adk_v3.00er10.exe" -burn.clean.room="c:\users\user\desktop\epsonoposadkv3.00er10\epson_opos_adk_v3.00er10.exe" -burn.filehandle.attached=568 -burn.filehandle.self=560
Source: unknownProcess created: C:\Windows\System32\drvinst.exe drvinst.exe "4" "8" "c:\users\user\appdata\local\temp\{c4d9f904-ea8b-464d-84d1-82f15b2a5055}\tmusb64.inf" "9" "42421e863" "000000000000016c" "winsta0\default" "0000000000000184" "208" "c:\programdata\package cache\c9c2b3d3b2f26ef5837603c1189ca4d7224c7628\tmusb800\tmusb64"
Source: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		1
Replication Through Removable Media		1
Windows Management Instrumentation		32
Windows Service		32
Windows Service		32
Masquerading		OS Credential Dumping4
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Scripting		11
Process Injection		11
Modify Registry		LSASS Memory3
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		11
Registry Run Keys / Startup Folder		11
Registry Run Keys / Startup Folder		3
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		NTDS11
Peripheral Device Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Regsvr32		Cached Domain Credentials23
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Install Root Certificate		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Rundll32		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
File Deletion		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
EPSONOPOSADKV3.00ER10.zip0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\wixstdba.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\1033\SetupResources.dll0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\1041\SetupResources.dll0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\1042\SetupResources.dll0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\Setup.exe0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\SetupEngine.dll0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\SetupUi.dll0%ReversingLabs
C:\158708e7c5ec5138b5e887b350f3\sqmapi.dll0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\PCSSetting32.exe (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\PCSSetting64.exe (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\Setup.exe (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\lptInataller.exe (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\pay2ED01CA94E938DDDC39A6C906E554BF9 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\pay3793A6D3F427DBCEBAD2F1C2E50F2101 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\pay7BD4773AC9B54A2A21AAEEC2DC0774D3 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\payB817A58592B86A58C1F9BA7DC8C72429 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\payCB40CD10A10870E5AE1385FA0F1F3337 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\payCD625093AC3B4D0C421A592FE082EAEB (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\payD96CC85FD4558BCF17E2CBDDBC84F45C (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\payDCB5286E01B9DE4C43422CE433335639 (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\pcsInstaller.exe (copy)0%ReversingLabs
C:\ProgramData\Package Cache\.unverified\vcredist_x86.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\AutoUsb.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\BluetoothIO.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\BmpToRaster.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\DevCore140.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\DevCore200.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\DeviceSharing10.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\DisplayUnicodeAdapter.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\EAPBcd0.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\EAPBcdR0.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\EthernetIO31.DLL0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\LblBcd01.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Lfbmp12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Lfcmp12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Lffax12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Lftif12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Ltdis12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Ltfil12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Ltimg12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Ltkrn12n.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSCashDrawer.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSCheckScanner.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSElectronicJournal.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSLineDisplay.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSMICR.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\OPOSPOSPrinter.ocx0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\ParallelIO31.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\Port80211.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortControl.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortHCom.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortLpt.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortNet.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortPCS.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PortUSB.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\PrintUnicodeAdapter.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\RcSetPOS.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SerialIO31.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SetRegSA.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SetupPOS.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SetupPOS.exe0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoBase12.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoCScn140.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoDrw14.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoDrw140.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoDrw200.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoDspG14.dll0%ReversingLabs
C:\Program Files (x86)\OPOS\Epson3\SoDspG140.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.28.90.27
unknownUnited States
16625AKAMAI-ASUSfalse

Private

IP
127.0.0.1

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1585671
Start date and time:2025-01-08 00:45:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:117
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:1
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:EPSONOPOSADKV3.00ER10.zip
Detection:MAL
Classification:mal60.evad.winZIP@122/208@0/4
Cookbook Comments:
  • Found application associated with file extension: .zip

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Timeout during stream target processing, analysis might miss dynamic analysis data
  • VT rate limit hit for: EPSONOPOSADKV3.00ER10.zip

Created / dropped Files

C:\158708e7c5ec5138b5e887b350f3\$shtdwn$.req

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:data
Category:dropped
Size (bytes):788
Entropy (8bit):0.09823380614560741
Encrypted:false
SSDEEP:
MD5:DF7119A5D3CAEDA80BF0FB6F8E53DE8F
SHA1:76458E1D2E0FA4519FACB71A5F23F8799713BE2B
SHA-256:3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
SHA-512:85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
Malicious:false
Reputation:unknown
Preview:Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\1033\LouserzedData.xml

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (565), with CRLF line terminators
Category:dropped
Size (bytes):39246
Entropy (8bit):3.5443876937052083
Encrypted:false
SSDEEP:
MD5:D642E322D1E8B739510CA540F8E779F9
SHA1:36279C76D9F34C09EBDDC84FD33FCC7D4B9A896C
SHA-256:5D90345FF74E177F6DA8FB6459C1CFCAC080E698215CA75FEB130D0D1F2A76B9
SHA-512:E1E16AE14BC7CC1608E1A08D3C92B6D0518B5FABD27F2C0EB514C87AFC3D6192BF7A793A583AFC65F1899F03DC419263B29174456E1EC9AB0F0110E0258E0F0D
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .x.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .I.A.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .

C:\158708e7c5ec5138b5e887b350f3\1033\SetupResources.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):16728
Entropy (8bit):5.268121432650481
Encrypted:false
SSDEEP:
MD5:718AB3EB3F43C9BCF16276C1EB17F2C1
SHA1:A3091FD7784A9469309B3EDB370E24A0323E30AC
SHA-256:E1A13F5B763D73271A1A205A88E64C6611C25D5F434CFA5DA14FEB8E4272FFAA
SHA-512:9FA8A8D9645A9B490257C2DCE3D31F1585F6D6069F9471F9E00DFAA9E457FF1DB4C9176A91E02D7F0B61BAE0C1FC76B56061EFF04888A58AEB5AD2E8692FCF8A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........(...............................................P......).....@.......................................... ...%...........*..X............................................................................................text...G...........................@..@.rsrc....%... ...&..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\1033\eula.rtf

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:dropped
Size (bytes):7346
Entropy (8bit):4.957730247487973
Encrypted:false
SSDEEP:
MD5:0D0269DFD3FFA37529A14953A5891964
SHA1:F4FD2C37B8AA22C1083210508DD35CB7665A36A5
SHA-256:6BAB6A941CF861BE226207A02D2DCE79E007FA4368CF638EBBB6F6A762646729
SHA-512:01817413168C0365B6B16A3D1A80061D94BBC8BC466528F05B42A65700847A9DE5996A8C55EC3F19FA9F35698D3790CDE572540DC7386409CB692A6A41BFC137
Malicious:false
Reputation:unknown
Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\fnil\fcharset0 userbri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\tx360\f1\'b7\tab\f0 updates,\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\f1\'b7\tab\

C:\158708e7c5ec5138b5e887b350f3\1041\LouserzedData.xml

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (440), with CRLF line terminators
Category:dropped
Size (bytes):34318
Entropy (8bit):4.3825885013202255
Encrypted:false
SSDEEP:
MD5:7FCFBC308B0C42DCBD8365BA62BADA05
SHA1:18A0F0E89B36818C94DE0AD795CC593D0E3E29A9
SHA-256:01E7D24DD8E00B5C333E96D1BB83813E02E96F89AAD0C2F28F84551D28ABBBE2
SHA-512:CD6F912A037E86D9E1982C73F0F8B3C4D5A9A6B5B108A7B89A46E6691E430A7CB55718DE9A0C05650BB194C8D4A2E309AD6221D638CFCA8E16AA5920881BA649
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .x.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .I.A.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.

C:\158708e7c5ec5138b5e887b350f3\1041\SetupResources.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):15192
Entropy (8bit):6.0685950222818965
Encrypted:false
SSDEEP:
MD5:00EBA8C995E91FA9C7A38221CC3C2AB2
SHA1:353D373B66EC5B6D25A060AE69BF362202B0C069
SHA-256:DA2514F84A5249937DD439CB608B44D7A2C152D7D4F7B4F1D2B12DB22FB29DF5
SHA-512:7CBA82C897AFBC09E87295F7F9C9F2DB1DDB124CAFAFE5E93F46F4346BB6EC5CBF1E4A100B532E854A8089A074949014F68A77D9E43A9390D64A37875F35C586
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!........."...............................................@............@.......................................... ..h............$..X............................................................................................text...G...........................@..@.rsrc.... ... ... ..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\1041\eula.rtf

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:dropped
Size (bytes):24099
Entropy (8bit):3.825803656837097
Encrypted:false
SSDEEP:
MD5:D391858950A2E53FB7CAD0EF993A0857
SHA1:D0C433C38A62BF0FCE4285585DBDC0BC9159F60D
SHA-256:415336BDD86FFEEAEF7FF776717F18FA83418107851800EE0EE1FD65DDCF8A97
SHA-512:E5AB613589BACE9BA6CA91EEB82101B49CDD6BB5E667A69F9D9EA90718041BA520955E581B3C9AC4D63D613F6FD4DA220C2C7CEC5CE1A721F4D55396DB15266B
Malicious:false
Reputation:unknown
Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset128 MS PGothic;}{\f1\fswiss\fprq2\fcharset0 Tahoma;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}{\f4\fnil\fcharset0 userbri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1041\b\f0\fs20\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\lang1033\f1 \lang1041\f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\lang1033\f1 \lang1041\f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\lang1033\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f1 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\lang1041\b0\f0\'96\'7b\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\lang1033\f1 \lang1041\f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\lang1033\f1 (\l

C:\158708e7c5ec5138b5e887b350f3\1042\SetupResources.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):14680
Entropy (8bit):6.062566477695181
Encrypted:false
SSDEEP:
MD5:C3607B83C32851D9B5FD44F33430EA58
SHA1:2E5181690881DF80D63466433C973E66A56105FF
SHA-256:327269984378BC3B9EC4F4392B94F7D1347DB9C7BEAD2935A3B1898EB20B8080
SHA-512:664528B6424F9C3DC2ED4A2EDC3CCEE02806FF48402930205055D348B65B36587E1E6516AF4A12B2DDE9C03ED6DBF06E09B3F337AF2C152A9F0D3FE078357807
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!......... ...............................................@......3.....@.......................................... ..............."..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\DHtmlHeader.html

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):16118
Entropy (8bit):3.6434775915277604
Encrypted:false
SSDEEP:
MD5:CD131D41791A543CC6F6ED1EA5BD257C
SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
Malicious:false
Reputation:unknown
Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

C:\158708e7c5ec5138b5e887b350f3\DisplayIcon.ico

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
Category:dropped
Size (bytes):88533
Entropy (8bit):7.210526848639953
Encrypted:false
SSDEEP:
MD5:F9657D290048E169FFABBBB9C7412BE0
SHA1:E45531D559C38825FBDE6F25A82A638184130754
SHA-256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
SHA-512:8B93E898148EB8A751BC5E4135EFB36E3AC65AF34EAAC4EA401F1236A2973F003F84B5CFD1BBEE5E43208491AA1B63C428B64E52F7591D79329B474361547268
Malicious:false
Reputation:unknown
Preview:..............(...............h...............h...f... .............. .............. ..........^...00......h....#..00..........n)..00...........8........ .h....T.. .... .....&Y..00.... ..%...i........ ._...v...(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l.............................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\ParameterInfo.xml

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (314), with CRLF line terminators
Category:dropped
Size (bytes):8958
Entropy (8bit):3.590720750290828
Encrypted:false
SSDEEP:
MD5:46DB5D342D306778CAB61E413A84FECE
SHA1:D0885AE1F706E014015CACB0CD67CA786D0962C2
SHA-256:227BD903261486663665BA232B753781BAFD7AFBA68B5614AD93D6D1F5A1E16B
SHA-512:5DE734CE86888AE41DB113BE13B8B6652F67DE8E7FF0DC062A3E217E078CCAFACF44117BBFFF6E26D6C7E4FA369855E87B4926E9BDFA96F466A89A9D9C67A5BC
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .S.e.t.u.p.V.e.r.s.i.o.n.=.".1...0.".>..... . .<.U.I. .D.l.l.=.".S.e.t.u.p.U.i...d.l.l.". .N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. . .x.8.6. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .S.e.t.u.p.". .V.e.r.s.i.o.n.=.".1.0...0...4.0.2.1.9.". ./.>..... . .<.C.o.n.f.i.g.u.r.a.t.i.o.n.>..... . . . .<.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . . . .<.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h. .N.a.m.e.=.".c.r.e.a.t.e.l.a.y.o.u.t.". ./.>..... . . . .<./.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . .<.U.s.e.r.E.x.p.e.r.i.e.n.c.e.D.a.t.a.C.o.l.l.e.c.t.i.o.n. .P.o.l.i.c.y.=.".U.s.e.r.C.o.n.t.r.o.l.l.e.d.". ./.>..... . . . .

C:\158708e7c5ec5138b5e887b350f3\Setup.exe

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):78152
Entropy (8bit):6.011495501326699
Encrypted:false
SSDEEP:
MD5:9A1141FBCEEB2E196AE1BA115FD4BEE6
SHA1:922EACB654F091BC609F1B7F484292468D046BD1
SHA-256:28563D908450EB7B7E9ED07A934E0D68135B5BB48E866E0A1C913BD776A44FEF
SHA-512:B044600ACB16FC3BE991D8A6DBC75C2CA45D392E66A4D19EACAC4AEE282D2ADA0D411D832B76D25EF505CC542C7FA1FDB7098DA01F84034F798B08BAA4796168
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MB.j.B.j.B.j.-...@.j.Yu..K.j.Yu..J.j.Yu..u.j.K...A.j.B.k...j.-...C.j.-...A.j.-...C.j.-...C.j.-...C.j.-...C.j.RichB.j.........PE..L....<_M.........."......f...........+............@..........................P............@...... ..................pu..x...Tp..<.......................H....@...... ................................(..@............................................text....e.......f.................. ..`.data................j..............@....rsrc................v..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\SetupEngine.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):808280
Entropy (8bit):6.35945459148743
Encrypted:false
SSDEEP:
MD5:A030C6B93740CBAA232FFAA08CCD3396
SHA1:6F7236A30308FBF02D88E228F0B5B5EC7F61D3EB
SHA-256:0507720D52AE856BBF5FF3F01172A390B6C19517CB95514CD53F4A59859E8D63
SHA-512:6787195B7E693744CE3B70C3B3EF04EAF81C39621E33D9F40B9C52F1A2C1D6094ECEAEBBC9B2906649351F5FC106EED085CEF71BB606A9DC7890EAFD200CFD42
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r..{!..{!..{!.H.!..{!.H.!..{!...!..{!...!..{!...!..{!...!=.{!...!..{!..z!.{!...!..{!...!..{!...!..{!...!..{!...!..{!Rich..{!................PE..L...-<_M.........."!.................................................................3....@.................................L...h....................>..X..............................................@............................................text...@........................... ..`.data..............................@....rsrc................j..............@..@.reloc..R............t..............@..B................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\SetupUi.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):295248
Entropy (8bit):6.260043421233697
Encrypted:false
SSDEEP:
MD5:C744EC120E54027C57318C4720B4D6BE
SHA1:AB65FC4E68AD553520AF049129FAE4F88C7EFF74
SHA-256:D1610B0A94A4DADC85EE32A7E5FFD6533EA42347D6F2D6871BEB03157B89A857
SHA-512:6DCD0AB7B8671E17D1C15DB030EE5349AB3A123595C546019CF9391CE05F9F63806149C3EC2F2C71635CB811AB65AD47BCD7031E2EFF7A59059577E47DD600A7
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..X'.r.'.r.'.r.<f....r.<f..5.r.<f..N.r.....>.r.'.s...r.H...&.r.H...$.r.H...&.r.H...&.r.H...&.r.Rich'.r.........PE..L...'<_M.........."!................................................................y.....@..........................................P...............j..P....`.. ?..................................hz..@............................................text............................... ..`.data....Q.......4..................@....rsrc........P......................@..@.reloc...T...`...V..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\SetupUi.xsd

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
Category:dropped
Size (bytes):30120
Entropy (8bit):4.990211039591874
Encrypted:false
SSDEEP:
MD5:2FADD9E618EFF8175F2A6E8B95C0CACC
SHA1:9AB1710A217D15B192188B19467932D947B0A4F8
SHA-256:222211E8F512EDF97D78BC93E1F271C922D5E91FA899E092B4A096776A704093
SHA-512:A3A934A8572FF9208D38CF381649BD83DE227C44B735489FD2A9DC5A636EAD9BB62459C9460EE53F61F0587A494877CD3A3C2611997BE563F3137F8236FFC4CA
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui".. xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui".. targetNamespace="http://schemas.microsoft.com/SetupUI/2008/01/imui".. elementFormDefault="qualified"..attributeFormDefault="unqualified"..>.... <xs:annotation>.. <xs:documentation>.. Copyright (c) Microsoft Corporation. All rights reserved... Schema for describing DevDiv "Setup UI Info".. </xs:documentation>.. </xs:annotation>.... <xs:element name="SetupUI">.. <xs:annotation>.. <xs:documentation>specifies UI dll, and lists of MSIs MSPs and EXEs</xs:documentation>.. </xs:annotation>.. <xs:complexType>.. <xs:sequence>.. <xs:choice>.. <xs:element ref="UI" minOccurs="1" maxOccurs="1"></xs:element>.. <xs:element ref="Strings" minOccurs="1" maxOccurs="1"></xs:element>..

C:\158708e7c5ec5138b5e887b350f3\SplashScreen.bmp

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PC bitmap, Windows 3.x format, 200 x 200 x 8, image size 40000, resolution 3779 x 3779 px/m, cbSize 41078, bits offset 1078
Category:dropped
Size (bytes):41078
Entropy (8bit):0.3169962482036715
Encrypted:false
SSDEEP:
MD5:43B254D97B4FB6F9974AD3F935762C55
SHA1:F94D150C94064893DAED0E5BBD348998CA9D4E62
SHA-256:91A21EBA9F5E1674919EE3B36EFA99714CFB919491423D888CB56C0F25845969
SHA-512:46527C88F0AED25D89833B9BE280F5E25FFCEAE6BC0653054C8B6D8EBE34EBA58818A0A02A72BD29279310186AC26D522BBF34191FBDE279A269FC9DA5840ACC
Malicious:false
Reputation:unknown
Preview:BMv.......6...(...................@.......................{7...>...h?..D...N...K..........xE..._#..q..T...X...Q...[..._...c...j....>.!....f...v...r...."..v....0....... ..........4..I.........[...}..............j.............................................................................................................i......................@>1.......................................................o...u...u...z...z...~............................................................................................................................................................................{...~.................................................................................................................yw`......................................................................................................................................................//'...........................................

C:\158708e7c5ec5138b5e887b350f3\Strings.xml

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):14246
Entropy (8bit):3.70170676934679
Encrypted:false
SSDEEP:
MD5:332ADF643747297B9BFA9527EAEFE084
SHA1:670F933D778ECA39938A515A39106551185205E9
SHA-256:E49545FEEAE22198728AD04236E31E02035AF7CC4D68E10CBECFFD08669CBECA
SHA-512:BEA95CE35C4C37B4B2E36CC1E81FC297CC4A8E17B93F10423A02B015DDB593064541B5EB7003560FBEEE512ED52869A113A6FB439C1133AF01F884A0DB0344B0
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". ..... . . . . . . . . .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.S.t.r.i.n.g.s.>..... . . . .<.!.-.-. .R.e.f.l.e.c.t.i.v.e. .p.r.o.p.e.r.t.y. .p.a.g.e. .-.-.>..... . . . .<.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>.#.(.l.o.c...i.d.s._.c.a.p.t.i.o.n._.f.o.r.m.a.t._.1.s.).<./.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>..... . . . .<.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>.#.(.l.o.c...i.d.s._.i.s._.r.e.a.l.l.y._.c.a.n.c.e.l.).<./.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>......... . . . .<.!.-.-. .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s. .p.a.g.e. .-.-.>..... . . . .<.S.Y.S.R.E.Q.P.A.G.E._.R.E.Q.U.I.R.E.D._.A.N.D._.A.V.A.I.L.A.B.L.E._.D.I.S.K._.S.P.A.C.E.>.#.(.l.o.c...s.y.s.r.e.q.

C:\158708e7c5ec5138b5e887b350f3\UiInfo.xml

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):36342
Entropy (8bit):3.0936879258457686
Encrypted:false
SSDEEP:
MD5:4F90FCEF3836F5FC49426AD9938A1C60
SHA1:89EBA3B81982D5D5C457FFA7A7096284A10DE64A
SHA-256:66A0299CE7EE12DD9FC2CFEAD3C3211E59BFB54D6C0627D044D44CEF6E70367B
SHA-512:4CE2731C1D32D7CA3A4F644F4B3111F06223DE96C1E241FCC86F5FE665F4DB18C8A241DAE4E8A7E278D6AFBF91B235A2C3517A40D4D22D9866880E19A7221160
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.U.I.>......... . . . .<.R.e.s.o.u.r.c.e.D.l.l.>.S.e.t.u.p.R.e.s.o.u.r.c.e.s...d.l.l.<./.R.e.s.o.u.r.c.e.D.l.l.>..... . . . .<.S.p.l.a.s.h.S.c.r.e.e.n.>..... . . . . . .<.H.i.d.e./.>..... . . . .<./.S.p.l.a.s.h.S.c.r.e.e.n.>......... . . . .<.L.C.I.D.H.i.n.t.s.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . . . . .<.R.e.g.K.e.y.>.H.K.C.U.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.V.i.s.u.a.l.S.t.u.d.i.o.\.9...0.\.G.e.n.e.r.a.l.<./.R.e.g.K.e.y.>..... . . . . . . . .<.R.e.g.V.a.l.u.e.N.a.m.e.>.U.I.L.a.n.g.u.a.g.e._.f.a.k.e.<./.R.e.g.V.a.l.u.e.N.a.m.e.>..... . . . . . .<./.L.C.I.D.H.i.n.t.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . .

C:\158708e7c5ec5138b5e887b350f3\header.bmp

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PC bitmap, Windows 3.x format, 49 x 49 x 24, image size 7254, resolution 2834 x 2834 px/m, cbSize 7308, bits offset 54
Category:dropped
Size (bytes):7308
Entropy (8bit):3.7864255453272464
Encrypted:false
SSDEEP:
MD5:3AD1A8C3B96993BCDF45244BE2C00EEF
SHA1:308F98E199F74A43D325115A8E7072D5F2C6202D
SHA-256:133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
SHA-512:133442C4A65269F817675ADF01ADCF622E509AA7EC7583BCA8CD9A7EB6018D2AAB56066054F75657038EFB947CD3B3E5DC4FE7F0863C8B3B1770A8FA4FE2E658
Malicious:false
Reputation:unknown
Preview:BM........6...(...1...1...........V.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\sqmapi.dll

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):144416
Entropy (8bit):6.7404750879679485
Encrypted:false
SSDEEP:
MD5:3F0363B40376047EFF6A9B97D633B750
SHA1:4EAF6650ECA5CE931EE771181B04263C536A948B
SHA-256:BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
SHA-512:537BE86E2F171E0B2B9F462AC7F62C4342BEB5D00B68451228F28677D26A525014758672466AD15ED1FD073BE38142DAE478DF67718908EAE9E6266359E1F9E8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................................Rich...................PE..L....IE...........!.........$.....................l.........................@......R.....@.........................D.......$...d....................... (... ......P...8............................\..@.......t.......D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc....... ......................@..Ba.IE8....IEC....IEP....IEZ.....IEe....IEP...........msvcrt.dll.ADVAPI32.dll.ntdll.DLL.USER32.dll.KERNEL32.dll...............................................................................................................................................................................................................................................

C:\158708e7c5ec5138b5e887b350f3\watermark.bmp

Download File
Process:C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe
File Type:PC bitmap, Windows 3.x format, 164 x 628 x 24, image size 308978, resolution 2834 x 2834 px/m, cbSize 309032, bits offset 54
Category:dropped
Size (bytes):309032
Entropy (8bit):6.583379857106919
Encrypted:false
SSDEEP:
MD5:1A5CAAFACFC8C7766E404D019249CF67
SHA1:35D4878DB63059A0F25899F4BE00B41F430389BF
SHA-256:2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
SHA-512:202C13DED002D234117F08B18CA80D603246E6A166E18BA422E30D394ADA7E47153DD3CCE9728AFFE97128FDD797FE6302C74DC6882317E2BA254C8A6DB80F46
Malicious:false
Reputation:unknown
Preview:BM(.......6...(.......t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Config.Msi\4adac9.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:modified
Size (bytes):31332
Entropy (8bit):5.51199098344079
Encrypted:false
SSDEEP:
MD5:6D08F39BB6F8E704E60F0E5C139C1771
SHA1:19802F2AEE78C3BF30AFF3248B2F2E835C6DADBD
SHA-256:1EDA5D0AEFECE034AB087E0507DF6CFC70E52DDAD5C24D52ACD5D4A82CF3F16F
SHA-512:BBA6D2998BCCBD18A80AD5458F2972A79F1F59C291E936948EDE8451712AE78487643EF3AC7C4516385E41A86A950E003166FE3C44373458C4D0CBB7A3AFF651
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5};.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219..vc_red.msi.@.....@.....@.....@........&.{461C455E-DA40-49B3-871B-14308CC7CEFF}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{8453C4E7-26E8-3408-B3A4-5940CA95BC60}&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.@......&.{1414BD84-D9A5-3EE5-AA73-118D7C072370}&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.@......&.{E2F46933-FF4F-46E0-B997-F64D2C6D4FA1}&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.@......&.{529D0A60-398C-38A2-97EF-82FAFA798A06}&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.@......&.{9983C931-37BE-3C6E-AD32-8B6E789B6881}&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.@......&.{E822F933-C70D-3CF4-A92D-7263B8ACCF30}&.{F0C3E5D1-1ADE

C:\Config.Msi\4b0a64.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:modified
Size (bytes):22525
Entropy (8bit):5.8748169972395115
Encrypted:false
SSDEEP:
MD5:5A4E7D94CB640419A094D20E81956CA6
SHA1:0C6DFE1D39902B38C9D801D3FB1D917CC1CE2AB4
SHA-256:6369C8C98C99FD796279D6BF315BB1F4BB8DC9BC12674564B1F8B9392DF72B42
SHA-512:DF8D95074AB825CC359095EF4B8E1957C1522DA9B84BD19F2F8B7712953173AE0E5B5DD06D358707D972CEB5830178BFE06C7B94A2779B2415693738B46C3BFE
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}..EPSON OPOS ADK Ver3.00..EPSON_OPOS_x86_3.00.0.msi.@.....@.....@.....@........&.{B172D4FD-4083-4574-A2E8-C472D5B95895}.....@.....@.....@.....@.......@.....@.....@.......@......EPSON OPOS ADK Ver3.00......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FD4B1516-7E5D-4F88-B341-338D7101DB6D}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{1576EC96-81F6-45A5-9973-B5F8321C91BA}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{3DE2F290-D208-4BE6-A4B8-2FBE44A5574B}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{038E6A7C-41FA-4945-AEA8-D76E7F841443}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{AD0DD4DE-7E98-44CE-B049-C477CC0A2B00}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{AD0DD4DB-83F1-4F22-985B-FDB3C8ABD471}&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}.@......&.{AD0DD4DC-6BE3-460D-A14F-

C:\Config.Msi\4b0a68.rbs

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):247528
Entropy (8bit):6.188239137693105
Encrypted:false
SSDEEP:
MD5:7759982BAAB6DE3632E54FC7B2F41FDD
SHA1:C1492B94708B6E43EA013B38DEBFABA2D10D7675
SHA-256:E15C2C8CA5D8F5018FFF8D718F4FC870FF677B5334C8493CDD3D2CDBDA8FC6B2
SHA-512:55A9932C9BF05D64A5AC09857ED413A5CAAB56CADC2E9E9CACCCE954529DD6F00AF11FB79521BCC3167CDDCB70EAB8A4B85DFD25DC7B8009CA3C8FE88A76E0D6
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16} .EPSON Port Communication Service..PCS64.msi.@.....@.....@.....@........&.{434DEA19-0155-4F29-BFD4-62ABB34F7569}.....@.....@.....@.....@.......@.....@.....@.......@.... .EPSON Port Communication Service......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3EFB3260-D67D-48C8-B0A6-9F71B8AECF50}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{B7EC7AFF-6113-46E9-A08D-6A013B33AB67}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{6171CD59-BDE9-4F00-8F27-53BE03D1D654}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{3AAAFDBF-D307-4E95-A6EC-5745B03D99A5}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{91A8A5E6-F1BD-438C-9A01-CE414ACAF8D9}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{9018818E-9FE9-4358-90FC-6750D3D471B8}&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}.@......&.{AFC0FF4C-469B-4B3F-B

C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):799568
Entropy (8bit):6.395959540562793
Encrypted:false
SSDEEP:
MD5:1FC6060E2B7DA45E4E9FB7F3E75ADC0A
SHA1:4CB47EB40457945D2E8F56471192A387C2DD0369
SHA-256:92DA58F32E8468C86B830D88914E872558E8A6BC6D430F8CD1CF4236C8A32D51
SHA-512:52E9DF7496AD5B2C7566E2A54FAEFBCA7F45EE8C0A88F12B95602AF78C7F8E4FB45BE52E83C600DE84D41356B1E14240807769AB6AB7B88C644FB2ABED569A5B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../..m|..m|..m|..|..m|}..|..m|.n.|..m|.n.|..m|.n.|..m|..|..m|..l|n.m|.n.|..m|.n.|..m|.n.|..m|.n.|..m|Rich..m|........................PE..L...U*_M.........."!.....t..........+........................................`.......Z....@.................................z..(.......................P..............................................@...................Dx.......................text....s.......t.................. ..`.data....K.......&...x..............@....rsrc...............................@..@.reloc..............^..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\EPSON\portcommunicationservice\DeviceControlLogLibrary.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):86016
Entropy (8bit):6.237367351794517
Encrypted:false
SSDEEP:
MD5:FE8AED9D1A36AD06E6237F600C9E8579
SHA1:CCD9D4D55E46782A41D4EA7A5E596F41B548F42A
SHA-256:115719386F878C4A7C0F04F29CA741A65F0E24F91DFE4EF3762B2B3AE1989C11
SHA-512:52722717DC6A9BA1B6E4CA67BC43D809883E1D0E8B6687F3A1AED421EBE4909FCD64535C9AC04ABC14DC735F9040AD1C455F496B7797D9F8C9E3CBE0A0399395
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jrsn...=...=...=.k.=...=.k.=h..=.k.=!..=).f=...=...=`..=.k.=...=.k.=...=.A.=...=.k.=...=Rich...=........................PE..L.../.:_...........!.........j.......S...............................................v....@..........................4..8....+..<....p..............................................................0...@............................................text...Y........................... ..`.rdata...5.......6..................@..@.data....,...@......................@....rsrc........p......................@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\EPSON\portcommunicationservice\PCSIF.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):157184
Entropy (8bit):6.345706154366442
Encrypted:false
SSDEEP:
MD5:8305C4D7E7D4D1AABA7ABD4125A99945
SHA1:D61B9E60E9F1E4A71B44C89DF6A243C9A384BE56
SHA-256:8BA7A07A538202871587CE074931B88B6ED29A44A05CE66871194FC7D164AB65
SHA-512:6EFBFC23A3BFCCE1F7FF526CFB6DEB2F22B43FDE6CD125BC2A46713E25CB1C58B39DAC29EB94FFDEDE13198C02D4C0A57C849E919246E81D14CA0C40C6B96CB4
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........H..H..H..A.].Y..A.K.!..A.L.y..H..0..o$..O..A.B.Y..A.Z.I..V.\.I..A.Y.I..RichH..................PE..L...c.:_...........!.................................................................D....@..........................-.......%..P....`..T....................p..4...................................H...@............................................text...~........................... ..`.rdata...`.......`..................@..@.data........0......."..............@....rsrc...T....`.......6..............@..@.reloc...)...p...*...<..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\EPSON\portcommunicationservice\PortConfig.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):254976
Entropy (8bit):6.327243883246176
Encrypted:false
SSDEEP:
MD5:7E170107737426776373A9ABF189A680
SHA1:8A5A6E411884EB45736831ECD12BE2B75EC4FA55
SHA-256:18381B5DAA4F966D02CB56EAB752C68F0B565EE22A0C5712212E99229C3729C3
SHA-512:F1569442C5C840C46596F0381C9125555BAD881FE8A1B3E7FA80D43594FFACBEFB6AE3097F3BC9827A0C897B1A4FAD765EB9A68EF364240E526AC025E5690202
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z].t4..t4..t4......t4......t4......t4..t5..t4...O..t4......t4......t4..&...t4......t4.Rich.t4.........................PE..L.....:_...........!................i........................................0......q.....@.....................................x.......x........................*..`................................Z..@............................................text............................... ..`.rdata..............................@..@.data....9..........................@....rsrc...x...........................@..@.reloc..(:.......<..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\AutoUsb.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):98816
Entropy (8bit):6.327650275531142
Encrypted:false
SSDEEP:
MD5:024B6E5FE707FF84F6E6545AC80BE25C
SHA1:CF34B1ACDE695A998844D0087CF854E6276023C1
SHA-256:A72595715B65CFFD171339825E882A62F08AEAC82372B4DA0C01DE77C8F68710
SHA-512:DB8536804D5B46E0EF78AEB74DAF98922E0FA7D4C178F5BF4DBE131BA76420C29C9C0E7DDB36BD5848436A9DEFE0B6CC4B61315FB92FF708B26AF96B0EC3A828
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..k..k..k...k..kB..k..k.!.k..k.!9k..k.!.k..k..k...k.!8k...k.!.k..k.!.k..k.!.k..kRich..k........................PE..L....$.`...........!................................................................u.....@.........................`O.......D.......p..(.......................0"...................................&..@...............0............................text............................... ..`.rdata..RQ.......R..................@..@.data........`.......B..............@....rsrc...(....p.......J..............@..@.reloc..`-...........T..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\BluetoothIO.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):123392
Entropy (8bit):6.284098644165696
Encrypted:false
SSDEEP:
MD5:823DDFBFE6EE82DAE9B817975A76B323
SHA1:3E228F60EE152BF47DCE95AAFA11A719F9942112
SHA-256:E10416E1DB6AE72B2E898DC67696732D651497D55DDC50BD13BC2FF77C56CCA9
SHA-512:C3382ECB68DE8514D2D969733C0B4B8D2E977B547CBD6841119A973A343739AF2BCEB228A94ED51C84D429FE617E89643C4EFEE0539F0D054BD952DCA7B9A961
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..`...`...`.......`.......`.......`.......`...a...`.......`.......`.......`.......`.Rich..`.........................PE..L.....:_...........!.....N...................`...............................0.......&....@.................................H...<.......x............................a..................................@............`..|............................text....M.......N.................. ..`.rdata...P...`...R...R..............@..@.data...............................@....rsrc...x...........................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\BmpToRaster.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):118784
Entropy (8bit):6.083757314042197
Encrypted:false
SSDEEP:
MD5:8A3FA5EB6CC09F4920940719691195E4
SHA1:5244FD9159CDAFBE45392D7F20DF06BD40DF4D92
SHA-256:6776CC6FAA8E519EAC1C7B6AC4B2AA00FF0CB187DDF6CF190A3319098121277C
SHA-512:FEE53C3F1F5AFBB5476237DB0138F6823E99D1F3FCC027C0C7A5C01CB5C5E4D102279B685AF6E2D94AD453B201A8980C89E2771B9AD7B2A00472E6ED2BFC9615
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`&"S.HqS.HqS.Hq...qP.HqS.Iq..Hqt.5q@.Hqt.%q..Hqt.&q}.Hqt.2qR.Hqt.4qR.Hqt.0qR.HqRichS.Hq........................PE..L....L.K...........!.....0..........oW.......@.......................................................................j.......c..(...............................|....................................\..@............@..<............................text....+.......0.................. ..`.rdata...+...@...0...@..............@..@.data....@...p...0...p..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\CollectCopyInstallModules.bat

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):638
Entropy (8bit):5.457228405287581
Encrypted:false
SSDEEP:
MD5:2A880A13164714A79977617C2D4294BA
SHA1:D406A1F21B80D196559557171ED20870309B4001
SHA-256:DBA5842EA7DA29183C9B059E532E3C1DCF59F8E2DB4BBCD0272477C0C859AC46
SHA-512:C9A04D324572F3397799DA424617EF727A4C060E93BD619AE8EF156F28DCC4F416AB7766CDB917D4335DD631ACA196013C2B56CEB2E7D23D5ED2FFBAE2A4044F
Malicious:false
Reputation:unknown
Preview:..echo off..cd /d %~dp0....openfiles > NUL 2>&1..if NOT %ERRORLEVEL% EQU 0 (.. echo "Administrator rights are required.".. pause.. exit /B 0..)....set TEMPPATH="%ALLUSERSPROFILE%"..goto COMMAND....:COMMAND..rmdir /S /Q ".\EpsonCopyInstallModules"..mkdir ".\EpsonCopyInstallModules"....IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86....reg export "HKLM\SOFTWARE\Wow6432Node\OLEforRetail" ".\EpsonCopyInstallModules\OPOS.reg"..goto COPY....:X86..reg export "HKLM\SOFTWARE\OLEforRetail" ".\EpsonCopyInstallModules\OPOS.reg"..goto COPY....:COPY..copy %TEMPPATH%\EPSON\portcommunicationservice\pcs.properties .\EpsonCopyInstallModules\....

C:\Program Files (x86)\OPOS\Epson3\DevCore140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):521216
Entropy (8bit):6.623207933796962
Encrypted:false
SSDEEP:
MD5:BD83193571EE1884EAB5F424103B49AC
SHA1:4A81CA55B4C4F682F6EFAC44BC374084DA0EE138
SHA-256:E8CD2CBF650BFD1E2E7F03CF50F71D40D30F9221C5F94D3D192D8E853BAB1A1D
SHA-512:FC3DF4A3C7FCE3C9C5F49D11EDC48A11FA9D8730F8C28F1752B94006ADD469FD59FD673A1D2434503D8C481479ECB227168876BDC67036BDD4A9E74AFD315C76
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p....vC..vC..vC.g.C..vC.i.C..vC8_.C..vC...C..vC...C..vC...C..vC.i.C..vC..wC..vC...C/.vC...C..vC...C..vC...C..vCRich..vC................PE..L....#.`...........!.........>.......e.......................................0.......r....@..........................................@.......................P......................................X~..@............................................text............................... ..`.rdata..............................@..@.data...|M.......H..................@....rsrc........@......................@..@.reloc..<....P......................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\DevCore200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):375808
Entropy (8bit):6.58811339089976
Encrypted:false
SSDEEP:
MD5:B54EB50A931A38D921ADA52DADEA21BA
SHA1:B62DA0616816A0A88B84735C025782EA1815E781
SHA-256:705E5B4BC5FE235EA01BC6A6565FC79EFCEDB3225758A26928CA900EA577EE01
SHA-512:D786309C687A4319C10E72BDA3439BEE10EA43939677F1FFF79C0D844C45BFC021BF2A2A493FCBDB6F80506A433143E7CAE41CDD6C494E28297675390A8E1825
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f.\...\...\...3..Y...U..X.......^...G...Z...G...Q...G...Z...U..Q...\.......G.......G...]...G...]...G...]...Rich\...........................PE..L....#.`...........!................RI....................................................@.........................0... ...|y.......`.......................p..lk......................................@............................................text...l........................... ..`.rdata..Pv.......x..................@..@.data...<%...0... ..................@....rsrc........`.......8..............@..@.reloc...v...p...x...D..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\DeviceSharing10.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):185856
Entropy (8bit):5.448730099622747
Encrypted:false
SSDEEP:
MD5:334174467FEDD7021184D2B63AE2909D
SHA1:9CD213B61B8F058E0212DEEAD1C6D3F13F35C80B
SHA-256:6EC575BB5EAD781DD6B45B9D517EE92585FD2586CC67E1692343BFD61D9741AF
SHA-512:E824882A4696DA050248DD2023C1A3D29BA4F6D2F64FC490A5885CC3A9D01F9C959B42B0100E1A3CA7800E5546B200F4D78035537C176FF4A5C1A5837EE902AD
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................j.......a......rg......rS......re.........~....rR......rb......rc.......n......rd.....Rich............................PE..L...3$.`...........!................Wa....................................... ............@..........................b...3..............c........................$.................................. $..@...........<................................text...J........................... ..`.rdata..............................@..@.data...(............~..............@....idata..............................@....rsrc...c...........................@..@.reloc..C).......*..................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\DisplayUnicodeAdapter.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1653248
Entropy (8bit):6.467118149252618
Encrypted:false
SSDEEP:
MD5:DDF3D8E9A5C2FCCF7680FAB6947684FB
SHA1:7E9FD7A995D599400AC8F9B25E1AF72E46D8A743
SHA-256:AB637D99793C71AFBC3D74E3456AE2154E7BFB193343F43798C307685023FA4E
SHA-512:9836BA6BDD130C825C63EEF6019FD8B2BA51EDE9C7B6DEECBD369C59A16B3942DAD8AE31BB514A0CBF3BC69C7E809B38B7C5682A9274E3416B6240AA73828427
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...p.qQp.qQp.qQy..Qq.qQy..Q|.qQy..QS.qQp.pQ..qQk4.Q[.qQk4.Q.qQk4.Q..qQk4.Qq.qQk4.Qq.qQk4.Qq.qQRichp.qQ........PE..L....#.`...........!.........X......................................................eg....@.........................0$..........T........7...................P..........................................@............................................text............................... ..`.rdata...4.......6..................@..@.data........0...^..................@....rsrc....7.......8...v..............@..@.reloc..&....P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\EAPBcd0.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):221696
Entropy (8bit):6.694626164945651
Encrypted:false
SSDEEP:
MD5:25B35518237FE69ABCC38DCFBA07A18E
SHA1:EB2AAE9B3E1948BD35F4D4C1930E8E8293932A91
SHA-256:17CB57553480BF7D0F29BB59D10690DB33823B8DF64B9D67ADB415E0E24DACD1
SHA-512:F01939C51689A2B4B020181CA76B85EA57B7A22B6C57A7208232874C322BE5CBC164631ECA23B8C34F77A8219756ADBC26B05E6294E8073EE95A277DB4A4E576
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U8..;k..;k..;ks.fk..;k.[Fk..;k.[Vk..;ks.[k..;k.[@k..;k..:k9.;k.[Ak..;k.[Uk..;k.[Ek..;k.[Gk..;k.[Ck..;kRich..;k........PE..L..._..T...........!.....,..........0........@....@..........................0.......................................9......T2......................................................................h...@............................................text...b*.......,.................. ..`.data........@.......0..............@....rsrc................:..............@..@.reloc...".......$...>..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\EAPBcdR0.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):17920
Entropy (8bit):5.7008671619740285
Encrypted:false
SSDEEP:
MD5:3E0098B55CAB582DFF1D4159D101B892
SHA1:B2A32A946CA174AAE3D3B5B8F1667673DAD27F35
SHA-256:DB8FCA739ED6DBA8E225E22D0475D7BE39CD2E33009BA69BAE77B30C1191BCCB
SHA-512:CCE8D85DD65C45D4C7F2E0E307220D0A6CC1810A98100690AB057F75C51610CADEF48F92FF447D1E9ABB235C947A89B6E9DE0D028BAD1BF8972FD7A5B9551098
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kg.x/..+/..+/..+...++..+...+(..+...+...+...+-..+...+*..+/..+O..+...+...+...+9..+...+...+...+...+...+...+Rich/..+........PE..L...h..T...........!.....0.........../.......@....@..........................p.......................................>.......:..d....P.. ....................`..........................................@............................................text..../.......0.................. ..`.data...<....@.......4..............@....rsrc... ....P.......8..............@..@.reloc.. ....`.......>..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\EthernetIO31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):170496
Entropy (8bit):6.319496784841874
Encrypted:false
SSDEEP:
MD5:324DDA492645531339565E5AACFC8668
SHA1:060A0A92E59767CD5FC9FA149CD9B983E27B76FD
SHA-256:8629327A3EDFFD19CEB3B57A04869E2A90414249FF4406CC6A51FAADBD2CE4EC
SHA-512:A3A48699D53216405C5471ADE0316CFF4136E8259FC17492C27480E05769F4864F120CC6D04464EDA72E756F4D3CE8E33E0BFDB6ECCCDEB4CFF419E3F8480100
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......MZ...;..;..;..Cx..;..Cn.b;..Ci.;;..;.;......;..Cg..;..C...;..iy..;..C|..;.Rich.;.........................PE..L.....:_...........!.................F...............................................Y....@..........................d......t[..P................................ .. ...............................01..@............................................text............................... ..`.rdata..Qe.......f..................@..@.data..../...p.......P..............@....rsrc................d..............@..@.reloc..V........0...j..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Install.bat

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):2207
Entropy (8bit):5.350599728562168
Encrypted:false
SSDEEP:
MD5:7E2919A4E0BB6BE53879BEDC56ED138D
SHA1:11D1912D0213B6D13C1F03BE37D2E840E125E093
SHA-256:C1414A86B5687FDE01FC415FB563385BB714517D049E1DC2EA42DD3D8B664612
SHA-512:4B9D1B6EB674D7ECD327A191B7D4BEDC3E5DE264A32B0CEACEF324142F0ED8753E06A6355F2DEBA84D909B9DA10E1C9A1C9B560BF0120D1659177D47CE96C8D3
Malicious:true
Reputation:unknown
Preview:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::..:: Install EPSON OPOS environment to your system. ::..::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::..@ECHO OFF..SET installPath="C:\Program Files (x86)\OPOS\Epson3\"..if not "%~0"=="%~dp0.\%~nx0" (.. start /min cmd /c,"%~dp0.\%~nx0" %*.. exit..)....IF "%PROCESSOR_ARCHITECTURE%" EQU "x86" (..cd "C:\Program Files (x86)\OPOS\Epson3\"..regedit.exe /s OPOSReg_x86.reg..REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f /v "OposDir" /d %installPath:~0,-2%" /t REG_SZ..sc stop "EPSON_OPOS_Parallel_Port_Driver" > nul 2>&1..MOVE pcslpt.sys "C:\Windows\System32\drivers" > nul 2>&1..) ELSE (..cd "C:\Program Files (x86)\OPOS\Epson3\"..regedit.exe /s OPOSReg.reg..REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f /v "OposDir" /d %installPath:~0,-2%"

C:\Program Files (x86)\OPOS\Epson3\LblBcd01.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):98304
Entropy (8bit):6.100998657052011
Encrypted:false
SSDEEP:
MD5:821EFC55DA345CE5C0D40E06EEB6F4D1
SHA1:2208AF3DD905B14FCEF1D370B0B29F3718FAFC2C
SHA-256:049349B8C9A830CB7E1399E5939AA308D1ECB04F186D59F830383FBF54BD7397
SHA-512:AFB8024256AE1BF0DE4948DE122EB791C302B871752A05FE5EC9B447AF906DECA9A99BDEFDAB68D2E27E0022C664FAA1861AE99765FB5DE2B495B6833ACB4B1F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..w...$...$...$]..$...$U..$...$a..$...$l..$...$l..$...$l..$...$...$...$z..$...$z..$...$...$t..$...$"..$..$...$...$...$Rich...$........PE..L.....0>...........!................I...............................................................................p2.......,..x....`..(....................p.......................................................................................text..."........................... ..`.rdata..@S.......`..................@..@.data...T....@.......@..............@....rsrc...(....`.......P..............@..@.reloc.......p... ...`..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Lfbmp12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):36864
Entropy (8bit):5.757002770791612
Encrypted:false
SSDEEP:
MD5:9592B8AD614F13246F941474C47FAFE2
SHA1:53047D3BA085DBC12217248B283BA9861F6CFF81
SHA-256:207829553EDC167B2D9D731D0C90155D79F8191F238A4B82F91AFEA3B18A2988
SHA-512:B8D6638308FC136BB6E3E837530E27573BC706030EE692DC566B9DB12AB88DB5F98493C65651002DED8DFF06EA2DD748AEA945750BA31884E573FBE84C705228
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4<.:...........!.....b...>.......J...............................................................'..........................<.......H...........................................................................H................................text....a.......b.................. ..`.rdata...............f..............@..@.data....$...........l..............@....idata..l............~..............@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Lfcmp12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):314368
Entropy (8bit):6.3758614213238225
Encrypted:false
SSDEEP:
MD5:7CA9E04123E901FFC40ACE27771BA115
SHA1:E1F4A0783C7C81F9A9B23E5DF9223F9E310EAD10
SHA-256:AF352DFC935A3EC7BB27AB2F23ED9A4F7DB98D89D1262E46D55D76051940FFD7
SHA-512:538323A20D6E11DFC0425F49E32E85CDC48922BD56AF06F522DCA041CCA00FD9CFB78B99A7170E3AED516D4E14B75EAFFA50E9ACCA79CD2023C5EAC851E4D9A6
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F..AF...@...F...Z...F..Rich.F..........................PE..L....<.:...........!.................U...............................................................'..............p........`..<....p..H...........................................................................pa..4............................text...R........................... ..`.rdata..............................@..@.data...x...........................@....idata.......`......................@....rsrc...H....p......................@..@.reloc..v$.......&..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Lffax12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):78336
Entropy (8bit):6.196842030279752
Encrypted:false
SSDEEP:
MD5:BD8FB647F79B050DBB2BDE67C78B3A24
SHA1:84279E6662B466F1FCF25C278A855C32322218E7
SHA-256:4AB997808B2CE9F2D8F708963CFDDB7E1F6A74019C40DC9B3AD9B461E6B140BD
SHA-512:B53AA3B6D951E12006F8E01E1EA27919F2C49488E452B1DAF2F72452E59E1C49CAA7616ABC89229028B7CD5FC0EE536EF13C568A03EB69D6640500A6981D8EBE
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1<.:...........!................ ................................................................'.......................P..P....`..H....................p..p...................................................PQ...............................text...X........................... ..`.rdata..............................@..@.data...\........v..................@....idata.......P....... ..............@....rsrc...H....`.......&..............@..@.reloc.......p.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Lftif12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):155648
Entropy (8bit):6.271668652848397
Encrypted:false
SSDEEP:
MD5:989C1FDA31A5AFCFB7F634FE0D510C21
SHA1:FB33B78F0AA6E554998557CB235393FC2A2525FA
SHA-256:3EA317FA32D9F03961E67E020E8A118C410F8624DDAA242F86578A9AB46E78A5
SHA-512:BF4E05C63E26E667B31E97A6C739E55F4328D162551D86077E52005B50592875C22934498891ADD500153241F391D73B11AA8F27D1DE1E7A5C84F9D35C66EB6C
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i<.:...........!.................Y...............................................................'..............p...........d.......H..............................................................................d............................text............................... ..`.rdata..C...........................@..@.data...8d.......R..................@....idata...............<..............@....rsrc...H............D..............@..@.reloc..\............J..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Ltdis12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):278528
Entropy (8bit):6.427421147301717
Encrypted:false
SSDEEP:
MD5:9C9D11D244A299BD2F033FC563CB936F
SHA1:EEFBA3011122B1CD9627D42348818EB9D16479AD
SHA-256:643963A31C6ACDF329091300F101CCCC0DE5FA5EDBBF459B3297AF2C961E27D3
SHA-512:9B2FF61BBFC560F45176C15DB61BD1C499667CF0D97C0C05D9A6DCDD8CF0B376CACADDEB1D58A9390AF5337BDCAD7B8F7F3CD67CA38F8E7DC55BD9A3DD836DEA
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.:...........!................P%...............................................................'.......................@..d....`.......................p.......................................................D..P............................text............................... ..`.rdata..............................@..@.data...([.......@..................@....idata.......@......................@....rsrc........`......................@..@.reloc...!...p..."..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Ltfil12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):121344
Entropy (8bit):6.235461537390293
Encrypted:false
SSDEEP:
MD5:DC39B687004E4B8CB6999B15B32A2A10
SHA1:762DE59A919A6E1A4F6AD0806CD45BFC42305C59
SHA-256:14B45E5B31112BFDF1BA593C065D2596C779FDC596CB78E0946F59572D82CA63
SHA-512:6A0F60158919601F6601E43CAF8DDFC8F589A3F17DFF811ACDC6F3B8D3F2D91694D6509461145906BFFDC3DB4E7BD8515ABE8FD74647825228763AF9F72111CF
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.:...........!.....`...........!.......p...............................@.......................'..........................P.......H.................... ..p.......................................................<............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data....i.......,...~..............@....idata..6...........................@....rsrc...H...........................@..@.reloc..L.... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Ltimg12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):166400
Entropy (8bit):6.337787564976754
Encrypted:false
SSDEEP:
MD5:244F3413C6632C5FE3D0B0A1F833011C
SHA1:09DB085993C3766F0DB35C7A16810EC0F7781390
SHA-256:9A5486977A11F38DAF918074E72307F6AE58596D79AE2A511DDF4CE5AB251151
SHA-512:630A0403D8F6E2FB2270EB7CF7294D9735AE5236CD9F1D652EB51771DA6B25746A9B1B04403A85F12BE4BCB1022BAF22FFD471A664A73C248BF75D7AC912934B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.:...........!.........Z...... ........@.......................................................'.............. F..e...............H..............................................................................X............................text....,.......................... ..`.rdata.......@.......2..............@..@.data....'...P...&...@..............@....idata..0............f..............@....rsrc...H............r..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Ltkrn12n.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):406016
Entropy (8bit):6.422054734541982
Encrypted:false
SSDEEP:
MD5:5B25715843282D0D42CB9A98B78686E1
SHA1:613CF8B64F1D8EB8CEB2830D43AD569097BC58E8
SHA-256:9AAE1BE8C515D49D004EFC2B508C0A4C224C21ABDCBCDE62DCB316D355B2CAB4
SHA-512:AA2DC546AC5B5C24B11106324C17D941C9170B58D4F0EF0B462013DF8B5A69EDA46FF1C9C70F7DA77A6879C2843EB165D10D3D9FB19A03FC6167830BC5376A3F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Mn.:...........!.........N......................................................................'.......................@..P....P.......................`..L....................................................A...............................text............................... ..`.rdata..T ......."..................@..@.data........@......................@....idata.......@......................@....rsrc........P......................@..@.reloc..."...`...$..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSCashDrawer.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):134216
Entropy (8bit):6.455572344511056
Encrypted:false
SSDEEP:
MD5:38314909363328DB3FDBF49FDDF56129
SHA1:89BC741CAEC891751ACC229F112154431F927C07
SHA-256:1C8B25E6C419B549E560A5406FC1CEFCDFDD96C41071889C9F5BF926DE8DD55C
SHA-512:11D6A372D56027BBEFF9BE5ADBC3B46E315A9A803CB46C25D4920221646606DA5584946CA1528EFE6A8C29F6CD28A46B1D193C8349D58EEA654BA9E29743551D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L....J.T...........!.....:..........y........P...............................@......{v.............................. .......|...........<:..............H.......$.......................................@............P...............................text....8.......:.................. ..`.rdata...F...P...H...>..............@..@.data...............................@....rsrc...<:.......<..................@..@.reloc...!......."..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSCheckScanner.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):143944
Entropy (8bit):6.414730783088545
Encrypted:false
SSDEEP:
MD5:91726EA44D151CB464D680E5BBF364B7
SHA1:4F833B4EFD7722D7E36F2C277B4F7C319D090792
SHA-256:45F665C6AD15D43F0F6A0A8C7D46D358DA50C7E753B79FE58AAECDE846FE1E4D
SHA-512:E0936DFAE39793B15F8B9870426AB55D4FB01BE179AB2D16EFDBA3FB42B545315BCB280F20E350A6A7918436EF4834B372F3F0A355C956476FAC8ACCB3201CB6
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L...pJ.T...........!.....D...................`...............................p......z...................................................R..............H....@..(...................................P...@............`...............................text...BB.......D.................. ..`.rdata..=I...`...J...H..............@..@.data..../..........................@....rsrc....R.......T..................@..@.reloc..4"...@...$..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSElectronicJournal.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):144456
Entropy (8bit):6.436484985857671
Encrypted:false
SSDEEP:
MD5:EED7BE82FE1411D28F0CF22E85E7CA61
SHA1:92CCC07BDBDFCF270FFBBA0ED0D180F09979BDE1
SHA-256:C4D671D9AA3709D7C38BD5AC7DB9C4E9C18C099CF8701406FA01A255AD423FE8
SHA-512:B26F542751F948F7B6A34D6EAE56622AF720E7B193E6F89270DFBC291ED09B05922F263F67CC06E8662DF4CE84D9000416D003BA8D93B8A51D8419A065845103
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L...GJ.T...........!.....F..........y........`...............................p......f.......................................l...........XR..............H....@..<......................................@............`...............................text....D.......F.................. ..`.rdata...I...`...J...J..............@..@.data... /..........................@....rsrc...XR.......T..................@..@.reloc..F"...@...$..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSLineDisplay.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):145992
Entropy (8bit):6.41803406676385
Encrypted:false
SSDEEP:
MD5:CBD5C1DB6CC826AD5A30E4AE5467B42E
SHA1:C2BB0B6106B5694583C2E50BAA0BAE6F5977042A
SHA-256:E518BA6731BE193EDD56E0E18A5B3C1000C2306BDAB4AFD9C9A1583D914FC481
SHA-512:63060D902CD55751474531C815817F9C876581008EA598182638E4FA7BE60378C8C31BC449BFF0B741A0C8BD780CD55C7402315CE1A12A0E3214B97317A95AF7
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L....I.T...........!.....D...................`...............................p.............................................L...........xZ...........$..H....@..`.......................................@............`...............................text....B.......D.................. ..`.rdata...I...`...J...H..............@..@.data... /..........................@....rsrc...xZ.......\..................@..@.reloc..l"...@...$..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSMICR.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):136776
Entropy (8bit):6.446120335204126
Encrypted:false
SSDEEP:
MD5:C5B0E00F85EBD592C78F79B1D461716F
SHA1:378985F18C78CA88DE43E7DF67C98343FE3B2F1A
SHA-256:FF9E3CFDFBE18D70FBCD3194364297B820609668E8A781AA338028C109DAFF4E
SHA-512:BC837FEFF3048CA58CE9EF6A76CED1D1DD29BEA6A7410D7B544EEA4B415790B1F251CDE619E6CBE8FF7C9A487CB6EC1548E1F47BD6FBD4573DE6A908A34F3476
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L....I.T...........!.....>..........I........P...............................P.............................................l............A..............H.... ..t......................................@............P...............................text....<.......>.................. ..`.rdata...G...P...H...B..............@..@.data...............................@....rsrc....A.......B..................@..@.reloc..|!... ..."..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSPOSPrinter.ocx

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):165448
Entropy (8bit):6.377682185931483
Encrypted:false
SSDEEP:
MD5:3E48260088A1AE6A2CF9F18C6FB71412
SHA1:789EBF217490A1343D82AB1DD901FAC4EC106629
SHA-256:8C1B31C39E8880851FD71BE1A62793526177EF3DFBEBCD4503BD14ABF4068AF0
SHA-512:A6738B750B5042B7064B01309EE5A2D519BA17A7D4965A8CF834FD79C03B431A86132D9657DC430A0F514E001FF441283B14E1530274234D54B33D13BB974950
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.!r+.O!+.O!+.O!"..!:.O!"..!A.O!.U"!..O!.U4!&.O!+.N!.O!"..!..O!"..!*.O!5..!*.O!"..!*.O!Rich+.O!........PE..L...aI.T...........!.....R..........Y........p.......................................V..............................@...................,............p..H.......@.......................................@............p...............................text....Q.......R.................. ..`.rdata...M...p...N...V..............@..@.data...@/..........................@....rsrc...,...........................@..@.reloc..p$.......&...J..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\OPOSReg.reg

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Windows Registry little-endian text (Win2K or above)
Category:dropped
Size (bytes):6374
Entropy (8bit):3.740826426320199
Encrypted:false
SSDEEP:
MD5:34999360FE5521523862084EAB344249
SHA1:98A8B0DB0142994AC9D626C4A5DC4F8D6F014E35
SHA-256:14CEF80B8108C2457C536BCE7622FBEBAD4B2D6C3B8BC7871C558508FBA013EE
SHA-512:0FF528F80CFF7A26A96D1F453778FF2A54CFD9B92E9B1ED02BD6E714D091239CF4A697FD3D5ECCE9ABFD048EB8875C1355873140E9CEF6DFDDEE1024FAA2CFC1
Malicious:false
Reputation:unknown
Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.W.o.w.6.4.3.2.N.o.d.e.\.O.L.E.f.o.r.R.e.t.a.i.l.\.S.e.r.v.i.c.e.I.n.f.o.\.E.P.S.O.N. .O.P.O.S. .A.D.K.].....".P.r.i.m.a.r.y.C.o.n.f.i.g.".=.".E.P.S.O.N.3...0.".....".C.O.M.M.a.x.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.a.....".L.P.T.M.a.x.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.3.....".A.p._.L.i.s.t.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.3.....".A.p._.H.y.d.r.a.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.C.h.e.c.k.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.0.....".A.p._.M.a.i.n.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.T.u.r.n.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.T.o.o.l.B.a.r.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.S.t.a.t.s.B.a.r.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.W.o.w.6.4.3.2.N.o.d.e.\.O.L.E.f.o.r.R.e.t.a.i.l.\.S.e.r.v.i.c.e.I.n.f.o.\.E.P.S.O.N. .O.P.O.S. .A.D.K.\.E.P.S.O.N.3...0.].....".

C:\Program Files (x86)\OPOS\Epson3\OPOSReg_x86.reg

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Windows Registry little-endian text (Win2K or above)
Category:dropped
Size (bytes):6182
Entropy (8bit):3.725578855854168
Encrypted:false
SSDEEP:
MD5:85991A5D53F53F71BEB4A91F0A9A53FD
SHA1:DC3D3D8A308B7BF3E2FB92A5B7A5B09D28601EF2
SHA-256:DA29204A5B8E2F69E8305CBBDF189845E21C4775A798D89EE66481F560F2E647
SHA-512:9078886EA849828D42F11F61F9CF22E95CEBD523985FFFF54307F27C801C8F222D6132E416BDA6DDD894E9D10568161801F1052523002751FD06775E2BD400A9
Malicious:false
Reputation:unknown
Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.O.L.E.f.o.r.R.e.t.a.i.l.\.S.e.r.v.i.c.e.I.n.f.o.\.E.P.S.O.N. .O.P.O.S. .A.D.K.].....".P.r.i.m.a.r.y.C.o.n.f.i.g.".=.".E.P.S.O.N.3...0.".....".C.O.M.M.a.x.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.a.....".L.P.T.M.a.x.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.3.....".A.p._.L.i.s.t.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.3.....".A.p._.H.y.d.r.a.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.C.h.e.c.k.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.0.....".A.p._.M.a.i.n.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.T.u.r.n.V.i.e.w.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.T.o.o.l.B.a.r.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.....".A.p._.S.t.a.t.s.B.a.r.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.O.L.E.f.o.r.R.e.t.a.i.l.\.S.e.r.v.i.c.e.I.n.f.o.\.E.P.S.O.N. .O.P.O.S. .A.D.K.\.E.P.S.O.N.3...0.].....".C.o.n.f.i.g.u.r.a.t.i.o.n.".=.".A.s.s.o.r.t.e.d.

C:\Program Files (x86)\OPOS\Epson3\ParallelIO31.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):134656
Entropy (8bit):6.309454055511715
Encrypted:false
SSDEEP:
MD5:0AC3D0E2CA473C6CE34287FF9BD731CC
SHA1:F46F03B0ADE538CF96A0CA529CE8DCB800F9A796
SHA-256:5248A3C98A44DB88BDAB4A892348A48F8D2F6B770FB6D2EEDB380B1BA777B3C9
SHA-512:BC280092B0D36E336EFD42D26D447ED458A5ADB5B5E9A7667BD16BF6C2578763227DC90C85083A261AB89A06DE586971FCC856D00D331C72463D8CAEB122A097
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k.......}.......z......"................t.......l.......j.......o.....Rich............PE..L.....:_...........!.....p..........+........................................P.......H....@.....................................P............................ .........................................@............................................text....o.......p.................. ..`.rdata...X.......Z...t..............@..@.data...$/..........................@....rsrc...............................@..@.reloc..J%... ...&..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Port80211.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):90112
Entropy (8bit):6.201409950450163
Encrypted:false
SSDEEP:
MD5:38630A27DA21994A207672A3370D673F
SHA1:EF1A05E66271FAE1BDA4AF157DBA4F509A1167AD
SHA-256:16335349C9AC432ACB1EC36110A69091BFBEB214A8642D1C14937D5A546A9F2A
SHA-512:3F75EB2FB031E6EC5D195BC564DA7534E1A0388A37E8482A4BA586D168117844BEA984D11975316C79B9DCB4D841B59585C17257A80C423A158438498F65B262
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P..P..P...`.P...T..P..P...P..(m.P...U.P...e.P...d.P...c.P..Rich.P..................PE..L....$.`...........!.........h.......l...............................................P....@..........................F.......<..d.......l............................................................3..@............................................text...6........................... ..`.rdata...6.......8..................@..@.data... ....P.......0..............@...SHAREDME.............@..............@....rsrc...l............B..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortControl.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):43520
Entropy (8bit):6.269333059678589
Encrypted:false
SSDEEP:
MD5:D0C9049EAADCD2363C68D95BFFBD8D31
SHA1:15E1DDE898A27A598AA4097B2284FAA26159F4AE
SHA-256:A16E320CAF11E241E4267EF9EFC75E26B7553232FF003A59A9B9C8C6DA6CACE9
SHA-512:F50B788401F7245F4B5B0EF70ACD609EA23AAFE56957954553827DF8DAF2211BFCA60367FE3AA79420E6AE426E5788AB7F636941245534A1C40B2DF7DF887F7D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.x..`...`...`......`.......`.......`.......`.......`...`..~`.......`.......`.......`.......`..Rich.`..........PE..L....#.`...........!.....v...0......I|..............................................8.....@............................................`...........................................................x...@............................................text....u.......v.................. ..`.rdata...............z..............@..@.data...............................@....rsrc...`...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortHCom.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):95744
Entropy (8bit):6.322332823270823
Encrypted:false
SSDEEP:
MD5:2D7F4242149D5863A0BE30D908F8492B
SHA1:A85C52D8DA2F363E6D1E9107A87598CB23534CEE
SHA-256:B4B501D2FAA890B96A856712CAB4557EBD64BC6554D484F1496F503B6D5A484C
SHA-512:B25E8CF2EDE61F152FF8F5A868B39332FE6D416882FEE932C5CA9605A3D590BEF09865B8364D155D67BDB488480649F2C779401289C28EC1B6B664578087D660
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u ..1A.1A.1A.*.J."A.*.~.ZA.89G.4A.1A.TA.*....A.*.O.0A.*.N.0A.*.I.0A.Rich1A.................PE..L....$.`...........!.........h.......P....... ............................................@..........................T.......L..<.......`.......................\....................................C..@............ ..t............................text...B........................... ..`.rdata..`5... ...6..................@..@.data....1...`.......D..............@....rsrc...`............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortLpt.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):82432
Entropy (8bit):6.17471598104958
Encrypted:false
SSDEEP:
MD5:8744BC823CCE3635511C322A6872314E
SHA1:BBB9F6923045E045C7B77D037BC5C4511CA2CE08
SHA-256:D054A442A98EA6755BC53ECDF86947F4324BA6D8DC33A32DCCFC104836F55057
SHA-512:5AC7917FCB7DF5CA1F481E49D5481370E93EB29A430A1C1352195D30254A56C8248548DD07E72FE6084953B090485ED06DDEC8D1978A8E97AC05077ED7888374
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<.<.<.'r..,.'r5.b.5...;.<.^.'r4...'r..=.'r..=.'r..=.Rich<.................PE..L....$.`...........!.........f.......P...............................................$....@.........................0&..........P....`..\....................p......................................0...@...............p............................text...E........................... ..`.rdata...6.......8..................@..@.data... ....0......................@....rsrc...\....`.......$..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortNet.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):91136
Entropy (8bit):6.21064348546752
Encrypted:false
SSDEEP:
MD5:9AE0C05E11C8CA37DF049678AAC7692F
SHA1:8A840EB744169A56A0270DDFDFBBF38A3D48A479
SHA-256:1A3472E6EAE5DC46A2D29DD666760D94E95E15A4EA588A2AD8F89184CC94604B
SHA-512:D168C87B10FDD0709161B5135ADEBF215DF8ABA6AEC9CB1C477C4BA8DDCA2B49F27C0ECB749F315E19E80BA20E7DA41BD97D06EE6BCE54A99302B219D5212093
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3!.RO..RO..RO.....RO.....RO..RN..RO..*..RO....RO.....RO.....RO.....RO.Rich.RO.........PE..L....$.`...........!.........h......*o...............................................n....@..........................F.......<..d.......\............................................................3..@............................................text...&........................... ..`.rdata...6.......8..................@..@.data... ....P.......4..............@...SHAREDME.............D..............@....rsrc...\............F..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortPCS.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):27648
Entropy (8bit):6.147604381522982
Encrypted:false
SSDEEP:
MD5:332AB24B0D09DB079D980D79310820E2
SHA1:0FE7C73FD347D03C32038BB82F5359EDC6A9B266
SHA-256:7FC5325D4237D03F165B544F35943CA1670BB770BBE05310C4A2444DD4F831FB
SHA-512:BBC9553DFBA1E15AB048BFD2AC4B31D289D9E64E2A97752371F1679E19EAD6CEEE89C3AD5DCC0361C7F8DAE22557DE48C314BD5126DB1EDF293BB8C7BED4E527
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................'f.......b......'d......'P.......i.............'Q......'a......'`......'g.....Rich....................PE..L....#.`...........!.....F...".......N.......`......................................]%....@..........................q.......j..d.......\............................................................f..@............`...............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data................\..............@....rsrc...\............^..............@..@.reloc..<............f..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PortUSB.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):88576
Entropy (8bit):6.224314092569327
Encrypted:false
SSDEEP:
MD5:1761CA1998CFE8264F685C519FCD1DB7
SHA1:9D7505EF96A09E836FFF1C8F88DE41BAC157BF59
SHA-256:51FCC842BED27C5AC5C8378BE52BA24B253BDC69C36E172F1AAFAF6949AD3E36
SHA-512:9D1AEE82F8B8C47BA6D77699DE6CEF905C6997155556DAA5FE21627357D8D50798B128A47DC0D733398912A2AE2BF87463A35EEE9F8835D550E7861D15BFA2E2
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..'r..,..'r1.b..5...;..<..Q..'r0....'r..=..'r..=..'r..=..Rich<..........PE..L....$.`...........!.........h.......d...............................................P....@..........................8......./..P....p..T............................................................%..@............................................text............................... ..`.rdata...8.......:..................@..@.data...@....@.......,..............@....rsrc...T....p.......<..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\PrintUnicodeAdapter.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1669632
Entropy (8bit):6.4707478911674485
Encrypted:false
SSDEEP:
MD5:2722D5248B40ED54DE05FA5F1F7D33CF
SHA1:91DE6E0E5FBD8B279FFC36FAB2C6F5B4EC59E10F
SHA-256:FC396F7CFEAB7F7ABB6BFEB4063DE406FC28FA16D55C81FFEBEC5D0D60182DE9
SHA-512:FA8BF43D5DDC4D06FC2DE04F5958039DA7D355A657433BC3C314DC72605EC31D51D0A23145E6612BA67FB3903ED45C40AFF1FA71C475617DBE4D6B0370927750
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.4.u.ZRu.ZRu.ZR|..Rt.ZR|..Ry.ZR|..RV.ZRu.[R..ZRn..RY.ZRn..R.ZRn..R..ZRn..Rt.ZRn..Rt.ZRn..Rt.ZRRichu.ZR........................PE..L....#.`...........!.........d...............0............................... ......>.....@.........................0n.......<..T....P...7......................p.......................................@............0...............................text............................... ..`.rdata...>...0...@..................@..@.data........p...^...V..............@....rsrc....7...P...8..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\RcSetPOS.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):44544
Entropy (8bit):3.5648395713718273
Encrypted:false
SSDEEP:
MD5:DAE21ED752A6344E7871AD76F4308ED8
SHA1:CE3877A6A1E8129431F2DDBAFD8E5C6BAB379761
SHA-256:3439E87FC6662A5C6E468E35F4A40643F9E7728B527502D1868993D6FB3026E2
SHA-512:63160309581071D6000BDF9DA7F520135276B47BBC0A846D81F447833FDA1CF4C1962D83D65741CCA5B5C765DAAC122C63B79F75353FC7837990DE5AA7A41242
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L....$.`...........!.................................................................N....@.............................................P............................................................................................................rsrc...P...........................@..@....................................................0....................... ...................f...8...i...P.......h...............................................................(.......@.......X.......p.................).............................................................0.......H.......`.......x...........q........................................... .......8.......P.......h...............................................................(.......@.......X.......p...........................................

C:\Program Files (x86)\OPOS\Epson3\SerialIO31.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):123904
Entropy (8bit):6.30012289284988
Encrypted:false
SSDEEP:
MD5:32A73D3E087A30ADA774B309E8FD3AC3
SHA1:AC4CB7B2C25C29ECB6DC3284344B9109F28E84FD
SHA-256:3B02CEB00086EAC54CC1A17A82787AF0D096974A9735932128B9CEC1386FA5E2
SHA-512:54FB47EC6410FC119B9D9CAA0890FB88BAFBCD94C113CC667AB108D0962791BB99B42DCE2023BE7FCD56C3CC8EA7C730CFB6B32F8BD0CFA46798137679CF1CA1
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..Y'.g.'.g.'.g.....6.g.....N.g.......g..U..".g.'.f.J.g.....7.g.....&.g.9...&.g.....&.g.Rich'.g.........................PE..L...".:_...........!.....P..........~........`...............................0............@................................0...<.......x............................a..................................@............`...............................text....O.......P.................. ..`.rdata...Q...`...R...T..............@..@.data..../..........................@....rsrc...x...........................@..@.reloc..^#.......$..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SetRegSA.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):53760
Entropy (8bit):5.875258270670746
Encrypted:false
SSDEEP:
MD5:629D7757F01DDE03536DFFACDBC448B4
SHA1:EE7CEE7A450C48728E83ACDD95CD74CF5F38E4A8
SHA-256:72B1976E21F7F73CC5DF2C2E16F612B37236FFB337604664B804CFE31B19C6E9
SHA-512:8BD6D1F42C7CACC660DD7BAE3C773C00D8A6F0EBE506DF88CC1560B3E7E6C0F332A3FA4A36DA2A303DA3BAECA03E76BC366AC43202C766CEC67F8E38B832F64A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7/_.Y|_.Y|_.Y|D..|Q.Y|D..|..Y|V..|Z.Y|_.X|..Y|D..|..Y|D..|^.Y|D..|^.Y|D..|^.Y|Rich_.Y|................PE..L....#.`...........!.....t...Z............................................... ............@............................Q...\...<.......................................................................@...............H............................text....s.......t.................. ..`.rdata..1........0...x..............@..@.data...|,..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SetupPOS.chm

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows HtmlHelp Data
Category:dropped
Size (bytes):160413
Entropy (8bit):7.837349083925256
Encrypted:false
SSDEEP:
MD5:B39EBBD49956480166173DD7324AA7DC
SHA1:BCA1CB15FA398A76D3EC9836D8248BDA9295529A
SHA-256:157679F65A02E99A65FFC0BF1D2EE885EAA5DE888F8751B1BBB4E4CC7315E630
SHA-512:FF46AE4AEFD03B664584C4416E92DF1D35EFBC42454DE9D85740447A02CF0E18CCE9A3568D00B1DDAF9DF590E831CE0F68661DE47CD1214DE378E1CD54E6B706
Malicious:false
Reputation:unknown
Preview:ITSF....`.......Z.=........|.{.......".....|.{......."..`...............x.......T0.......0...............r..............ITSP....T...........................................j..].!......."..T...............PMGLB................/..../#IDXHDR......./#ITBITS..../#STRINGS...,.'./#SYSTEM..>.)./#TOPICS.....0./#URLSTR...i.C./#URLTBL...E.$./#WINDOWS.....T./$FIftiMain...}..../$OBJINST...>.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...:../$WWKeywordLinks/..../$WWKeywordLinks/BTree...e.L./$WWKeywordLinks/Data...1.O./$WWKeywordLinks/Map....../$WWKeywordLinks/Property.... ./ehlpdhtm.js...C..N./image/..../image/ebx_-1503468685.gif.....7./image/ebx_1995711628.gif......s./SetupPOS.hhc...-..Z./SetupPOS.hhk......Q./SetupPOS/..../SetupPOS/HIDD_SETUPPOS.htm.....|'/SetupPOS/HIDD_SETUPPOS_COM_SETTING.htm...j..j&/SetupPOS/HIDD_SETUPPOS_COMLPT_PRO.htm...Z.c./SetupPOS/HIDD_SETUPPOS_COMPONENTO_DIAROGU.htm...:.>*/SetupPOS/HIDD_SETUPPOS_COMPORNENT_CCO.htm...i.],/SetupPOS/HIDD_SETUPPOS_COMPORNENT_EPSON.

C:\Program Files (x86)\OPOS\Epson3\SetupPOS.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):899072
Entropy (8bit):6.509246758537007
Encrypted:false
SSDEEP:
MD5:C7D03B1E26EE73FDF9226361F77CDFA4
SHA1:4E172C487CF6D35E3E941A2DA903B07F8C78D3CC
SHA-256:AC5C26421660EBEFA705EB944C6E27A19C08854975B1062BFDB50B6E929804F2
SHA-512:B539ECEF83210B6AAE3EB7926AA64E68217DF914B83F63C5B0414663E0DDCA7B70E9FB6C50BBAFCB87F9AEAC9FCE50BD6F4688A6D74E42AD814D85D5EED7474A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v....U.m.....8k......8_...........8i......f...........8^......8n.....8o.....8h....Rich...................PE..L....$.`...........!......................................................................@......................... .......t........ ...q.......................6......................................................L............................text............................... ..`.rdata..............................@..@.data....4.......0..................@....rsrc....q... ...r..................@..@.reloc..xM.......N...j..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SetupPOS.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):393536
Entropy (8bit):6.044843673830878
Encrypted:false
SSDEEP:
MD5:73E91A0394D28A4C4D336FDEFDAF4BDE
SHA1:7E83E130F16707300E5FD0707B46760E6F7F100E
SHA-256:0EB3EC889EBC8984F91432A9C96A61D940A690C125C3C5F1F6F16111F2A826F1
SHA-512:3912EA0419110E85116EE99E11471D2458BFE13D1D2B84AB7C9FEEDB9328D14158D01D11F733DF0F11BA26FEC25BB8CC2FD17F91D57C628CF4225C044F6DA39F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......". kf.N8f.N8f.N8o..8g.N8o..8j.N8...8g.N8}S.8d.N8}S.8u.N8f.N8g.N8}S.8a.N8f.O8..N8}S.8w.N8}S.8g.N8}S.8g.N8Richf.N8........................PE..L....$.`.................p...t....................@.................................4>....@..................................$.......`..................@....p.......................................................................................text....o.......p.................. ..`.rdata...............t..............@..@.data...h....P.......B..............@....rsrc........`.......L..............@..@.reloc..f....p.......N..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SetupPOS_DeviceList.json

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:JSON data
Category:dropped
Size (bytes):643152
Entropy (8bit):4.805143050043122
Encrypted:false
SSDEEP:
MD5:CE229ACA01C3798B7491752957D6BE85
SHA1:E8EB7A24CB1A4BD7500B5039A9D06FF73731E817
SHA-256:FC54864EB832759096FA1C487D7498C963FE3573E78CBACF66CF17FFEEEFFFCF
SHA-512:0576EB799412C74096405A561DA94CD90843F28A53682FF6094D07F5DB0FF8CFA4263B4921082B6DD17A241660D2231BB8B388D572D2172BE81C2E96B7B6D709
Malicious:false
Reputation:unknown
Preview:{.. "Root": [.. {.. "Name": "CrStand.inf",.. "MAIN": {.. "DeviceClass": "CashDrawer",.. "DeviceName": "Standard",.. "SOName": "SOEPSON.CashDrawer.1",.. "RegFormatType": "EPSON",.. "RegFormatVersion": "2",.. "NumberOfDevice": "5",.. "SupportCoreVersion": "STRING:",.. "UseESDPRT": "INT:2".. },.. "MULTICOREINFO": {.. "SupportCoreNumber": "INT:2",.. "SOName01": "STRING:SOEPSON.CashDrawer.140",.. "SOName01CoreVersion": "STRING:1.14.0.0",.. "SOName02": "STRING:SOEPSON.CashDrawer.200",.. "SOName02CoreVersion": "STRING:1.14.1.0".. },.. "MAIN_1": {.. "DeviceName": "Standard",.. "DeviceDesc": "Standard Cash Drawer for EPSON TM series",.. "GroupID": "Cashes_S".. },.. "MAIN_2": {.. "DeviceName": "StandardP",.. "DeviceDesc": "Standard Cash Drawer for EPSON TM series for Parallel I/F Printer",.. "GroupID": "Cashes_P".. }

C:\Program Files (x86)\OPOS\Epson3\SoBase12.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):81408
Entropy (8bit):6.261553021106055
Encrypted:false
SSDEEP:
MD5:B87A414311433A22A886BA714E816E1A
SHA1:D1C000B0B12CD0BD77D46D454D475A4517A261D6
SHA-256:0F2C3625B7D21F9ECEC05D3AF370939A43E392DC5419F9432FE0248A090AE0E3
SHA-512:58AEFC4A79D8795B5CC7C06FA63D7866177161C7E0F66E27E265E70E3CD23E3F10D524B3DECCC85B827AD4ACE7C69ED6F7BD9B5866F0D71E5FD6A8DF552D5064
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c.V.c.V.c.V..XV.c.V..HV.c.Vc-CV.c.V..EV.c.V..qV.c.V..GV.c.V.c.V.b.V..pV.c.V..@V.c.V..AV.c.V..FV.c.VRich.c.V........................PE..L... $.`...........!................@........................................`............@.........................`...i............0.......................@......................................@...@............................................text............................... ..`.rdata...X.......Z..................@..@.data...H.... ......................@....rsrc........0......................@..@.reloc.......@... ..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoCScn140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):253952
Entropy (8bit):6.504793353975479
Encrypted:false
SSDEEP:
MD5:6F1A2A4B62D47F3E684F2EFA6CDB1F8F
SHA1:EDD6225DA9C1DE41FCE44B4CC2951EB7068F9F85
SHA-256:CDCEEB9FAEC5DAC58AC7FBF6A379E0E695EF86576EE144B403E5545BD11294F4
SHA-512:B7F1D5D4675FF8BBD4704806F27A91A02D843B2124A31A13ABDD9FF9ED2EC4E9020B5FC4F1985038F7EC3156329BB5224B52268510F449CA761A183770CAA7AE
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$...w...w...w...w...w...w...w.h.w...w.h9w...w...w...w.h.w...w...w...w.h8w...w.h.w...w.h.w...w.h.w...wRich...w........PE..L....#.`...........!.........8......\N....................................... ......y`....@..........................t..#....F...................................H......................................................L............................text.............................. ..`.rdata..............................@..@.data................p..............@....rsrc...............................@..@.reloc..VT.......V..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDrw14.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):322560
Entropy (8bit):5.633869205536843
Encrypted:false
SSDEEP:
MD5:69B8EA7E9B94313BDABCC2C44CE13C51
SHA1:47A64966335EA95A814C13A4FA08F55587527806
SHA-256:7097701736B5578608AA5AF3CEA27A9AEDBBD443096196C0AD5257D5C746B8A1
SHA-512:1A001A41864CB76F1A366F55FE9EA60E3ED70B806C477195DA332E4EEC4F92FF4F3C30B0E4FB3AF1D43BE8666395F4A0B1C3ACFC05B0A162033837C6EC7FBD24
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{|..{|..{|......{|......{|......{|.%5...{|......{|......{|......{|..{}..z|......{|......{|......{|..{...{|......{|.Rich.{|.........................PE..L...M$.`...........!.........\......u........................................ ............@..........................W..;.......................................@E......................................@............................................text............................... ..`.rdata..............................@..@.data...0....`.......B..............@....idata...6.......8...V..............@....rsrc...............................@..@.reloc...M.......N..................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDrw140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):167936
Entropy (8bit):5.489366736039924
Encrypted:false
SSDEEP:
MD5:C32E73184D5941F04403E91E819EBDFD
SHA1:0AEA6CCFA8AC6C7406011D65B157BA371E2EE3E7
SHA-256:BF77CF5CB5E966F8217571269D66CB559C04DDBDF0DAC4C26D19B363DE6BD3E9
SHA-512:63C14B439C97919780C447C1E2C3A4494772C93F68D27432C01E963359FC11F2252EA59BD0E85A48EFE3C2C2EA9B3622CBE39C8365174A38EE3DF9A05AEE5D98
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c...c...c.......c..e-...c.......c....2..c.......c...c...b....3..c.......c.......c...c...c.......c..Rich.c..........................PE..L....#.`...........!................W"....................................................@.........................`........0..........S........................'......................................@...........`;...............................text.............................. ..`.rdata..&o.......p..................@..@.data...............................@....idata...I...0...J..................@....rsrc...S............T..............@..@.reloc...,...........b..............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDrw200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):165376
Entropy (8bit):5.460301331446363
Encrypted:false
SSDEEP:
MD5:CE594D057750BB6C20AD02867D489F4D
SHA1:9015DDACC24A6D2041A6359ECAF2EB2E4A7993F8
SHA-256:29DA27AF6C22F5A171EA169E11FA16CC57A9543FD5257D5AA0AB4581DE0AE97A
SHA-512:1544C52C6692B197AC1AEBC8C12B1D6CD561FBD7F9EDA5B893296E512B62AF50EAC5A5A589C9CF79E650DE368E92D31A825239E018D63B1AC6AF9700C672F90A
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c...c...c.......c..}-...c.......c....2..c.......c...c...b....3..c.......c.......c...c...c.......c..Rich.c..........PE..L....#.`...........!................G ....................................................@.........................`........ .......p..S........................%..................................X...@...........4+...............................text............................... ..`.rdata..&j.......l..................@..@.data...............................@....idata..LH... ...J..................@....rsrc...S....p.......L..............@..@.reloc..O*.......,...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspG14.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):363008
Entropy (8bit):6.517118685683108
Encrypted:false
SSDEEP:
MD5:E53E276F4492C5A40A0A463E47C18125
SHA1:63921C4B62C59C82D869E42CA8CA287AA53C2A16
SHA-256:40A81D83B4D07700CE626E7168C2D2643A8B05297A4F6B6B8534AB7AAB64D5C5
SHA-512:35A22CD720BE514AF9F03FD34FF048B68EC9F796D9EF3DD47F5DD5F76B11D894C780DAF11593697DF1F3E800EBDD22CFD67090AB11A891C8ACC696AE21B0A409
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................/.......?.......4......&2......&.......&0.........z....&.......&7......&6......&1.....Rich............PE..L...<$.`...........!.....F...@...............`...........................................@..........................!...............P.......................`...R.....................................@............`..T............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data...4....0......................@....rsrc........P......................@..@.reloc..N^...`...`...*..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspG140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):259584
Entropy (8bit):6.526961716292129
Encrypted:false
SSDEEP:
MD5:21050CEAF5C7A9232855C4EA02402F35
SHA1:F5A85FC7E854A6A316C44D1FF1D7376DFFF6EC7E
SHA-256:123C4E3F7FBD318B114EDB29592B015BA2086BD60FEAE4F57CC3C4E496B6E6E0
SHA-512:C92E7BFB206497D5D34072C8921E33F84B7DEDDECDF5903419E14A5D33444F81FB13B3629FE935D3FEB0D0461BA873B63770AAFBDBD8FF47FD53FCF8561D07C6
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2...\..\..\.....\......\.....\.....\.....\..]..\.....\.....\.....\.....\.Rich..\.........................PE..L....#.`...........!.........................................................0............@.................................u...................................7...................................6..@...............<............................text...u........................... ..`.rdata..............................@..@.data...|...........................@....rsrc...............................@..@.reloc..8@.......B..................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspG200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):257024
Entropy (8bit):6.519487602470508
Encrypted:false
SSDEEP:
MD5:A5B62D462F5AAE7785BB0BB9A7FB81B4
SHA1:044E42D66E7AC932186E571FF8660F1CC6F664BD
SHA-256:0FFF626F1CEF3A4DB23BF7006F41852B492945B4B29602717FADBB6266874C1D
SHA-512:0A47E42107E6898AF5EE47A0A4408376301520F968842BDB7F2E298AAFA4323E081BC5EFF423142D7EEC1F4A7A81F72ADC2BB5FDC8E97719C18588486146645A
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`..`..`.....`......`.....`.....`.....`..a..`.....`.....`.....`.....`.Rich..`.........................PE..L....#.`...........!................X........................................ ............@.................................r...................................5...................................4..@...............$............................text...E........................... ..`.rdata..v...........................@..@.data...............................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspL14.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):271872
Entropy (8bit):6.485690075189678
Encrypted:false
SSDEEP:
MD5:90C648A30BCDD1AC07E0C2DAC2B6507E
SHA1:0C8B50F096D1F3FE125DB03737DB14E27F62A11F
SHA-256:DB8BD884474E7DEC6F49FC62A5A118785A97BECF0C63EF8F37389F90B2E48E42
SHA-512:342768B85DBA0DA7BF5BB5B4786FF5D503B412312407EE4029D94A87EE066EB0CEA0AA975EECA219B669BB7C55DA33D87B4624F4D45D415814EE388718C28086
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r...6~..6~..6~..Y..3~..?...7~..?..<~...0.7~..-..0~..-..;~..-..=~..6~~.....-...~..-..7~..-..7~..-..7~..Rich6~..................PE..L...<$.`...........!.................k....... ...............................`............@.................................,...................................hM...................................V..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...............................@..@.reloc..&X.......Z..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspL140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):262656
Entropy (8bit):5.611228487036612
Encrypted:false
SSDEEP:
MD5:E8BF75F901F40CD74EB14B32137A51CB
SHA1:E9DCA08CBD31AFC101AD01BF3E7306825A75BBE0
SHA-256:047FF25DBB0B32EFE6C0C9E04F8D29D5E0A420B5DED4EF13EAC3F2CD5F75500F
SHA-512:99450A826316C9B33F3295C42FC82F4C57AE613CFB36347C93AEB655BE4D4DEAB757A3B8C6A0C4312F87B9B40BE58C49A737B79EEEB0E980F0D0D79284810C5D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.._..._..._...'S.._....X.._....^.._....j.._....\.._..._..i^....k.._....[.._....Z.._..._W.._....].._..Rich._..........PE..L....#.`...........!.........P...............................................@............@.........................pb..................3........................:..................................x...@...........|................................text............................... ..`.rdata..7...........................@..@.data...@....p.......V..............@....idata...I.......J...f..............@....rsrc...3...........................@..@.reloc...B.......D..................@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoDspL200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):164352
Entropy (8bit):6.473028273822631
Encrypted:false
SSDEEP:
MD5:7A05E85EB38542ED1CB96AFC8AD01AE1
SHA1:F9950BDCFF0FEED9288270F233163DAFAABEBC93
SHA-256:91E58F6F9FDB2F64F9591C46F0DF0B9D368D367BB6BB9C76B0B1D070E1984B76
SHA-512:DBC4B7FD441CA62473D86D19DCF160C451D2BC86B45C2F346F2FA3612310C10409E003AA9365DB761B3B3EE525F5B25786D3FB70D56189BA72242A8C0CBB1E2D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?..^...^...^...&...^.......^.......^....8..^.......^...^..b_....9..^.......^.......^.......^..Rich.^..........PE..L....#.`...........!.................%....................................................@.........................@A......$........p..4.......................P1......................................@...............@............................text............................... ..`.rdata.............................@..@.data........P.......4..............@....rsrc...4....p.......>..............@..@.reloc..<9.......:...H..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoEJ140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):242176
Entropy (8bit):6.472083605697987
Encrypted:false
SSDEEP:
MD5:326024A47B0C418C1CF9AE416AF25E83
SHA1:BB732E110DE8711C74FC714397B8BB059524A415
SHA-256:123140FBA383CE1273FB7F6A130440EB1594E18A5F19D834E080092AC036695A
SHA-512:04373DAF883CE135D09327E03D1EBA1E4C90EDA5C40B62E83B458F267D1EBDE0A8173040A8E9C85B9DE6741CB25846C984E8E7002089EACB73A5EB017BAB9C58
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................t...Z.......y.....M.....{......G....L.....|.....}.....z...Rich..................PE..L....#.`...........!.....4...z...............P......................................W.....@..........................5......d........`..X.......................lP......................................@............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data........@.......(..............@....rsrc...X....`.......B..............@..@.reloc..p\.......^...T..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoEJ200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):240640
Entropy (8bit):6.461012007095961
Encrypted:false
SSDEEP:
MD5:B56D7886244F5E3897F36F6A36ADE6C6
SHA1:C16BB4838A5A98D19A2DA9DA3F8E424C477D9DD4
SHA-256:5E143D78F2644E2EEEB2D0E2ACD41AACC26350F762517470BAAB26D4A987D6E4
SHA-512:45FA6CE7170A11D8007C114E5B67BD868E112674A2CEEE335303E1BB133F57E7CB3EF20C881E4EABE9F13E4F8C0E67BC1266D5D80F7A05EF4CC1241D8D88461C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..l..l..l..tl..l^..l..l..yl..l..Ml...l..{l..l..l_..l..Ll..l..|l..l..}l..l..zl..lRich..l........................PE..L....#.`...........!.....4...t...............P............................................@..........................1......\........`..X.......................|N..................................P...@............P...............................text...e3.......4.................. ..`.rdata..?....P.......8..............@..@.data........@.......&..............@....rsrc...X....`.......>..............@..@.reloc...Z.......\...P..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoLCDsp140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):173568
Entropy (8bit):6.539182392256564
Encrypted:false
SSDEEP:
MD5:C9DDC549E79BA83444A53F37C29F6752
SHA1:B69184FEAC5A733DFFC998F2A78AB128F17A27CA
SHA-256:CE6CA9A0D7868FD43519C50B8710FE5A9044566A7D0ED8E29BD31375F9387805
SHA-512:5BB15D5A9D9ACED84411B128FC930546896BA3B191610197C9BD3C8422D29A7EECCC015444CA0E168A36970A5E6616359B7F1F2BDF9094F5431093E5A2F5AD5D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.To..:<..:<..:<...<..:<...<..:<.r.<..:<.r.<..:<.r.<..:<..;<..:<.r.<..:<.r.<..:<.r.<..:<.r.<..:<Rich..:<........PE..L....#.`...........!......................................................................@.........................py.......E..................................L'......................................@...............|............................text...u........................... ..`.rdata..............................@..@.data................b..............@....rsrc................l..............@..@.reloc.../.......0...v..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoLCDsp200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):178176
Entropy (8bit):6.522790627212561
Encrypted:false
SSDEEP:
MD5:DE901B7E91C4381113228FED21921BAF
SHA1:F2CD2D257B978F6E51519122375CF529CA3E6E33
SHA-256:C68C55B54F874B3DED61C2669562DE4F44D8C1AB0AF1E41891485D6B3BA2DBB0
SHA-512:80CA9753810AD183069A98E8070892D4FA085B130529CA4B23F3B4489A30146CB1CFDBCCC431335AFF762C053D37F93B1AF97EA88A2FC6B9F23B487C6898B31C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..o..z<..z<..z<...<..z<...<..z<.2.<..z<.2.<..z<.2.<..z<..{<..z<.2.<..z<.2.<..z<.2.<..z<.2.<..z<Rich..z<........PE..L....#.`...........!.................................................................u....@.................................U...................................'..................................H+..@............................................text............................... ..`.rdata..Y...........................@..@.data...`............t..............@....rsrc................~..............@..@.reloc..~/.......0..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoLCDspG200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):456704
Entropy (8bit):5.904551427562922
Encrypted:false
SSDEEP:
MD5:710B825AEEF5C69AFC7359CB3502B4B7
SHA1:25602A8CFAB0758261841BFEF776CEE761700FB9
SHA-256:6AF5220021AA1A63F2BDE808878F93E2D95A69841FFBADB3CFD1A2F258CAAD34
SHA-512:F51288515B2202C81131F84583817C4D4D80F35496E6633720090FABBB001AE114691802D581C7E09A2A0AD42608F99AC4E78387A78769446CC0F5197AAFF079
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..7..cd..cd..cd...d..cd...d..cd...d..cd...d..cd...d..cd...d..cd...d..cd..bdC.cd...d .cd...d..cd...d..cd...d..cdRich..cd........................PE..L....#.`...........!.....l..........^M....................................... ......5.....@.................................tp...................................2...................................7..@............................................text....k.......l.................. ..`.rdata...-...........p..............@..@.data...(...........................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoMICR140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):211968
Entropy (8bit):6.454897514020333
Encrypted:false
SSDEEP:
MD5:2E71BE1084D8A6BAEFBEF21477351EF7
SHA1:4F1B4D6E5DC9B9BEB51B259473727616BF2CD93D
SHA-256:EA38459B2AF4C516D23164D57FDAA7D86F98E8CBA7A14363B280A4FC62F2F558
SHA-512:3BC60121B19895814D87C41305207291C1D9C921FA7EEA4881C253EBF5B6E15318A6B55E6D17AD0460A97CD15F958F837822655451354892F6D7896DAB10EC53
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I"+..CE..CE..CE..;..CE.....CE.....CE.....CE.....CE..CD..AE.....CE.....CE.....CE..C..CE.....CE.Rich.CE.................PE..L....#.`...........!.........b......C........................................p...........@..................................p..................................@F...................................A..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...U.......V..................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoMICR15.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):305664
Entropy (8bit):6.480635284400407
Encrypted:false
SSDEEP:
MD5:BB98A87E01CD6018BFD7238DE4EB55C1
SHA1:3CF10DC0C12F7153075E44B5C7FD2D00B61CDAEE
SHA-256:562E0CFEAA6F0906FA0B1F870A6B7FFB9F428C7DF26D39D2BD43EC9055D1E8FD
SHA-512:C62DCB86516F82FD68BA32B8781F43C8089622D31B52A8849BC96721A658092108DCD68F89D287B7F6E1B5A4B4AB0930F25761746988D8CF58C4DC5D3889BBD4
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>...m...m...m..tm...m..\m...m..Lm...m..Gm...m..Am...m..um...m..Cm...m...mE..m..tm...m..Dm...m..Em...m..Hm...m..Bm...mRich...m........PE..L...Y$.`...........!.....&...........r.......@.......................................a....@..............................+..@........P..x....................`..|Z..................................8...@............@..(............................text...|%.......&.................. ..`.rdata..y....@.......*..............@..@.data........0......................@....rsrc...x....P.......0..............@..@.reloc...h...`...j...@..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoPtr12.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1162240
Entropy (8bit):6.549730207715377
Encrypted:false
SSDEEP:
MD5:C7B6470EB62A5ADED3818FE40072861A
SHA1:C18033281771AA4A38E191A27B7857054695937D
SHA-256:426339AEB800E26A69824468DE5D14074B3AAD8A012EDDE73C7B1E8E55618AF5
SHA-512:A300B4C013605C04B14720C7A6CF27ECBB99098E5F6EEB348240720798C700CAC20B4A285497F5230858090747C2AC03AEF95CADC78D9B162D64FBB5E7A11D94
Malicious:false
Reputation:unknown
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........f.~...-...-...-.q8-...-...-...-...-...-BI.-...-..-...-.9-...-.'.-...-..-...-...-...-.8-/..-..-...-..-...-...-...-..-...-Rich...-........................PE..L...^$.`...........!.........&......X....................................................@.............................-............p.. 2....................... ..................................X...@............................................text...L........................... ..`.rdata..=h.......j..................@..@.data....L... ...B..................@....rsrc... 2...p...4...B..............@..@.reloc...E.......F...v..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoPtr140.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4496384
Entropy (8bit):6.037712140994651
Encrypted:false
SSDEEP:
MD5:C638C29D20105EB5F58F0FB0B4094AFA
SHA1:FCD249D935081DE3FF94CEC369492F2EE35A8F52
SHA-256:B8C12F58F96B5AD0ADEF1DF7686D984C911EC8BF8DFCCEA4B91824E5C65C2C02
SHA-512:4D5AA4DA4B2A2A4E7628BD457FC158357E2800AB0D87084255E3E07FBAA752C8BEADDE9AB43BF9A9F3629410DAE800DC6B5F7686278C757C671C7A2D469B8589
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I@i..!.N.!.N.!.N.Y.N.!.N.o.N.!.N...N.!.N...N'!.N...N.!.N.!.N.".N...N.".N...N.!.N...N.!.N.!.N.!.N...N.!.NRich.!.N........................PE..L....#.`...........!.................[".......................................D...........@...........................:.......=......`>.LN....................>.tz..................................X.4.@.............=..............................text............................... ..`.rdata..r...........................@..@.data.........:.......:.............@....idata........=.......=.............@....rsrc...LN...`>..P...8>.............@..@.reloc..^.....>.......>.............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\SoPtr200.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1815552
Entropy (8bit):5.955533386850016
Encrypted:false
SSDEEP:
MD5:BE4214221133C1F9842541B293E161D5
SHA1:0073A6CCB41FFE651280E42D8229DA23EF8427D2
SHA-256:11767E21152EDEAC43B9E8FB2619B69BCA854BE3E8AAD07CAE689677F604924A
SHA-512:6C60DD1355186F98740186E680250595C3A4E2F0909A61C0A5A961B21E8C3C1ADE16325E0507120A07138898A27878938328391256664B1D058C5F088AD8D3F1
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................'....<.,.....R*.....R......R(...........R..l...R/.....R.......#.....R)....Rich...........................PE..L....#.`...........!.....&...........#.......@............................................@.........................P...| ..............I[...................p...M......................................@...........@...d............................text....%.......&.................. ..`.rdata.......@.......*..............@..@.data....}.......p..................@....idata...z.......|...d..............@....rsrc...I[.......\..................@..@.reloc..3v...p...x...<..............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\StartPOS.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19456
Entropy (8bit):5.0949228916451705
Encrypted:false
SSDEEP:
MD5:FDBAFB458B70065521C8736B8907DC09
SHA1:5527A91D411F41CF7E2571D928326E631E633899
SHA-256:97156C8631CBCA8B1235FE6AAE23E2C2313E47CE4462DFC7F314C91ADAB575C4
SHA-512:B46AA455F52CBE839AA882BAA3102C0A00048DF67E820152B85EDE139927C51D1FA48E46B5F4F9736C7462D7A8C4863A9920FC90A59322422A03A0C31CD06D6C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Zs...............j.......\................2.................6.....3.....................Rich....................PE..L....$.`.....................6...............0....@.................................-?....@.................................d?..x....`.......................p......................................p;..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....P.......,..............@....rsrc........`.......0..............@..@.reloc..R....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\USBIO31.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):157184
Entropy (8bit):6.338793958735359
Encrypted:false
SSDEEP:
MD5:6A03A98EFAE9FBB6E4204380B7A07959
SHA1:3C33A0EC2EAA1DD2DB3E393CE07A9549A9816910
SHA-256:E1BE8824F6B85254C54A6B9BB8AC56A007B2D9F2ED22368ED22ACAB2D449125E
SHA-512:854F1494F56615CFE161416739F7AFF6A81638365D947BE5BF0E2E2BF111289F1DE70BDD01D41196545A411F5BD008C7BCAB020A444C681582B6696E3E6D37E9
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y5...[..[..[.`...[.`....[.`...[..6..[.. ..[..Z...[.`...[.`...[.J...[.`...[.Rich..[.........................PE..L...j.:_...........!.................................................................N....@..........................4.......*..P.......`...............................................................@............................................text.............................. ..`.rdata..ee.......f..................@..@.data....0...@....... ..............@....rsrc...`............4..............@..@.reloc...*.......,...:..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\Uninstall.bat

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):2051
Entropy (8bit):5.2364898489300735
Encrypted:false
SSDEEP:
MD5:2B1188DE76C976167788E67113BC0F72
SHA1:D94F76A8AD58455A875C851B1D233117B768C315
SHA-256:3F1349AD042A09A1B1505CFD8152225B63C429DDE88B444B911BE4272872836F
SHA-512:382E14828B0FFFBEF101A7B03A079F324AF9822AAAE376EECD819794BEE35704FE00FFE18FB30D729CEC5BBFE46665279B94F8E339C02BC184657915B43678A6
Malicious:false
Reputation:unknown
Preview:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::..:: Uninstall EPSON OPOS files to your system. ::..::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::..@ECHO OFF....IF "%PROCESSOR_ARCHITECTURE%" EQU "x86" (..cd "C:\Program Files (x86)\OPOS\Epson3\"..start /wait pcsInstaller.exe /u..start /wait lptInataller.exe /u..reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f..reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\OLEforRetail\ServiceInfo\EPSON OPOS ADK" /v PrimaryConfig /f..) ELSE (..cd "C:\Program Files (x86)\OPOS\Epson3\"..start /wait pcsInstaller.exe /u..start /wait lptInataller.exe /u..reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK\EPSON3.0" /f ..reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OLEforRetail\ServiceInfo\EPSON OPOS ADK" /v PrimaryConfig /f..)......regsvr32 /u /s PrintUnicodeAdapter.dl

C:\Program Files (x86)\OPOS\Epson3\UpdtUSB.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):35328
Entropy (8bit):5.918376337791321
Encrypted:false
SSDEEP:
MD5:F61D61F08C0533955AA7468825989C0D
SHA1:A0828A3BDA5040490A1A97F82DA00883D2943D15
SHA-256:E1C79FE7B26FB4C3492A321C3A6A27C81CF50A212E90921545677D7641596B39
SHA-512:CA9CBACE74CF48E7C7F57BB0CB4DD97CD0CA1661998927F508F418E0C8F440D1C1B0CDF2DE388842139A9D74AA7DF7BA565AADA9FEE909902FC1B2366EB1026C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k...........rA....&DJ......L......x......N.......)....y......I......H......O....Rich...........PE..L....$.`...........!.....J...<.......J.......`......................................p.....@......................... }..H...|v..d.......,.......................D....................................l..@............`...............................text....H.......J.................. ..`.rdata..h....`.......N..............@..@.data................l..............@....rsrc...,............p..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\ViewPOS.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):385024
Entropy (8bit):5.9835167854500115
Encrypted:false
SSDEEP:
MD5:DEF2FF3ECB3ADA5FA9B554E5543B97AC
SHA1:E15B41B491F8DB7AAD1895C6510111AF07B6E2EA
SHA-256:FE2A30B4AB24394E7EECFFF88B1F9F6301D94D6B8058E65F0AAE60F29FC9B6DE
SHA-512:3CEB0C1F475CA8D903AE22FA3B5BE4819A0FD469F3789A76C62587A336A1A0E9503A5794B606236D6EBA16F7A65E550E8ADCF0E161450E8954FFFB7B678FD27F
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..ke.8e.8e.8l..8d.8l..8i.8...8d.8~S.8g.8~S$8v.8e.8d.8~S.8b.8e.8..8~S%8t.8~S.8d.8~S.8d.8Riche.8................PE..L....$.`.................l...p......>.............@.......................................@..................................#.......`.......................p..L.......................................................t............................text....j.......l.................. ..`.rdata...............p..............@..@.data...h....P.......<..............@....rsrc........`.......F..............@..@.reloc.......p.......H..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\libUconv.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):666624
Entropy (8bit):6.078271310068963
Encrypted:false
SSDEEP:
MD5:D9F5EB24D2095BA4BADDB36B0A0724F0
SHA1:8AEBD67CE2E4A8D921BB22DA2681C623CAD55040
SHA-256:4804C27D58CB6D8F5ACF8E0A717AB9D013894066613188993C49BDFD2419BF72
SHA-512:F436591D7393F0F41DEB3B357A65F8D93A9C2755BC7DBA44084B7A8023A2EB36E918EC8591FAEF179FD68E68BFDF29334CCE411467E8899088AABBE5635717F9
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........e...6...6...6..7...6..7+..6..7...6..7...6..7...6..7...6..7...6...6...6..7...6..7...6..^6...6..66...6..7...6Rich...6........................PE..L...N.a^...........!.....|...........0.......................................p............@............................. ... ...<...............................4j..`2...............................2..@............................................text....{.......|.................. ..`.rdata..............................@..@.data....E.......2..................@....rsrc...............................@..@.reloc..4j.......l..................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\lptInataller.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):10752
Entropy (8bit):5.52730349538273
Encrypted:false
SSDEEP:
MD5:F3345B94E4104DB74E4CF1FE9C600100
SHA1:7E1BE16928C2C9E3D6BAC0476DD8BE7A333FADF2
SHA-256:F1799ED2076DED7003EC1F6148732A26DF9CA7415F2C5D48DF035B2694D22F6F
SHA-512:2566B89FED1C5474336D5CAE1F0BB19C81594B75583B8E3DD2AAB5E74ED839BFFDDD43FACBCB8233DA30C3EC58B6CB95E6864266CD80307D436C84EBE90896D1
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n....................................w..............................Rich....................PE..L......\............................}........ ....@..........................`............@..................................$..d....@.......................P......p!..............................."..@............ ..P............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\lpt_x64\pcslpt.sys

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):21640
Entropy (8bit):6.228676782143958
Encrypted:false
SSDEEP:
MD5:DCAE3EDC971645DF604D6C79603BB1EF
SHA1:5A930B7BB43D3CE1421F8C0318B1EA73AE3079AC
SHA-256:DD05D2BE4993D7E0A6335C5E1A31D40BE8C82F8FD652BBB7044A5E0D973750E6
SHA-512:DED39FE544CE7FCCE30637C7B02718D640DAABDB63BCECC08C8A408FC2465D7AF6452088C5584AF2BE5A46453707CBDE9CADEE7C24FDF8D77F9F4686EB7E43CE
Malicious:true
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.................{g.....{a.....{q.....{m.....{`.....{d....Rich...........................PE..d......M.........."......&...........`..............................................,k......................................................d`..<....p.......P.......:..............01...............................................0..(............................text...^........ .................. ..h.rdata.......0.......$..............@..H.data...X....@.......(..............@....pdata.......P.......*..............@..HINIT.........`.......,.............. ....rsrc........p.......2..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\pcsInstaller.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):23552
Entropy (8bit):5.616732635048823
Encrypted:false
SSDEEP:
MD5:E88B2EC3D45DF8C33D168CBD0A3A6338
SHA1:789A6B35CD40B1ADEDAB61079F811BADC2A73F27
SHA-256:467FC2292D0728C49738FCC0DA4ED30E3889ECB37E02F4A03E2F687D3D2EF007
SHA-512:F7A7778A9C5CDB2CE410F7F7F6BAD3F00287C597E66F248926BBA0086548745EDCA83A4EA4ACE5A6BF902D81DE95CE3DF0C0FAB8860337DD077CCFF77F9240C3
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h.J#,.$p,.$p,.$p%..p&.$p...p-.$p7a.p-.$p7a.p8.$p7a.p).$p,.%p..$p7a.p&.$p7a.p-.$p7a.p-.$p7a.p-.$pRich,.$p........PE..L....\.................&...2......"+.......@....@.................................IC....@.................................<Q.......p..........................d....A.............................. L..@............@...............................text....$.......&.................. ..`.rdata..V....@.......*..............@..@.data........`.......D..............@....rsrc........p.......H..............@..@.reloc..t............N..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\OPOS\Epson3\pcslpt.sys

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19592
Entropy (8bit):6.423459424398734
Encrypted:false
SSDEEP:
MD5:0C65DE6B67DBAD81C4D1571910870C68
SHA1:8610A5C0F327B8AD0E1A7406B6D9FF4E0CDF3922
SHA-256:B147AB4D786291576E4DF6CF5B47175EB6CC4AA671F24EB0E1562FCE86E7B35F
SHA-512:6D679E07B55CA500ACAE5A5752A0FA96B212A303C5FE531E9870DFAF64603116B9E8BC4FD9060952EF03881F4B0FC9ACFCBDD8CEF9792B7758C96B0F5FD95EF4
Malicious:true
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J.].$.].$.].$.].%.q.$.z]_.X.$.z]I.[.$.z]X.\.$.z]\.\.$.Rich].$.................PE..L...P..M................. ...........P.......0......................................KE......................................HP..<....`...............2.......p..l....0...............................................0...............................text...j........................... ..h.rdata..;....0......................@..H.data...H....@....... ..............@...INIT.........P.......".............. ....rsrc........`.......(..............@..B.reloc.......p.......0..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\BluetoothIO.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):159744
Entropy (8bit):5.891831927141618
Encrypted:false
SSDEEP:
MD5:7307A6823F6703DF15244373D2EB30FE
SHA1:62C9CE96C8D07E0901B7CFB240E0222DE5BFFD39
SHA-256:A3EA0DAEBEC0B61953803C170AE0BE0AC6161D05C7028C599B91D3FEA03C17F1
SHA-512:47239F26AFBFD62AB102970D2D99FA74E4C18DF23EC629722424A9BC6B81FD8663FDAD6685D3C276722DDD73F6CE136D337C6AEB2382400EFC1D08BE89E5FAFA
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,..............R.......D.......U...... ................[.......C......E.......@.....Rich....................PE..d...d.:_.........." ................................................................3P....@..........................................=......|3..<.......x............................................................................................................text............................... ..`.rdata..`...........................@..@.data...p:...@.......(..............@....pdata........... ...B..............@..@.rsrc...x............b..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):408576
Entropy (8bit):6.310069130773123
Encrypted:false
SSDEEP:
MD5:A2F78CA7192CC8C995E55B89D920B7CF
SHA1:41229D35499366D575740E5D7A99486890C7D667
SHA-256:B20E3CE5B10A7B1149D27CDDBE13342281D87EEAE0164839AE837709626591D0
SHA-512:9E2D252772C9A68F194A6C2F0B58B4EF75D736EAEDC043F6182B73C96F0063A24F69776D869FF1C845DE08180FB3763A75CC76F9FA29A84ED634C37F6372368B
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^-..?C.?C.?C.:p..?C.G..4?C.G..?C.G...?C....?C.m..?C..8.?C.?B.N?C....?C.G..?C.m..?C.G..?C.Rich.?C.........................PE..d.....:_..........".................8..........@.............................@......U.....@.................................................<........ ..8........9...........0.. ...P................................................................................text............................... ..`.rdata...*.......,..................@..@.data............*..................@....pdata...9.......:..................@..@.rsrc...8.... .......$..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):101376
Entropy (8bit):5.961935499909585
Encrypted:false
SSDEEP:
MD5:7EC28BA2BAC8C7D48484A2E22114096B
SHA1:F542248E86E81430115316F659332C45EFADCAA4
SHA-256:7365FAAB8B05F6ECC02EE342651670C7EBF684DB5FCE05F21AD2E6E5428A7D68
SHA-512:409F09B409D5DAB129825906B5E76D7B73C97CF338F71B49CBF5BE367A1144036242F4E8BD6465526269C4C82C2B97EE6CAEF3D9DF6F9D258C5F47ECF814A6D1
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.q...............o...........=...*Rd.........}............................Rich............................PE..d.....:_.........." ................Df.............................................. .....@.........................................._..8...LU..<...............l...............h....................................................................................text...f........................... ..`.rdata...P.......R..................@..@.data....7...p.......T..............@....pdata..l............l..............@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):238080
Entropy (8bit):5.96437014417713
Encrypted:false
SSDEEP:
MD5:5AAA5B45E6BA341340CC7B817D643A56
SHA1:CE0FCD90D3B08C569D7451E938492E3275A647A6
SHA-256:6BAA4C3E6326FBA4798969C893BF9A2EBF0B72158F4F0F2460006BE063BA37BA
SHA-512:3B3372B1D046C9DA65255046250D917B780F8855BF09E0CCD9FBB8BC15FEF68496ADC8FC274810CDFF61AEB0C089B5C4A90A488E1FFF11E6D107B22956134E27
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s..x ..x ..x ... ..x ... ..x ... ..x ... ..x .?. ..x ..y ;.x ... ..x ... ..x ... ..x ... ..x Rich..x ........PE..d...9.:_.........." .....x...&....................................................../.....@..........................................^......TS..d...............P+..............,...P................................................................................text...Zw.......x.................. ..`.rdata...............|..............@..@.data....;...`.......L..............@....pdata..P+.......,...f..............@..@.rsrc...............................@..@.reloc..z...........................@..B................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\EthernetIO31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):227840
Entropy (8bit):5.956584791489957
Encrypted:false
SSDEEP:
MD5:80CEEE8307C6EEC1BC430552D2F209E5
SHA1:D2974B5D64A025CBAEF60C479E1D0A553EA6FD6E
SHA-256:65C838FE3BC2C181D1F1CEB3A485E6C5A6D5D20C4DCAE0C7FC3A5A24374223B8
SHA-512:F12318A36D884080819693708B1365B8E6BFF3E8253618639E007E3070E2806A4DFDA99007611159BBF46E34E4DB6B465D88999A0CEC142857F7CDCDB4D47645
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.6...e...e...e.g.e...e.g.e...e.g.e...e...e...e...eG..e.g.e...e.g.e...e.M.e...e.g.e...eRich...e........................PE..d.... :_.........." .....\...............................................................@.........................................@4.......)..P................*..................@t...............................................p...............................text...J[.......\.................. ..`.rdata.......p.......`..............@..@.data....;...@.......&..............@....pdata...*.......*...@..............@..@.rsrc................j..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\Info-ZIPlicense.txt

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):3472
Entropy (8bit):4.663962264865435
Encrypted:false
SSDEEP:
MD5:5EE11435ABB2C52241087C2806C296FF
SHA1:2C8F278AAD042517F7CADAB3359418A8F1FF657A
SHA-256:AADDD957EE613E4D625B711D73B573B0DB74B071559E8CCB20B4C3CF0D8AF49E
SHA-512:72DAEA03F0BC539226D795362AD2137491A15A7B3EAAC4881349FA3E5914C0EA10E3D4F0C8796AA8D8E167F74116B42C8E74E60CDB624B4FFD3A5920AF06DAE9
Malicious:false
Reputation:unknown
Preview:This is version 2007-Mar-4 of the Info-ZIP license...The definitive version of this document should be available at..ftp://ftp.info-zip.org/pub/infozip/license.html indefinitely and..a copy at http://www.info-zip.org/pub/infozip/license.html.......Copyright (c) 1990-2007 Info-ZIP. All rights reserved.....For the purposes of this copyright and license, "Info-ZIP" is defined as..the following set of individuals:.... Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois,.. Jean-loup Gailly, Hunter Goatley, Ed Gordon, Ian Gorman, Chris Herborth,.. Dirk Haase, Greg Hartwig, Robert Heath, Jonathan Hudson, Paul Kienitz,.. David Kirschbaum, Johnny Lee, Onno van der Linden, Igor Mandrichenko,.. Steve P. Miller, Sergio Monesi, Keith Owens, George Petrov, Greg Roelofs,.. Kai Uwe Rommel, Steve Salisbury, Dave Smith, Steven M. Schweda,.. Christian Spieler, Cosmin Truta, Antoine Verheijen, Paul von Behren,.. Rich Wales, Mike White.....This software is provided "as is,

C:\Program Files\epson\portcommunicationservice\PCSIF.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):209408
Entropy (8bit):5.972694990338831
Encrypted:false
SSDEEP:
MD5:A0E97A3B25C80DB6BF700B4D2D9E3DFC
SHA1:0FE5EEE7EBF10FE5C32D7A5B5EDA8787621D91AD
SHA-256:3B09E17AB8BB25E8125E8142B53B64BA3A412C4462F65F53BDD1E606007C3D4A
SHA-512:89C02225AA8075A03B20A58099DDBC7568249B6CB5C7C9482FF656BE7C0EFBDF8A3C4954E0910AADBB102DF91D2BDE096797C8A81C48C20E6BBF525D410BC752
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........ISH.'.H.'.H.'.A...-.'.A...B.'.A...z.'.o>\.O.'.H.&.2.'.A...Y.'.A...I.'.V...I.'.A...I.'.RichH.'.........PE..d...;.:_.........." .....,...........n..............................................(p....@.....................................................P....`..T....0...(...........p.......D...............................................@..x............................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....:..........................@....pdata...(...0...*..................@..@.rsrc...T....`.......$..............@..@.reloc.......p.......*..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\PCSVC.exe

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):582656
Entropy (8bit):5.915736268397596
Encrypted:false
SSDEEP:
MD5:680840D56DDAA2E3A48DCFFD704F90C6
SHA1:93350BE6DF7803D1816CD40D449DBCE6D367188D
SHA-256:D3C1CCC4FEAACCCB913E8C60B9E5D589C6F6B5B0211DE356C77DC78E9184742A
SHA-512:94EAF3D4565F0648242B377149B8653E2D7A5BE7F935C3808B3DC14B47338A9B9D0347E7427B39B1E1A2977731E0BB1F7C7F1E5569B02BBA11BE151C244293B9
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.>...m...m...m.q-m...m.q<m...m.q;m...m...m...m...m7..m.q2m...m.[,m...m.q)m...mRich...m........................PE..d.....:_.........."......(..........`..........@.............................0.......B....@..................................................H..........T.......\^........... ..d... F...............................................@...............................text....&.......(.................. ..`.rdata.......@.......,..............@..@.data...`H...`...&...H..............@....pdata..\^.......`...n..............@..@.rsrc...T...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\ParallelIO31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):175616
Entropy (8bit):5.920917998636191
Encrypted:false
SSDEEP:
MD5:F20F997E85E53EBD5A556B23F65A6FFC
SHA1:B1EA3AF5CB88A4C2989CA830CCF23376D51018F7
SHA-256:BDD406BC078C438B68FFF2AB9C012CDA8904E7C1AD2375F15EF1C609B14F5EFD
SHA-512:D010798FBC44DF52D7618B74AD554F7B3524D97D3466499639465E1DAB3DA68833C9D32C449B931E656A18DFA6BAC545E2CBD81C6C2EB7858EF67EC0B4A1A947
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................O.......Y.......H....>................F.......^.......X.......].....Rich............PE..d.... :_.........." ................X....................................................@..........................................n......,d..P................!......................................................................(............................text............................... ..`.rdata..............................@..@.data...0;...p.......d..............@....pdata...!......."...~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\PortConfig.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):344064
Entropy (8bit):6.036151926829996
Encrypted:false
SSDEEP:
MD5:458306CBFC64F8412B07B4E53B3E765E
SHA1:75D771FAA1CA4AA819134EE3900D9D2855F94399
SHA-256:EF73DFEEFC68076EF2680E7E055A47B001D030FD9FC7E75D8C1E890C5CBB5B99
SHA-512:89676E123A1E9564F3DB91F66971A9DC667D52E1118ABE4CE8E258D4A93754D73ADA7FF0AFFA211A8BFB63A292125116052B9BDE753676486129D600448EA4D6
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..D7..D7..D7..MO|.)7..MOj.N7..MO{.t7..c.O7..D7...7..MOu.V7..MOm.E7..Zek.E7..MOn.E7..RichD7..........................PE..d.....:_.........." .....................................................................@.................................................d...x....`..x.... ...=...........p..........................................................8............................text............................... ..`.rdata.../.......0..................@..@.data...HM.......,..................@....pdata...=... ...>..................@..@.rsrc...x....`......................@..@.reloc.......p.......4..............@..B........................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):133632
Entropy (8bit):5.979760291684648
Encrypted:false
SSDEEP:
MD5:A8F1773C34AC09ED357A2EA1C2F3A089
SHA1:A2C2C6FADF0B201D347B3F12D30E5CD0D9A05E02
SHA-256:32E002FAFC5AB92FB5C6F66A73609A7775E552C29A469733B554C839D8CE7422
SHA-512:501DA20093AA54F32D3CD1E4D4F79411430F7F1C928D7D2E57AAFDC83DC8C4919C32EE682B784FBA080DEBF0F0955A5E4B23C47589C5731DE6B39F93FB27142A
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C..............].d....K......Z.7.. .........]....T......L......J......O....Rich...........PE..d...Z.:_.........." .....V...................................................p............@.........................................0...........(....P.......0...............`..X....r...............................................p..h............................text....U.......V.................. ..`.rdata..Gr...p...t...Z..............@..@.data...89..........................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\Replace.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):235520
Entropy (8bit):6.034796840625395
Encrypted:false
SSDEEP:
MD5:85697AF8E5AAB68E7E9662520AD5CC05
SHA1:624C98E3D7AF3F6401D1CE409315AA35A8327D77
SHA-256:4B6D038FB3C9C65455AF4C68F74BB19358F9E60BE0BB426ED42333F1F7B90C52
SHA-512:36E231A946D0BEC0A3488B1501B1B89754E3A5F7DB4EC867FD76B158FC3683277DC8E04BE5BB667A7B89F930337FFAEEC6A6B399B76743269288DDFD987C28E2
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~..u..u..u......u.....u.....u..k.u..u...u.....u.....u..'..u.....u..Rich.u..........................PE..d.....:_.........." .....^...6......................................................6.....@..........................................J..e....@..P.......`........&..................`s...............................................p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data... B...P..."...>..............@....pdata...&.......(...`..............@..@.rsrc...`...........................@..@.reloc..^...........................@..B........................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\SerialIO31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):159744
Entropy (8bit):5.898301346558514
Encrypted:false
SSDEEP:
MD5:F12942F218156374BBA3D1E5CD7A144F
SHA1:285CCEEC937CBBB34C1E400439BF4E5378BA26CE
SHA-256:11712B3E1B9A4DD9BDE1C6536CC82BA233D0F89571FA80E5AE68F4493F36F7F6
SHA-512:6BDD4BC56974FA64EE24F9D8DDC6B86C65012E1F0EA052F56742F7E27FD96D7AF1E4751B56135A842CDC51E4F08542996C5AB68AAB762A0CEC4C7A751A22FF70
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..0..0..0..9.[.U..9.M.:..9.\.....a..5..0.._..9.R. ..9.J.1....L.1..9.I.1..Rich0..........PE..d.... :_.........." ................|.....................................................@.........................................`>.......4..<.......x.......<....................................................................................................text............................... ..`.rdata..............................@..@.data....:...@.......(..............@....pdata..<........ ...B..............@..@.rsrc...x............b..............@..@.reloc..|............h..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files\epson\portcommunicationservice\USBIO31.DLL

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):208384
Entropy (8bit):5.9222472818807335
Encrypted:false
SSDEEP:
MD5:5867B3CC6E4ABEBD6B2538D6A809CF15
SHA1:6ADF19D9C5253023E6B15B3A210DD70BE60FEADB
SHA-256:442D6879F998D5E738835E9ABEDEC38264AEE034DE5852156F180AC815ECF574
SHA-512:6934FBAFEAE772083584DC5D4534919DE4492E93DEAE95F4539917210F4640E9433FA4457273661356A92AE9152B14D611BBB116A299B866E59FD6F289086FBF
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x.hHx.hHx.hHq..H..hHq..Hr.hHq..HL.hH_}.Hy.hH_}.H..hHx.iH..hHq..Hb.hHq..Hy.hHf..Hy.hHq..Hy.hHRichx.hH........PE..d...R :_.........." ................$^...............................................>....@.....................................................P....`..`....0...&...........p.......4...............................................0..x............................text............................... ..`.rdata..e....0......................@..@.data...(=..........................@....pdata...&...0...(..................@..@.rsrc...`....`......................@..@.reloc.......p.......$..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\EPSON\portcommunicationservice\pcs.devicereplace

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):319
Entropy (8bit):4.631392573528478
Encrypted:false
SSDEEP:
MD5:9BF843EA93C5EA21C68C515288A899D8
SHA1:421EBA50C7E846E71AD3022ECFDCCE4E2FE3222E
SHA-256:63495ABEDEF4788DD3CC332966FAD910BA35B24C13B41E14F547965ADADA7EC1
SHA-512:FB5FE7999BFA75BE7B705DC25C00F23CC6A8A64CFEB8776C7ECAB49269E9D6FA2A7FCBF86144FB2FB9EDA3F1C4948522AF2F066BB31B7876A171D88FB836BA12
Malicious:false
Reputation:unknown
Preview:<xmlroot>....<type value="43">.. <type value="TM-J2000">.. <property id="TM-J2100">.. </type>..</type>....<type value="67">.. <type value="TM-J7000">.. <property id="TM-J7100">.. </type>..</type>....<type value="71">.. <type value="TM-J7500">.. <property id="TM-J7600">.. </type>..</type>....</xmlroot>..

C:\ProgramData\EPSON\portcommunicationservice\pcs.installation

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:very short file (no magic)
Category:dropped
Size (bytes):1
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA1:356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:false
Reputation:unknown
Preview:1

C:\ProgramData\EPSON\portcommunicationservice\pcs.portcapability

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):6083
Entropy (8bit):4.723197198200042
Encrypted:false
SSDEEP:
MD5:B5C8B429806546B84A788A932EBDF10B
SHA1:0AFA89E6670C4A7334F834FAF14B55444FE9FD05
SHA-256:887B6A6F6F30EDDB2D1C1D7B472DA0FCB11839486E1C8F9FACB80EC91A99B033
SHA-512:A6FD198557B8E74AA0D55FE0AD755906FC041A480B0A0CCDF2197653CDF1C311102DFFC9AFDE5C1FFEC355FA7F7F11A19C7BCED26DAF45A7DE550EA0917B0FB9
Malicious:false
Reputation:unknown
Preview:<xmlroot>...<type value="PortType">....<property id="valuetype" valuetype="string" value="number"/>....<property id="list" valuetype="string" value="1/2/3/4/5/6">...</type>...<type value="PortName">....<property id="valuetype" valuetype="string" value="string"/>...</type>...<type value="NICMACAddress">....<property id="valuetype" valuetype="string" value="string"/>...</type>...<type value="DeviceType">....<property id="valuetype" valuetype="string" value="number"/>....<property id="list" valuetype="string" value="0/1/2">...</type>...<type value="DeviceID">....<property id="valuetype" valuetype="string" value="number"/>...</type>...<type value="ModelName">....<property id="valuetype" valuetype="string" value="string"/>...</type>...<type value="BaudRate">....<property id="valuetype" valuetype="string" value="number"/>....<property id="default" valuetype="number" value="38400"/>....<property id="list" valuetype="string" value="1200/2400/4800/9600/19200/38400/57600/115200">...</type>...<ty

C:\ProgramData\EPSON\portcommunicationservice\pcs.setting

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):398
Entropy (8bit):5.330202374266738
Encrypted:false
SSDEEP:
MD5:AD930DA9D7D59C28467154AC170452DD
SHA1:5D94838102E743B152B923CF28254EA05BBC406E
SHA-256:36E340A92CA1C124952B584D4E01F92B5B6103507C0DF4E90D13DDB7800975A2
SHA-512:4C50820F1FD7529C61F520BC497CFAA150C8FEC61D327D6C19AED979A11897679A29E28C8A3D2C8B999F206AC7504E3331E0986647543921AEDE632B8FACADF5
Malicious:false
Reputation:unknown
Preview:<xmlroot>..<property id="TCP_COMMUNICATION" valuetype="string" value="Enable"/>..<property id="TCP_COMMUNICATION_PORT" valuetype="number" value="2291"/>..<property id="VERSION_NUMBER" valuetype="number" value="51904512"/>..<property id="NONUSE_PCS_PARALLEL_DRIVER" valuetype="number" value="0"/>..<property id="DEFAULT_PORTCONNECTOR" valuetype="string" value=".\PortConnector31.DLL"/>..</xmlroot>..

C:\ProgramData\EPSON\portcommunicationservice\pcs.settingbackup

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):526
Entropy (8bit):5.354505591721441
Encrypted:false
SSDEEP:
MD5:CD2CF90D59574D67F30F71C4C3D925B6
SHA1:0C59AF80235694A2A7C639BAD59117951B5F5D38
SHA-256:897AB4E71927B732636BA72EF746A123EBF8F2F74D59D0E359B1ACD30E389C13
SHA-512:B773B922A673E753CEA19CBCA1854C78EA55324F14C838FB84F4AD048D227EDEF44F636EFA9C825C42F5CA597E96EE7E6FAE25ED38C5BDD9B1DDC31261D36106
Malicious:false
Reputation:unknown
Preview:<xmlroot>..<property id="TCP_COMMUNICATION" valuetype="string" value="Enable"/>..<property id="TCP_COMMUNICATION_PORT" valuetype="number" value="2291"/>..<property id="VERSION_NUMBER" valuetype="number" value="51904512"/>..<property id="NONUSE_PCS_PARALLEL_DRIVER" valuetype="number" value="0"/>..<property id="DEFAULT_PORTCONNECTOR" valuetype="string" value="C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL"/>..<property id="ENABLE_REPLACE_TO_LOWER_MODEL" valuetype="string" value="Enable"/>..</xmlroot>..

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File
Process:C:\Windows\System32\svchost.exe
File Type:data
Category:dropped
Size (bytes):1310720
Entropy (8bit):0.7945921742446002
Encrypted:false
SSDEEP:
MD5:82C984F96F5DEA1DCDA66431886BE85D
SHA1:CC9FB3038638DE4ED2FEEA4091E33B24AF27AFBC
SHA-256:AEC51BFE50AB34377BC497741AD6FC2496F175785E32957EF925CE7CD193CDDD
SHA-512:701D3A4E90F6F7BF6CAECD8EFA5CF43A14D4FEBB0927B25C6F653DAEA5AB9113248AD0BA01910B7E91E5CC26EFF41F6266F07FEF740393D9791C26F1B1A2B98C
Malicious:false
Reputation:unknown
Preview:..6.........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................d6d6.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File
Process:C:\Windows\System32\svchost.exe
File Type:data
Category:dropped
Size (bytes):16384
Entropy (8bit):0.08144805362166743
Encrypted:false
SSDEEP:
MD5:4F62EBD41CACBA7ACE402CB77BD0D9BC
SHA1:E83C3773D7307849628D5958B430D3B4A66D8C08
SHA-256:C64757FBA493398ABC42B0127B50203344F296888F0802F240AC3DEAB00CFD20
SHA-512:1424F68C7631044D475AA738C565301910C9958A8A2AB861BD24A9DE7F2B8BE23DF077EF8398CDD698BD6EF3F8C6DD97F27B45A52E121C40807E9F6540E7FE2F
Malicious:false
Reputation:unknown
Preview:.}.G.....................................;...{..(-...}... ...{........... ...{... ...{..#.#.. ...{.|.................@..(-...}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson OPOS ADK\SetupPOS.lnk

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Jan 28 15:40:08 2021, mtime=Tue Jan 7 22:46:52 2025, atime=Thu Jan 28 15:40:08 2021, length=19456, window=hide
Category:dropped
Size (bytes):1111
Entropy (8bit):4.6098992940127985
Encrypted:false
SSDEEP:
MD5:BCB379D3BB1B7110FC7EDC5348E21092
SHA1:CD4743211DEAE5BF6C0B9E3276ADE6953C0201C1
SHA-256:DB70F42BABAA61636236F7026B35567EF2EE42602E17A924218C761E0E1B5D3F
SHA-512:FD26CC0B2B2702B1897AC48940BE46E9A6800455F827A4FD34841CEA890511B637FA4392C3D0B88BAE8B749A10605BF849EEFD0DEA4DD1424DEDE5CC076EF617
Malicious:false
Reputation:unknown
Preview:L..................F.... ......<....X.Xm^a.....<.....L...........................P.O. .:i.....+00.../C:\.....................1.....'Z...PROGRA~2.........O.I'Z.....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....N.1.....'Z...OPOS..:......'Z.'Z......\.....................&..O.P.O.S.....T.1.....'Z...Epson3..>......'Z.'Z......\........................E.p.s.o.n.3.....f.2..L..<R.. .StartPOS.exe..J......<R..'Z.....-.........................S.t.a.r.t.P.O.S...e.x.e.......^...............-.......]............_.......C:\Program Files (x86)\OPOS\Epson3\StartPOS.exe..>.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.P.O.S.\.E.p.s.o.n.3.\.S.t.a.r.t.P.O.S...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.P.O.S.\.E.p.s.o.n.3.\.........*................@Z|...K.J.........`.......X.......585948...........hT..CrF.f4... ..*.Q.........%..hT..CrF.f4... ..*.Q.........%.........A...1SPS.XF.L8C...

C:\ProgramData\Package Cache\.unverified\EPSON_OPOS_x86_3.00.0.msi (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: OPOS Installer, Author: Seiko Epson Corporation, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON OPOS ADK Ver3.00., Template: Intel;1033, Revision Number: {B172D4FD-4083-4574-A2E8-C472D5B95895}, Create Time/Date: Thu Jan 28 02:42:02 2021, Last Saved Time/Date: Thu Jan 28 02:42:02 2021, Number of Pages: 100, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:450134354271788968E49FB3112F1A4C
SHA1:A40AAF7CC05287CAD0D70A43FE79BE6F1EC87223
SHA-256:335629D1825E9E791394028CA710831257439EFB99EE882B4677BE0381AE5B7E
SHA-512:740F9C9D076A53DD2E0752E71A81F9450B172EC78709566B3A023E4EFBEA94FDC53986B01C5CACC57B38EFF287219B7F54A212B2CB00584308DD5852D89387F2
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\PCSSetting32.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:9E8698B639ECC899E3218E3E37F95DC4
SHA1:F3AA64D34A7032574703F582D66AE47883BF2953
SHA-256:9F392C4C63BD5D772442BDFFA62F0306D430A2A670683AA55398D56839CFB60A
SHA-512:251FF9C21A941C49B09EF5535E56FDA18F73D43B4A455489CA370EF7D254ED6483330F58ABA88C2D5CA2E714DD8FA09E43E67FDFE8CF010D8E03CD9CB05C73E0
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2x..2x..2x..;...#x..;...]x..;....x......;x..2x.._x..;...1x..,*..3x..;...3x..Rich2x..........................PE..L...'.:_.................j........................@.......................................@.....................................d....P..x....................`..l...................................p...@............................................text....h.......j.................. ..`.rdata..............n..............@..@.data....2..........................@....rsrc...x....P......................@..@.reloc...!...`..."..................@..B........................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\PCSSetting64.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:3EC483711F021829375C4EB7F5DE09FA
SHA1:E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2
SHA-256:56EA43C9B59C59AEE123EB3CC5400C10510E5A12E13826710C515F85125B1910
SHA-512:8512440FFBD4B09FD57FD17BED3BC54BAEB32D4DCFC4A292C33315AA4DB6DC5601145782492A8CBC638D31A6310E553652FCE31673C3B7BD8B2C15F50AB7C945
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b...1...1...1.^1...1.H1...1.Y1...1...1...1...1...1.W1...1..I1...1.L1...1Rich...1........PE..d.....:_..........".................x..........@..........................................@..................................................c..d.......x.......................t....................................................... ............................text...k........................... ..`.rdata..............................@..@.data...@A...p... ...V..............@....pdata...............v..............@..@.rsrc...x...........................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\Setup.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF42BF5D40BA5B5F5591BA04F8372179
SHA1:C9C2B3D3B2F26EF5837603C1189CA4D7224C7628
SHA-256:B80C677DE119D385D077A47279D2CF20953803102E9FC83B11B2888CBAB9E767
SHA-512:FE1AF9D4AD10A2BDCDBBC967A6C95989A59641ADB378B9CE9134EEE836FA0B2F3EBFEBA0F30A2042CAE9FD73F726B1F54A3CAFCAFC95925B78806FD7A6642D4C
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....s.U.s.U.s.Uv..Ufs.Uv..Uos.Uv..U0s.UX..U|s.U.s.U0s.Uv..U~s.Ua!.U~s.Uv..U~s.URich.s.U................PE..L.....^.................d...D......r.............@.......................................@.................................D...(.......................p!..........0..................................@............................................text....c.......d.................. ..`.rdata...............h..............@..@.data...............................@....rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\lptInataller.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:64A7A0069BCC10353C1EDF58273F68D9
SHA1:8998FFD7453711B8B785B1E4BF6C363B2B3957DE
SHA-256:EB5DEB9AEA55D6CCB0AD8E1CE53C293D355AE34ECD12A37255AE314005923D2C
SHA-512:F397231B53A76149665626CF4216C9D2A2DD6C95AA71724C1812A24D9AAA0520D37ED8FAE762BA985C0D081EB875559707E8A43291F99C3F1B8235E2C6DCA3B5
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...tDG.m...tDE.n...tDq.|...tDp.m...f.H.h...o...U...tDt.n...tDF.n...Richo...........................PE..L...?.P\..................................... ....@..........................`.......k....@..................................#..d....@.......................P.......!...............................!..@............ ...............................text...d........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\pay0F6DC57774F318C405ACBC32F6DAE251 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:52F2D7ACAD4A81127F86B6772FF8CB43
SHA1:51C1D80B4A9556848791FE74E286238AAFAC42A8
SHA-256:67019F22F3A548678E6712B7F0729E07B9CB141213F91E4FA4D0BD76EE7B993C
SHA-512:1E7BEB05BF136014438565906F91ACA3B7F71A1B60EB3FD1273249533B3214ADD881D928C299C4D90A13778D0C4A9D5C808C68C8B6CDE9ABEC1DA895932DC056
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\ProgramData\Package Cache\.unverified\pay2ED01CA94E938DDDC39A6C906E554BF9 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BE3541BFDA8A81C474224EB84E977004
SHA1:FA9CA357BA8B16480BF92C22628A82DEDBCDD183
SHA-256:5520C35127FBDC94322966486CA76F8075EB3F64655F000B1AF16BE635309287
SHA-512:761FF8CDE80EF794EB371DE20FA1D95440F090DABECD2C58ECD6F8B6C62D908E3BC3BDBE8A3817F3B53D78CB9E395BCE146CFC9E1B9EBD03EE1F3D341B780803
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).g.m...m...m...T.t...m...-...t.g.o.....|...V.....i.J...W.l...S.l...Richm...........PE..L.....}C.................(..........|........@...............................0......T............ ..................................................................`...............................H...@............................................text....'.......(.................. ..`.data....0...@.......,..............@...Shared...............:..............@....rsrc................<..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\pay3793A6D3F427DBCEBAD2F1C2E50F2101 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:D17902B18A5AD47410831225B9F2F6DD
SHA1:1633AF46390C0296FEA98FF0BD87B457D8BC7B08
SHA-256:BB0247FFE847A52BEDECB144A370E1BB741A3C10F6C21D7BE26D4F4C467A8659
SHA-512:F18C184E792487057D3752A529CBD0C451B65267D1E8C9924C4EEEB69950A7BE31E65833DA2D7C5349762E74D2F4DCA642C672E7970DBDD22BEFC000EF1E3250
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...I.w].....................P.......Z............@..........................0.......&..........................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\pay56A2E564C42922738B0329D1013F0942 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:7B336445B0417D4CBA1F317E30C6D56B
SHA1:9C3BBCE1206D05D48E69A58C1260F422E15363EB
SHA-256:6F551A1D2717E29F43E5B0A50A16A5D507F4BF065E11546FADAB650AB1C1071B
SHA-512:29927774406E5FC12A27D6CB8F4134B96298190DB5683D442316105D2DDC75EF711BF623CBE474BB9EBAA3BD789A068CD9DC46B0507AF52A0FDEEB92EFE3CE8F
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\ProgramData\Package Cache\.unverified\pay730752890336AA13ECFA7102D7D9F10A (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: x64;1033, Revision Number: {434DEA19-0155-4F29-BFD4-62ABB34F7569}, Create Time/Date: Mon Aug 17 07:17:00 2020, Last Saved Time/Date: Mon Aug 17 07:17:00 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4FB85836FAECB52BFD1FBBFC51B87329
SHA1:30C260063638F643CE6AD8696FD0EC58989968CE
SHA-256:EF816A3F5EB274EDAFA657025B0819B3857849D0E678DEFB707106AED36DBC71
SHA-512:8114FE1696667EE7624CDB66A7DD8F90EFD421FBC8AB93B0AC2D6B776660C8ADC693EE0950B6AA4348A9859B489A7C3867294F5FE5B39AEC30071E16473EDA3E
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\pay75D7BCE4F0DA279E6C7C4ABC3866A195 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4589A63BA1FD07F3F527E29D97E7B499
SHA1:FE220BD9E9229600A3172D3015FE22654EA88A4D
SHA-256:676F70BFCA486561ED46F660C5625BE2C1E727931F02A3AFC785D1030C75E79B
SHA-512:AB830648FDCEFEBD7CB1587B40B0134E6198511EFF07A1CFEF2E3AEB9D43AEF34C12C3814C6BD5C4C48D85B55019EEB1084AB34A34A10D29B8BCDF882CB8D7F2
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\ProgramData\Package Cache\.unverified\pay7BD4773AC9B54A2A21AAEEC2DC0774D3 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:F2CED91D6669E6118854F55974954046
SHA1:80D670BCF1B483AAE56633E3EA0BA4AE8957DBAD
SHA-256:BDCE7F7A41ADAEFB4C0F4DD3F82B308A614B8BCFE299CF1E2C3392CF43D64CF8
SHA-512:04426588715BB58E9E6C5C5C71D163A1215E6DD6B7F77DD69DA3C82AEF9A8CB80122B991CDA726795A4D5C71B43C1F683748D20991737A4C332A13EFB7CD4623
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..A..A..H.>.D..A.....H.8.B..H...E..H.$.J..H.9.@..H.<.@..RichA..................PE..d...W[.Y..........".................d...............................................T...... ....................................................<.......................P............................................................................................text...z........................... ..h.rdata..T...........................@..H.data...............................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B................................................H..%c..H......H...)..H.. ...H......H..H...H...<..H.ApH...@..H......H......H......H...N..H......H...P..H......H..,...H..(...H..z...H.AhH.A0H......H.H.3..........H.\$.H.t$.WH.. H.A@H..H..H...[....GCH......HH..H........H.....

C:\ProgramData\Package Cache\.unverified\pay927811705D452D60115D384E7785346C (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B679DB2783876DD75C44DE0FED6978E2
SHA1:F5C3BCB22D84AE386A671976D2FC86005B32B0E4
SHA-256:94980C82C4EE4B0EF1C4618FAB4536E55C024295CDDDAB9D106A7B888311FF5F
SHA-512:57D7201433F9EB43E8DE31F9D6EF4733C08EC8D68F254619D3D8C3AA0937D8383936BA68E2D5C8EDD44E4204448BAC3AA4607442134CE720B057B4400548CE92
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0. ....1.0...+......0.....+.....7......0...0...+.....7......L..^.K.....a...171025072237Z0...+.....7.....0..B0....R5.1.C.1.D.8.0.B.4.A.9.5.5.6.8.4.8.7.9.1.F.E.7.4.E.2.8.6.2.3.8.A.A.F.A.C.4.2.A.8...1..A0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........Q...J.V....t.#...B.0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.8.7.7.4.F.2.1.B.C.E.3.D.1.5.A.7.4.4.6.1.1.9.E.B.6.7.7.D.6.A.1.4.F.4.2.8.0.2.2...1..I0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........wO!...ZtF...w.OB."0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......s0..o0J..+.....7....<0:.&.Q.u.a.l.

C:\ProgramData\Package Cache\.unverified\pay9B381276256D0D04C67314F8E3E10168 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:D7FB2496BDE13C08E7713E22259D1817
SHA1:1B1EAAE704E507575AF32C4187E77C1F060DCCC8
SHA-256:12DBECC696081497040BECCB66676F59725777BB7380F2ADCC32BF5941FFEEC3
SHA-512:3A59D98BFEC45A65A6D33CE536936C3B9DB3B11B9EE14E0234FE75AF380F9D50D65F7922D43DC51BE6E5995B01029C9BA0BCBC967A000186E77C815D4B6EF222
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.7.10 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.7.10 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.7.10 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.7.10 ...............</finishTitle>.. </langua

C:\ProgramData\Package Cache\.unverified\payB817A58592B86A58C1F9BA7DC8C72429 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:2731434A1ECAE28D15209A9F1BE6C80B
SHA1:FF02B11F9369D9CF69B921739D5735978E437692
SHA-256:6A785D053C9E3A353E1CFF9C3734B82399D02EB953C7BE25E0499D2F233E9350
SHA-512:09136146B04F70EAE30C7965C126B6C52B5E449A8F4728B5AF9EC9679A2B509DB627F63F3D4D438B10157C1999387D0C434F5BD5C59D24896465638D4C43795D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........................................................................................................................................................................................................................................................................................................................................................................................................[..:...:...:...:...:...B<..:...B:..:...B,..:...B;..:...B>..:..Rich.:..................PE..L...i[.Y............................>...............................................W......$................................P...P.......................P...............................................................4............................text............................... ..h.rdata..............................@..H.data...............................@...INIT............................

C:\ProgramData\Package Cache\.unverified\payB818B3D2E260A901D958FE9A59A056F7 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:DBD52CC335E81EA31F5839BD67E39A16
SHA1:9D48C104AC238AF9F2C21E4D3DDFE4A4F1AAE85A
SHA-256:5BC6DD9D40738D6F2DBE6161A596AC35D7A6C32005B7EB0A79C5A0C6ACF673BF
SHA-512:1DAFA72F6E5930608F4A88C4F1A82C4D5B9253D3508F7B80D170960EE67C209B50F354172EC069650F090CF6086EC593D1F6BCD52790C361715C911F9A8152E2
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.8.00 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.8.00 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.8.00 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.8.00 ...............</finishTitle>.. </langua

C:\ProgramData\Package Cache\.unverified\payC15467B293607C85E30B32A63A8E16BE (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Non-ISO extended-ASCII text, with very long lines (318), with CRLF, NEL line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:23C03EAB4C58009DC86992A09C8ECD20
SHA1:169066A19D739BD3364AAA9F2AD0FA3B69B35DBE
SHA-256:42F8C76B10EE528201CF15D1947681E2200C13D300122F9880902C2CBD903A99
SHA-512:EE2A669F654827E688B4B2F57C6FC337DE54E336E00442093965A51D5DD7197C510DA36F0E33FAF7B1DFD096593BB70D515C73D87CBE53D59FAFFD15C4D24F73
Malicious:false
Reputation:unknown
Preview:.\.t.g.E.F.A.g.p....._..........\.t.g.E.F.A...g.p....O..{.\.t.g.E.F.A.g.p....._...i....u.{._...v.........j..T.d..............B....\.t.g.E.F.A...C...X.g.[...A.....A.........@..g.p.......A.{._...............S......].......................B.{._................A....\.t.g.E.F.A..g.p.................B.....Z.C.R.[.G.v.\.........i....A.u....v.........j........T.v...C...[..A...q.l.........\.t.g.E.F.A.i....A.u.{.\.t.g.E.F.A.v.........j.....L...........g.p.......I..........................B.....L...P. .g.p......(a) ...q.l..A.{.\.t.g.E.F.A......e.L.X.g.t.@.C.....w......n.[.h.E.F.A...i.......q.l..A.v...P.[.V.....\.t.g.E.F.A.i....A.u.{.A.v...P.[.V.....\.t.g.E.F.A.v.........j...........s.....I........A.{.\.t.g.E.F.A...g.p..............B..(b) ...q.l..A.{.\.t.g.E.F.A.....q.l...g.p........R...s...[.^.A.......q.l........l.b.g...[.N..............R...s...[.^..C...X.g.[......

C:\ProgramData\Package Cache\.unverified\payCB40CD10A10870E5AE1385FA0F1F3337 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:292828F5482C6DC0DB73B2DDAEAC5863
SHA1:88D8DEE0922729D0F2EF38F2D38E2948FE41EC76
SHA-256:171DA446F1E30D4117F84E137C50A91E505080603133EE62E451334893858BAB
SHA-512:FBEE652BABBFAE631059440707B33E8BD370A4A2FD535DC1DEB7C9B41E0793DA745971BC1CC3DBF5250E58CE9A9BBF6A4E9049D41D1B122D1014BA8493B8225F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q.T.q.T.q.T...U.q.T...U.q.T.q.T.q.T...U.q.T.. T.q.T...U.q.TRich.q.T................PE..L...A..\..........................................@.................................|.....@E................................L...P........................?..............8...........................8...................4............................text............................... ..h.rdata..h...........................@..H.data...............................@...INIT................................ ..b.rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\payCD625093AC3B4D0C421A592FE082EAEB (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:71AB5B907347419FA65784CA9E7C3D29
SHA1:447FD2E2123D5D32845E8322C3DCC8B35AC33165
SHA-256:3C34A4302546B2B937725A19F91774FC1DD1F098EF0E3B020FB79721C6349BE8
SHA-512:93DA89ED34C2F24873B00E80B34D495D11A47DCBEEBABF11CE2EF46DFB271C65395A8FEB5665CEAACED99A0D7F937E625894183082BCE165725C3160CEC1B70D
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...[.w].....................P.......Z............@..........................0..................................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\payD039A7816E27A6FBD54DCE620E35B501 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:ASCII text, with very long lines (882), with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B73B9ECD459ADE5DDB784C5BB4990663
SHA1:1480DDCE20D9D66A9D7FE928E9ED16EA7EE45983
SHA-256:CE52C3097E7229861F5AC49ADDA3C4EC399062A6ECE2D9A568B253DEADE44222
SHA-512:EDC536DF6FB59A470514023C09DFEFEA14DD63F55B98516C880ED9B781F9977C1C0B92B927410A2C27DCA3F64EA6AFB99F170A3A30FD18A0A1796E0F167335B9
Malicious:false
Reputation:unknown
Preview:Please read the following Software License Agreement ("SLA"). Use the scroll bar to view the entire SLA...----------------------------------------------------....SOFTWARE LICENSE AGREEMENT....IMPORTANT! READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY. The computer software product and/or data, including any accompanying explanatory written materials (the "Software") should only be installed or used by the Licensee ("you") on the condition you agree with SEIKO EPSON CORPORATION ("EPSON") to the terms and conditions set forth in this SLA. By installing or using the Software, you are representing to agree all the terms and conditions set forth in this SLA. You should read this SLA carefully before installing or using the Software. If you do not agree with the terms and conditions of this SLA, you are not permitted to install or use the Software.....If you agree to and accept all the terms and conditions of this SLA, EPSON and its suppliers grant to you a nonexclusive license to use the

C:\ProgramData\Package Cache\.unverified\payD1FB11A55FA8F697A3D799DCCDBE7F52 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:980DCB467C271F79CC40F06C13E168BE
SHA1:20EA1EED5406A8FA8B0DF60F2E0BBD95F8C974E3
SHA-256:40C8325A828C277C254CEB619256FB6FA7E058AAC21658BCB85D7406F574BCC8
SHA-512:1B24C10BF7599805869557FEAF5CD86E5053D09E7D8AB92C86C2FC9771721B6AE54EAAB294884EF0E76419D38A8C943929E0CAE6600B162FDCC08F40A1C72AD9
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0.!....1.0...+......0.....+.....7......0...0...+.....7.......70C.+C.$.D..Y...190311070845Z0...+.....7.....0..F0....R9.3.1.8.A.8.E.4.0.1.4.5.4.8.3.9.E.5.3.3.E.1.7.4.6.8.C.C.8.C.7.1.F.8.8.1.6.0.D.1...1..K0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.............EH9.3.th.q..`.0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.E.2.2.0.B.D.9.E.9.2.2.9.6.0.0.A.3.1.7.2.D.3.0.1.5.F.E.2.2.6.5.4.E.A.8.8.A.4.D...1..C0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........."..."....-0.."eN..M0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.

C:\ProgramData\Package Cache\.unverified\payD52466B200E5130EB517C4FBF89527F1 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:77DD9A90ED1101258EBE9582ED15813F
SHA1:71071783E4B9C5632D8787CDDBAE8207DA1BADCB
SHA-256:50C388BE7417EF207F296CF4FD7879E9A77361EB6842F413C54D5BB2B808802E
SHA-512:A3BE21CF0423713AF3DA710061743519A9F2375682911AFDF641F9817C80FCACB4E610940EA48FFD20CAB46B64BE30CACE45211B96E4108E3F456EE0EB12C43D
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\ProgramData\Package Cache\.unverified\payD8BE18A02ADC48FE69E3A131176F1FAD (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: Intel;1033, Revision Number: {1AB11C59-343A-4F93-AD8B-CB28D4693DFC}, Create Time/Date: Mon Aug 17 07:16:54 2020, Last Saved Time/Date: Mon Aug 17 07:16:54 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B4FA9A3B9F6DE15FED75A54A82740C9C
SHA1:EFF9BA2D1E2E7FC4A6DF1C8F86ABCEC2E171D7CA
SHA-256:F6C65C24C74FE7893830CB286A3A746C6F8064E1AA089AF8CF2FE1396C089383
SHA-512:BA417312EED1AACA87E9DD3A365FAAFE33F0E551FA3ABCCDF91BF3A1EEE566BE2BA8EFC3A50911F91D33E6966211373EB4803B4CCA1A9EF6508729C2BC0B9FFB
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\payD96CC85FD4558BCF17E2CBDDBC84F45C (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:559700A3F07FE041E1CA9E669B0CD173
SHA1:5201C82B25ACE127B988D3DB2B459397FC9B8BFD
SHA-256:3B07FC5B01AEA82012D89264073BC362CA1CA38CCD9469B33D2F78A1D224069B
SHA-512:DFFF6673733BB969CD002E4DC689E2FA62D12D98157110B4233041AD90163F53502C8EB299E54A0645AC7D53339CA6DB148482D90017DA2143CB53019A434E84
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..S.r...r...r..`....r..`....r..`....r...r..Fr.......r....h..r.......r..Rich.r..........................PE..d.../..\.........."............................@.............................@...........`A....................................................<.... ...................?...0..........8...........................@...................(............................text............................... ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HINIT................................ ..b.rsrc........ ......................@..B.reloc.......0......................@..B................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\payDCB5286E01B9DE4C43422CE433335639 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:7CE61B7C402728CE373FBC0DC9214066
SHA1:687E176263E778DE37F36D097754FD3B6BDD8E5F
SHA-256:5B8F31594F208E1BD15BA972B13B3142E7EFB78560B8B3674AB6C09E589ECE4E
SHA-512:EC06186912605263138D67B1ADB005295F7CB5D88018234B7D86B7755EC7AEF0630A38F2D4C04922AE201D01B7ECE7D5EE2E2740AEA4B89360037C5ED489FB4C
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9Y..}8.O}8.O}8.OdA.O.8.O}8.O%9.O...Od8.O...O.8.O...Oe8.O...Oa8.O.7.O|8.O...O|8.ORich}8.O........................PE..d.....}C..........#......l...l......Pj............................................................... .......................................X.......p..........X....................................................................................................text....k.......l.................. ..`.data................p..............@....pdata..X............z..............@..@Shared.......`......................@....rsrc........p.......0..............@..@........................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\payEF5C0E45BE69D622685F1FCF3E48EAA7 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:632F2D5AA9461F22291F1D15E859C290
SHA1:8DF31E51C641AF58020F9AE7A03BD8019EE3355B
SHA-256:FC1AA4618B700200AF482BC2B37A9374451E38CBE728F7C56300EB2867AAAEEE
SHA-512:0922C92071DD581189482E98FE297722C84AFDD0CD9CB4911D4B663C312739ADD6D68FEBFF03631C08F6A8693D70A76788CB85E994897AAF2EE72899A668DB0F
Malicious:false
Reputation:unknown
Preview:0. ...*.H........ .0. ....1.0...+......0.....+.....7......0...0...+.....7.....C.f...$B.Y...?)..171025072237Z0...+.....7.....0..*0....R6.D.0.B.F.6.1.B.2.C.7.7.A.2.3.B.F.E.0.8.0.C.4.0.4.4.3.7.B.3.6.9.F.F.8.2.C.1.4.1...1..=0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0M..+.....7...1?0=0...+.....7...0...........0!0...+........m...,w.;...@D7.i...A0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.C.3.B.B.C.E.1.2.0.6.D.0.5.D.4.8.E.6.9.A.5.8.C.1.2.6.0.F.4.2.2.E.1.5.3.6.3.E.B...1..50:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+.........;.. m..i...`.".Sc.0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......g0..c0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.

C:\ProgramData\Package Cache\.unverified\payF7361A3A14F94EDEDDC1F424F97B29B5 (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4E66428B05CDF30BD9319305BF6391C8
SHA1:1E44320E71B9B687DDD310766426D93B3EBA931A
SHA-256:07B65D8092A36CD97768124DC58439D42A4D7CB591FD69D575EDAE44CCA1B5DD
SHA-512:5A7F6ECF2D2374C592CFABECE9C093608212A65408420A75C4BBDB6D630E37572059F03BA04266B2701C94E1D2027DB32EBC5E8643F052C2E17B55F8EC220742
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!y0.!u...1.0...+......0..m..+.....7.....^0..Z0...+.....7.......X..g@....Qc....190311070845Z0...+.....7.....0...0....R7.1.0.7.1.7.8.3.E.4.B.9.C.5.6.3.2.D.8.7.8.7.C.D.D.B.A.E.8.2.0.7.D.A.1.B.A.D.C.B...1..70:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........q.....c-..........0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.1.0.4.0.2.F.8.7.6.0.1.5.2.6.3.B.B.6.A.7.0.5.9.C.D.0.F.6.1.0.B.4.1.B.B.D.0.9.A...1..?0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+............v.Rc.jpY..a.A..0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .

C:\ProgramData\Package Cache\.unverified\pcsInstaller.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:6ECEA205F1D913C29183D95BBFE8321E
SHA1:5C2B44DB83CB443D34132B805B3232F411EA4F0F
SHA-256:F745AD051A868E36BB6AAA4F6EC09C83F32BB49370D07C27A2B2506618B15AC6
SHA-512:FDB9647B2406F121923AD4ECDBE13192524C3CBD0353B0B58F9309F01955F2058265FCC39CCF35AE005261A1948C98328B6D3E93735AB1F4B9473C16C85FF336
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n..|n...ne.wn...n.\qn...n.\En...n.\sn...n...nl..n.\Dn...n.\@n...n.\rn...nRich...n........................PE..L.....|\.................&...0......"+.......@....@.................................gR....@.................................,Q.......p..........................`....A.............................. L..@............@...............................text....$.......&.................. ..`.rdata..F....@.......*..............@..@.data........`.......D..............@....rsrc........p.......H..............@..@.reloc..j............L..............@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\.unverified\vcredist_x86.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:CEDE02D7AF62449A2C38C49ABECC0CD3
SHA1:B84B83A8A6741A17BFB5F3578B983C1DE512589D
SHA-256:66B797B3B4F99488F53C2B676610DFE9868984C779536891A8D8F73EE214BC4B
SHA-512:D2D99E06D49A5990B449CF31D82A33104A6B45164E76FBEB34C43D10BCD25C3622AF52E59A2D4B7F5F45F83C3BA4D23CF1A5FC0C03B3606F42426988E63A9770
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ................................L.......... ..................................................."L.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............K.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\PCS32.msi (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: Intel;1033, Revision Number: {1AB11C59-343A-4F93-AD8B-CB28D4693DFC}, Create Time/Date: Mon Aug 17 07:16:54 2020, Last Saved Time/Date: Mon Aug 17 07:16:54 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B4FA9A3B9F6DE15FED75A54A82740C9C
SHA1:EFF9BA2D1E2E7FC4A6DF1C8F86ABCEC2E171D7CA
SHA-256:F6C65C24C74FE7893830CB286A3A746C6F8064E1AA089AF8CF2FE1396C089383
SHA-512:BA417312EED1AACA87E9DD3A365FAAFE33F0E551FA3ABCCDF91BF3A1EEE566BE2BA8EFC3A50911F91D33E6966211373EB4803B4CCA1A9EF6508729C2BC0B9FFB
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\PCS64.msi (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: x64;1033, Revision Number: {434DEA19-0155-4F29-BFD4-62ABB34F7569}, Create Time/Date: Mon Aug 17 07:17:00 2020, Last Saved Time/Date: Mon Aug 17 07:17:00 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4FB85836FAECB52BFD1FBBFC51B87329
SHA1:30C260063638F643CE6AD8696FD0EC58989968CE
SHA-256:EF816A3F5EB274EDAFA657025B0819B3857849D0E678DEFB707106AED36DBC71
SHA-512:8114FE1696667EE7624CDB66A7DD8F90EFD421FBC8AB93B0AC2D6B776660C8ADC693EE0950B6AA4348A9859B489A7C3867294F5FE5B39AEC30071E16473EDA3E
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\5C2B44DB83CB443D34132B805B3232F411EA4F0F\pcsInstaller.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:6ECEA205F1D913C29183D95BBFE8321E
SHA1:5C2B44DB83CB443D34132B805B3232F411EA4F0F
SHA-256:F745AD051A868E36BB6AAA4F6EC09C83F32BB49370D07C27A2B2506618B15AC6
SHA-512:FDB9647B2406F121923AD4ECDBE13192524C3CBD0353B0B58F9309F01955F2058265FCC39CCF35AE005261A1948C98328B6D3E93735AB1F4B9473C16C85FF336
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n..|n...ne.wn...n.\qn...n.\En...n.\sn...n...nl..n.\Dn...n.\@n...n.\rn...nRich...n........................PE..L.....|\.................&...0......"+.......@....@.................................gR....@.................................,Q.......p..........................`....A.............................. L..@............@...............................text....$.......&.................. ..`.rdata..F....@.......*..............@..@.data........`.......D..............@....rsrc........p.......H..............@..@.reloc..j............L..............@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\8998FFD7453711B8B785B1E4BF6C363B2B3957DE\lptInataller.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:64A7A0069BCC10353C1EDF58273F68D9
SHA1:8998FFD7453711B8B785B1E4BF6C363B2B3957DE
SHA-256:EB5DEB9AEA55D6CCB0AD8E1CE53C293D355AE34ECD12A37255AE314005923D2C
SHA-512:F397231B53A76149665626CF4216C9D2A2DD6C95AA71724C1812A24D9AAA0520D37ED8FAE762BA985C0D081EB875559707E8A43291F99C3F1B8235E2C6DCA3B5
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...tDG.m...tDE.n...tDq.|...tDp.m...f.H.h...o...U...tDt.n...tDF.n...Richo...........................PE..L...?.P\..................................... ....@..........................`.......k....@..................................#..d....@.......................P.......!...............................!..@............ ...............................text...d........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\B84B83A8A6741A17BFB5F3578B983C1DE512589D\vcredist_x86.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:CEDE02D7AF62449A2C38C49ABECC0CD3
SHA1:B84B83A8A6741A17BFB5F3578B983C1DE512589D
SHA-256:66B797B3B4F99488F53C2B676610DFE9868984C779536891A8D8F73EE214BC4B
SHA-512:D2D99E06D49A5990B449CF31D82A33104A6B45164E76FBEB34C43D10BCD25C3622AF52E59A2D4B7F5F45F83C3BA4D23CF1A5FC0C03B3606F42426988E63A9770
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ................................L.......... ..................................................."L.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............K.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\Setup.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF42BF5D40BA5B5F5591BA04F8372179
SHA1:C9C2B3D3B2F26EF5837603C1189CA4D7224C7628
SHA-256:B80C677DE119D385D077A47279D2CF20953803102E9FC83B11B2888CBAB9E767
SHA-512:FE1AF9D4AD10A2BDCDBBC967A6C95989A59641ADB378B9CE9134EEE836FA0B2F3EBFEBA0F30A2042CAE9FD73F726B1F54A3CAFCAFC95925B78806FD7A6642D4C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....s.U.s.U.s.Uv..Ufs.Uv..Uos.Uv..U0s.UX..U|s.U.s.U0s.Uv..U~s.Ua!.U~s.Uv..U~s.URich.s.U................PE..L.....^.................d...D......r.............@.......................................@.................................D...(.......................p!..........0..................................@............................................text....c.......d.................. ..`.rdata...............h..............@..@.data...............................@....rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\Setup.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:71AB5B907347419FA65784CA9E7C3D29
SHA1:447FD2E2123D5D32845E8322C3DCC8B35AC33165
SHA-256:3C34A4302546B2B937725A19F91774FC1DD1F098EF0E3B020FB79721C6349BE8
SHA-512:93DA89ED34C2F24873B00E80B34D495D11A47DCBEEBABF11CE2EF46DFB271C65395A8FEB5665CEAACED99A0D7F937E625894183082BCE165725C3160CEC1B70D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...[.w].....................P.......Z............@..........................0..................................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSB64\DPInst.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:7CE61B7C402728CE373FBC0DC9214066
SHA1:687E176263E778DE37F36D097754FD3B6BDD8E5F
SHA-256:5B8F31594F208E1BD15BA972B13B3142E7EFB78560B8B3674AB6C09E589ECE4E
SHA-512:EC06186912605263138D67B1ADB005295F7CB5D88018234B7D86B7755EC7AEF0630A38F2D4C04922AE201D01B7ECE7D5EE2E2740AEA4B89360037C5ED489FB4C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9Y..}8.O}8.O}8.OdA.O.8.O}8.O%9.O...Od8.O...O.8.O...Oe8.O...Oa8.O.7.O|8.O...O|8.ORich}8.O........................PE..d.....}C..........#......l...l......Pj............................................................... .......................................X.......p..........X....................................................................................................text....k.......l.................. ..`.data................p..............@....pdata..X............z..............@..@Shared.......`......................@....rsrc........p.......0..............@..@........................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSB64\TMUSB64.INF (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:52F2D7ACAD4A81127F86B6772FF8CB43
SHA1:51C1D80B4A9556848791FE74E286238AAFAC42A8
SHA-256:67019F22F3A548678E6712B7F0729E07B9CB141213F91E4FA4D0BD76EE7B993C
SHA-512:1E7BEB05BF136014438565906F91ACA3B7F71A1B60EB3FD1273249533B3214ADD881D928C299C4D90A13778D0C4A9D5C808C68C8B6CDE9ABEC1DA895932DC056
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSB64\tmusb64.cat (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B679DB2783876DD75C44DE0FED6978E2
SHA1:F5C3BCB22D84AE386A671976D2FC86005B32B0E4
SHA-256:94980C82C4EE4B0EF1C4618FAB4536E55C024295CDDDAB9D106A7B888311FF5F
SHA-512:57D7201433F9EB43E8DE31F9D6EF4733C08EC8D68F254619D3D8C3AA0937D8383936BA68E2D5C8EDD44E4204448BAC3AA4607442134CE720B057B4400548CE92
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0. ....1.0...+......0.....+.....7......0...0...+.....7......L..^.K.....a...171025072237Z0...+.....7.....0..B0....R5.1.C.1.D.8.0.B.4.A.9.5.5.6.8.4.8.7.9.1.F.E.7.4.E.2.8.6.2.3.8.A.A.F.A.C.4.2.A.8...1..A0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........Q...J.V....t.#...B.0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.8.7.7.4.F.2.1.B.C.E.3.D.1.5.A.7.4.4.6.1.1.9.E.B.6.7.7.D.6.A.1.4.F.4.2.8.0.2.2...1..I0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........wO!...ZtF...w.OB."0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......s0..o0J..+.....7....<0:.&.Q.u.a.l.

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSB64\tmusb64.sys (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:F2CED91D6669E6118854F55974954046
SHA1:80D670BCF1B483AAE56633E3EA0BA4AE8957DBAD
SHA-256:BDCE7F7A41ADAEFB4C0F4DD3F82B308A614B8BCFE299CF1E2C3392CF43D64CF8
SHA-512:04426588715BB58E9E6C5C5C71D163A1215E6DD6B7F77DD69DA3C82AEF9A8CB80122B991CDA726795A4D5C71B43C1F683748D20991737A4C332A13EFB7CD4623
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..A..A..H.>.D..A.....H.8.B..H...E..H.$.J..H.9.@..H.<.@..RichA..................PE..d...W[.Y..........".................d...............................................T...... ....................................................<.......................P............................................................................................text...z........................... ..h.rdata..T...........................@..H.data...............................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B................................................H..%c..H......H...)..H.. ...H......H..H...H...<..H.ApH...@..H......H......H......H...N..H......H...P..H......H..,...H..(...H..z...H.AhH.A0H......H.H.3..........H.\$.H.t$.WH.. H.A@H..H..H...[....GCH......HH..H........H.....

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\DPInst.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BE3541BFDA8A81C474224EB84E977004
SHA1:FA9CA357BA8B16480BF92C22628A82DEDBCDD183
SHA-256:5520C35127FBDC94322966486CA76F8075EB3F64655F000B1AF16BE635309287
SHA-512:761FF8CDE80EF794EB371DE20FA1D95440F090DABECD2C58ECD6F8B6C62D908E3BC3BDBE8A3817F3B53D78CB9E395BCE146CFC9E1B9EBD03EE1F3D341B780803
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).g.m...m...m...T.t...m...-...t.g.o.....|...V.....i.J...W.l...S.l...Richm...........PE..L.....}C.................(..........|........@...............................0......T............ ..................................................................`...............................H...@............................................text....'.......(.................. ..`.data....0...@.......,..............@...Shared...............:..............@....rsrc................<..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\TMUSB90.INF (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:7B336445B0417D4CBA1F317E30C6D56B
SHA1:9C3BBCE1206D05D48E69A58C1260F422E15363EB
SHA-256:6F551A1D2717E29F43E5B0A50A16A5D507F4BF065E11546FADAB650AB1C1071B
SHA-512:29927774406E5FC12A27D6CB8F4134B96298190DB5683D442316105D2DDC75EF711BF623CBE474BB9EBAA3BD789A068CD9DC46B0507AF52A0FDEEB92EFE3CE8F
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\dpinst.xml (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:D7FB2496BDE13C08E7713E22259D1817
SHA1:1B1EAAE704E507575AF32C4187E77C1F060DCCC8
SHA-256:12DBECC696081497040BECCB66676F59725777BB7380F2ADCC32BF5941FFEEC3
SHA-512:3A59D98BFEC45A65A6D33CE536936C3B9DB3B11B9EE14E0234FE75AF380F9D50D65F7922D43DC51BE6E5995B01029C9BA0BCBC967A000186E77C815D4B6EF222
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.7.10 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.7.10 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.7.10 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.7.10 ...............</finishTitle>.. </langua

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\tmusbxp.cat (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:632F2D5AA9461F22291F1D15E859C290
SHA1:8DF31E51C641AF58020F9AE7A03BD8019EE3355B
SHA-256:FC1AA4618B700200AF482BC2B37A9374451E38CBE728F7C56300EB2867AAAEEE
SHA-512:0922C92071DD581189482E98FE297722C84AFDD0CD9CB4911D4B663C312739ADD6D68FEBFF03631C08F6A8693D70A76788CB85E994897AAF2EE72899A668DB0F
Malicious:false
Reputation:unknown
Preview:0. ...*.H........ .0. ....1.0...+......0.....+.....7......0...0...+.....7.....C.f...$B.Y...?)..171025072237Z0...+.....7.....0..*0....R6.D.0.B.F.6.1.B.2.C.7.7.A.2.3.B.F.E.0.8.0.C.4.0.4.4.3.7.B.3.6.9.F.F.8.2.C.1.4.1...1..=0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0M..+.....7...1?0=0...+.....7...0...........0!0...+........m...,w.;...@D7.i...A0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.C.3.B.B.C.E.1.2.0.6.D.0.5.D.4.8.E.6.9.A.5.8.C.1.2.6.0.F.4.2.2.E.1.5.3.6.3.E.B...1..50:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+.........;.. m..i...`.".Sc.0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......g0..c0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB710\TMUSBXP\tmusbxp.sys (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:2731434A1ECAE28D15209A9F1BE6C80B
SHA1:FF02B11F9369D9CF69B921739D5735978E437692
SHA-256:6A785D053C9E3A353E1CFF9C3734B82399D02EB953C7BE25E0499D2F233E9350
SHA-512:09136146B04F70EAE30C7965C126B6C52B5E449A8F4728B5AF9EC9679A2B509DB627F63F3D4D438B10157C1999387D0C434F5BD5C59D24896465638D4C43795D
Malicious:false
Reputation:unknown
Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........................................................................................................................................................................................................................................................................................................................................................................................................[..:...:...:...:...:...B<..:...B:..:...B,..:...B;..:...B>..:..Rich.:..................PE..L...i[.Y............................>...............................................W......$................................P...P.......................P...............................................................4............................text............................... ..h.rdata..............................@..H.data...............................@...INIT............................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\Setup.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:D17902B18A5AD47410831225B9F2F6DD
SHA1:1633AF46390C0296FEA98FF0BD87B457D8BC7B08
SHA-256:BB0247FFE847A52BEDECB144A370E1BB741A3C10F6C21D7BE26D4F4C467A8659
SHA-512:F18C184E792487057D3752A529CBD0C451B65267D1E8C9924C4EEEB69950A7BE31E65833DA2D7C5349762E74D2F4DCA642C672E7970DBDD22BEFC000EF1E3250
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...I.w].....................P.......Z............@..........................0.......&..........................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\TMUSB64.INF (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4589A63BA1FD07F3F527E29D97E7B499
SHA1:FE220BD9E9229600A3172D3015FE22654EA88A4D
SHA-256:676F70BFCA486561ED46F660C5625BE2C1E727931F02A3AFC785D1030C75E79B
SHA-512:AB830648FDCEFEBD7CB1587B40B0134E6198511EFF07A1CFEF2E3AEB9D43AEF34C12C3814C6BD5C4C48D85B55019EEB1084AB34A34A10D29B8BCDF882CB8D7F2
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\licenseE.txt (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:ASCII text, with very long lines (882), with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B73B9ECD459ADE5DDB784C5BB4990663
SHA1:1480DDCE20D9D66A9D7FE928E9ED16EA7EE45983
SHA-256:CE52C3097E7229861F5AC49ADDA3C4EC399062A6ECE2D9A568B253DEADE44222
SHA-512:EDC536DF6FB59A470514023C09DFEFEA14DD63F55B98516C880ED9B781F9977C1C0B92B927410A2C27DCA3F64EA6AFB99F170A3A30FD18A0A1796E0F167335B9
Malicious:false
Reputation:unknown
Preview:Please read the following Software License Agreement ("SLA"). Use the scroll bar to view the entire SLA...----------------------------------------------------....SOFTWARE LICENSE AGREEMENT....IMPORTANT! READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY. The computer software product and/or data, including any accompanying explanatory written materials (the "Software") should only be installed or used by the Licensee ("you") on the condition you agree with SEIKO EPSON CORPORATION ("EPSON") to the terms and conditions set forth in this SLA. By installing or using the Software, you are representing to agree all the terms and conditions set forth in this SLA. You should read this SLA carefully before installing or using the Software. If you do not agree with the terms and conditions of this SLA, you are not permitted to install or use the Software.....If you agree to and accept all the terms and conditions of this SLA, EPSON and its suppliers grant to you a nonexclusive license to use the

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\tmusb64.cat (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:980DCB467C271F79CC40F06C13E168BE
SHA1:20EA1EED5406A8FA8B0DF60F2E0BBD95F8C974E3
SHA-256:40C8325A828C277C254CEB619256FB6FA7E058AAC21658BCB85D7406F574BCC8
SHA-512:1B24C10BF7599805869557FEAF5CD86E5053D09E7D8AB92C86C2FC9771721B6AE54EAAB294884EF0E76419D38A8C943929E0CAE6600B162FDCC08F40A1C72AD9
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0.!....1.0...+......0.....+.....7......0...0...+.....7.......70C.+C.$.D..Y...190311070845Z0...+.....7.....0..F0....R9.3.1.8.A.8.E.4.0.1.4.5.4.8.3.9.E.5.3.3.E.1.7.4.6.8.C.C.8.C.7.1.F.8.8.1.6.0.D.1...1..K0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.............EH9.3.th.q..`.0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.E.2.2.0.B.D.9.E.9.2.2.9.6.0.0.A.3.1.7.2.D.3.0.1.5.F.E.2.2.6.5.4.E.A.8.8.A.4.D...1..C0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........."..."....-0.."eN..M0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\tmusb64.sys (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:559700A3F07FE041E1CA9E669B0CD173
SHA1:5201C82B25ACE127B988D3DB2B459397FC9B8BFD
SHA-256:3B07FC5B01AEA82012D89264073BC362CA1CA38CCD9469B33D2F78A1D224069B
SHA-512:DFFF6673733BB969CD002E4DC689E2FA62D12D98157110B4233041AD90163F53502C8EB299E54A0645AC7D53339CA6DB148482D90017DA2143CB53019A434E84
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..S.r...r...r..`....r..`....r..`....r...r..Fr.......r....h..r.......r..Rich.r..........................PE..d.../..\.........."............................@.............................@...........`A....................................................<.... ...................?...0..........8...........................@...................(............................text............................... ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HINIT................................ ..b.rsrc........ ......................@..B.reloc.......0......................@..B................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\TMUSB90.INF (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:77DD9A90ED1101258EBE9582ED15813F
SHA1:71071783E4B9C5632D8787CDDBAE8207DA1BADCB
SHA-256:50C388BE7417EF207F296CF4FD7879E9A77361EB6842F413C54D5BB2B808802E
SHA-512:A3BE21CF0423713AF3DA710061743519A9F2375682911AFDF641F9817C80FCACB4E610940EA48FFD20CAB46B64BE30CACE45211B96E4108E3F456EE0EB12C43D
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\dpinst.xml (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:DBD52CC335E81EA31F5839BD67E39A16
SHA1:9D48C104AC238AF9F2C21E4D3DDFE4A4F1AAE85A
SHA-256:5BC6DD9D40738D6F2DBE6161A596AC35D7A6C32005B7EB0A79C5A0C6ACF673BF
SHA-512:1DAFA72F6E5930608F4A88C4F1A82C4D5B9253D3508F7B80D170960EE67C209B50F354172EC069650F090CF6086EC593D1F6BCD52790C361715C911F9A8152E2
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.8.00 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.8.00 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.8.00 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.8.00 ...............</finishTitle>.. </langua

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\licenseJ.txt (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Non-ISO extended-ASCII text, with very long lines (318), with CRLF, NEL line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:23C03EAB4C58009DC86992A09C8ECD20
SHA1:169066A19D739BD3364AAA9F2AD0FA3B69B35DBE
SHA-256:42F8C76B10EE528201CF15D1947681E2200C13D300122F9880902C2CBD903A99
SHA-512:EE2A669F654827E688B4B2F57C6FC337DE54E336E00442093965A51D5DD7197C510DA36F0E33FAF7B1DFD096593BB70D515C73D87CBE53D59FAFFD15C4D24F73
Malicious:false
Reputation:unknown
Preview:.\.t.g.E.F.A.g.p....._..........\.t.g.E.F.A...g.p....O..{.\.t.g.E.F.A.g.p....._...i....u.{._...v.........j..T.d..............B....\.t.g.E.F.A...C...X.g.[...A.....A.........@..g.p.......A.{._...............S......].......................B.{._................A....\.t.g.E.F.A..g.p.................B.....Z.C.R.[.G.v.\.........i....A.u....v.........j........T.v...C...[..A...q.l.........\.t.g.E.F.A.i....A.u.{.\.t.g.E.F.A.v.........j.....L...........g.p.......I..........................B.....L...P. .g.p......(a) ...q.l..A.{.\.t.g.E.F.A......e.L.X.g.t.@.C.....w......n.[.h.E.F.A...i.......q.l..A.v...P.[.V.....\.t.g.E.F.A.i....A.u.{.A.v...P.[.V.....\.t.g.E.F.A.v.........j...........s.....I........A.{.\.t.g.E.F.A...g.p..............B..(b) ...q.l..A.{.\.t.g.E.F.A.....q.l...g.p........R...s...[.^.A.......q.l........l.b.g...[.N..............R...s...[.^..C...X.g.[......

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\tmusbxp.cat (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4E66428B05CDF30BD9319305BF6391C8
SHA1:1E44320E71B9B687DDD310766426D93B3EBA931A
SHA-256:07B65D8092A36CD97768124DC58439D42A4D7CB591FD69D575EDAE44CCA1B5DD
SHA-512:5A7F6ECF2D2374C592CFABECE9C093608212A65408420A75C4BBDB6D630E37572059F03BA04266B2701C94E1D2027DB32EBC5E8643F052C2E17B55F8EC220742
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!y0.!u...1.0...+......0..m..+.....7.....^0..Z0...+.....7.......X..g@....Qc....190311070845Z0...+.....7.....0...0....R7.1.0.7.1.7.8.3.E.4.B.9.C.5.6.3.2.D.8.7.8.7.C.D.D.B.A.E.8.2.0.7.D.A.1.B.A.D.C.B...1..70:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........q.....c-..........0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.1.0.4.0.2.F.8.7.6.0.1.5.2.6.3.B.B.6.A.7.0.5.9.C.D.0.F.6.1.0.B.4.1.B.B.D.0.9.A...1..?0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+............v.Rc.jpY..a.A..0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .

C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSBXP\tmusbxp.sys (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:292828F5482C6DC0DB73B2DDAEAC5863
SHA1:88D8DEE0922729D0F2EF38F2D38E2948FE41EC76
SHA-256:171DA446F1E30D4117F84E137C50A91E505080603133EE62E451334893858BAB
SHA-512:FBEE652BABBFAE631059440707B33E8BD370A4A2FD535DC1DEB7C9B41E0793DA745971BC1CC3DBF5250E58CE9A9BBF6A4E9049D41D1B122D1014BA8493B8225F
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q.T.q.T.q.T...U.q.T...U.q.T.q.T.q.T...U.q.T.. T.q.T...U.q.TRich.q.T................PE..L...A..\..........................................@.................................|.....@E................................L...P........................?..............8...........................8...................4............................text............................... ..h.rdata..h...........................@..H.data...............................@...INIT................................ ..b.rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2\PCSSetting64.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:3EC483711F021829375C4EB7F5DE09FA
SHA1:E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2
SHA-256:56EA43C9B59C59AEE123EB3CC5400C10510E5A12E13826710C515F85125B1910
SHA-512:8512440FFBD4B09FD57FD17BED3BC54BAEB32D4DCFC4A292C33315AA4DB6DC5601145782492A8CBC638D31A6310E553652FCE31673C3B7BD8B2C15F50AB7C945
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b...1...1...1.^1...1.H1...1.Y1...1...1...1...1...1.W1...1..I1...1.L1...1Rich...1........PE..d.....:_..........".................x..........@..........................................@..................................................c..d.......x.......................t....................................................... ............................text...k........................... ..`.rdata..............................@..@.data...@A...p... ...V..............@....pdata...............v..............@..@.rsrc...x...........................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\F3AA64D34A7032574703F582D66AE47883BF2953\PCSSetting32.exe (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:9E8698B639ECC899E3218E3E37F95DC4
SHA1:F3AA64D34A7032574703F582D66AE47883BF2953
SHA-256:9F392C4C63BD5D772442BDFFA62F0306D430A2A670683AA55398D56839CFB60A
SHA-512:251FF9C21A941C49B09EF5535E56FDA18F73D43B4A455489CA370EF7D254ED6483330F58ABA88C2D5CA2E714DD8FA09E43E67FDFE8CF010D8E03CD9CB05C73E0
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2x..2x..2x..;...#x..;...]x..;....x......;x..2x.._x..;...1x..,*..3x..;...3x..Rich2x..........................PE..L...'.:_.................j........................@.......................................@.....................................d....P..x....................`..l...................................p...@............................................text....h.......j.................. ..`.rdata..............n..............@..@.data....2..........................@....rsrc...x....P......................@..@.reloc...!...`..."..................@..B........................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\{6c3c556e-5622-4ef8-aab9-3897a6c7febb}\state.rsm

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):956
Entropy (8bit):2.3974094435595292
Encrypted:false
SSDEEP:
MD5:2F25ACD6EF10EEE8A90FD182434BA11A
SHA1:0E44FFFA55930CD4D1B688586436627F45B4E766
SHA-256:B3CD837A41758777CC31AC9B87610F697A4ECE131B53026C0862A439687CB206
SHA-512:EAA465F335FB7D474EA0B1B31F230C23A1D763077A57840E541C1A62FC6055FEF343D8A3FE8FCBAE30DB24FF20F5575B79C2FB3D667860298533B0AF4B353736
Malicious:false
Reputation:unknown
Preview:Y...........................................................................................................................................................................................................................................V.E.R.U.P.........................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.............................................W.i.x.B.u.n.d.l.e.N.a.m.e.........E.P.S.O.N. .O.P.O.S. .A.D.K.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....H...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.\.E.P.S.O.N.O.P.O.S.A.D.K.V.3...0.0.E.R.1.0.\.E.P.S.O.N._.O.P.O.S._.A.D.K._.V.3...0.0.E.R.1.0...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.....,...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.\.E.P.S.O.N.O.P.O.S.A.D.K.V.3...0.0.E.R.1.0.\.................................................

C:\ProgramData\Package Cache\{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}v3.10.0.0\EPSON_OPOS_x86_3.00.0.msi (copy)

Download File
Process:C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.be\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: OPOS Installer, Author: Seiko Epson Corporation, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON OPOS ADK Ver3.00., Template: Intel;1033, Revision Number: {B172D4FD-4083-4574-A2E8-C472D5B95895}, Create Time/Date: Thu Jan 28 02:42:02 2021, Last Saved Time/Date: Thu Jan 28 02:42:02 2021, Number of Pages: 100, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:450134354271788968E49FB3112F1A4C
SHA1:A40AAF7CC05287CAD0D70A43FE79BE6F1EC87223
SHA-256:335629D1825E9E791394028CA710831257439EFB99EE882B4677BE0381AE5B7E
SHA-512:740F9C9D076A53DD2E0752E71A81F9450B172EC78709566B3A023E4EFBEA94FDC53986B01C5CACC57B38EFF287219B7F54A212B2CB00584308DD5852D89387F2
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EPSON_OPOS_ADK_20250107184617.log

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:ASCII text, with very long lines (338), with CRLF line terminators
Category:modified
Size (bytes):28827
Entropy (8bit):5.614052784072114
Encrypted:false
SSDEEP:
MD5:3ED2982D6709FCA619C577DA56A41A6B
SHA1:CC5016D9499B238F48C34F297AE7CBF65B2214B0
SHA-256:5B2E48EF8F2C911E40655ABCE5E0C585D814D1E5E67BA025CE41A8CFCD68BD99
SHA-512:EBD7B4F3B7CF1790BA76972C26FC4FD4A10A5CFB7F3B20F61AD7DACA2AA39AF8942BB35EC264B95CE1887F505DEA7612FD05DD62C03BC577F71F888979B9A127
Malicious:false
Reputation:unknown
Preview:[16E4:0A98][2025-01-07T18:46:17]i001: Burn v3.11.2.4516, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe..[16E4:0A98][2025-01-07T18:46:17]i000: Initializing string variable 'Installdirx86' to value '[ProgramFilesFolder]OPOS\Epson3'..[16E4:0A98][2025-01-07T18:46:17]i000: Initializing numeric variable 'InstallPCS' to value '1'..[16E4:0A98][2025-01-07T18:46:17]i000: Initializing numeric variable 'VERUP' to value '1'..[16E4:0A98][2025-01-07T18:46:17]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe -burn.filehandle.attached=568 -burn.filehandle.self=560'..[16E4:0A98][2025-01-07T18:46:17]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe'..[16E4:0A98][2025-01-07T18:46:17]i000: Setting string variable 'WixBundleOriginalSourceFolder' to val

C:\Users\user\AppData\Local\Temp\EPSON_OPOS_ADK_20250107184617_001_EPSON_OPOS_x86_3.00.0.msi.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):390260
Entropy (8bit):3.8480237758068645
Encrypted:false
SSDEEP:
MD5:968A3CE83E9B3C1818B044833CE6C6F9
SHA1:F075F3DBB0ECD7945CB6432DC5621B005750A2A6
SHA-256:D06F86F0C655F4A14B931D49EB4742270ECE6CEA934D376F6635281CB029A95A
SHA-512:664754E52AB04F38595AD11C84B75EE11A62CAC5A2F74B22EE852393A25F8A85240D1A0F038440BED39045452ADF171C006623D6C3F89FEF2B91D88E95DB79A1
Malicious:false
Reputation:unknown
Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .0.7./.0.1./.2.0.2.5. . .1.8.:.4.6.:.4.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.{.7.9.F.4.7.0.0.E.-.4.7.5.E.-.4.F.B.9.-.A.3.9.D.-.9.3.B.A.3.8.B.C.C.E.1.1.}.\...b.e.\.E.P.S.O.N._.O.P.O.S._.A.D.K._.V.3...0.0.E.R.1.0...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.E.8.:.1.4.). .[.1.8.:.4.6.:.4.2.:.2.7.7.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.E.8.:.1.4.). .[.1.8.:.4.6.:.4.2.:.2.7.7.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.E.8.:.B.C.). .[.1.8.:.4.6.:.4.2.:.3.2.5.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y.

C:\Users\user\AppData\Local\Temp\HFID5E9.tmp.html

Download File
Process:C:\158708e7c5ec5138b5e887b350f3\Setup.exe
File Type:data
Category:dropped
Size (bytes):7134
Entropy (8bit):3.6446690503979546
Encrypted:false
SSDEEP:
MD5:555AF1DE07D5D56C42FD597EB322ECE8
SHA1:FDFF1CF95F4A393AB7DF59574A4BB71A22268EC2
SHA-256:4EF951DD880E3A21CDBE3253B644FB8B2B8B05D2A5056C6162974007E736B7D8
SHA-512:BEC979EB3C2E61728FB984AD9715F1CD989CE18C313E6EFF88F9BD91B2B108254292916E8B90E867BAF9AA9A8E9F27F7DDA0A409733C54DB74E964940C9057E7
Malicious:false
Reputation:unknown
Preview:....<.s.p.a.n. .c.l.a.s.s.=.".v.b.e.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1./.7./.2.0.2.5.,. .1.8.:.4.6.:.3.6.].<./.s.p.a.n.>.c.a.l.l.i.n.g. .P.e.r.f.o.r.m.A.c.t.i.o.n. .o.n. .a.n. .i.n.s.t.a.l.l.i.n.g. .p.e.r.f.o.r.m.e.r.<.B.R.>.<./.s.p.a.n.>.....<.s.p.a.n. .c.l.a.s.s.=.".a.c.t.".>.<.d.i.v. .c.l.a.s.s.=.".s.e.c.t.i.o.n.H.d.r.".>.<.a. .h.r.e.f.=.".#.". .o.n.c.l.i.c.k.=.".t.o.g.g.l.e.S.e.c.t.i.o.n.(.).;. .e.v.e.n.t...r.e.t.u.r.n.V.a.l.u.e.=.f.a.l.s.e.;.".>.<.s.p.a.n. .c.l.a.s.s.=.".s.e.c.t.i.o.n.E.x.p.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1./.7./.2.0.2.5.,. .1.8.:.4.6.:.3.6.]. .<./.s.p.a.n.>.A.c.t.i.o.n.:. .P.e.r.f.o.r.m.i.n.g. .a.c.t.i.o.n.s. .o.n. .a.l.l. .I.t.e.m.s.<./.s.p.a.n.>.<.s.p.a.n. .c.l.a.s.s.=.".s.e.c.t.i.o.n.E.x.p.2.".>.......<.B.R.>.<./.s.p.a.n.>.<./.a.>.<./.d.i.v.>.<.d.i.v. .c.l.a.s.s.=.".s.e.c.t.i.o.n.".>.....<.s.p.a.n. .c.l.a.s.s.=.".v.b.e.".>.<.s.p.a.n. .c.l.a.s.s.=.".t.".>.[.1./.7./.2.0.2.5.,. .1.8.:.4.6.:.3.6.].<./.s.p.a.n.>.W.a.i.t. .f.o.r. .I.t.e.m. .(.v.c._.r.e.d.

C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20250107_184636426-MSI_vc_red.msi.txt

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
Category:dropped
Size (bytes):312778
Entropy (8bit):3.8333392584084023
Encrypted:false
SSDEEP:
MD5:6AC0602F75381BF0D8563A6CA1C26A76
SHA1:81C6B1B61CF90762EFD87B26A31D41812343C36A
SHA-256:6227D70D08BFD891BC9E2F0C58EDBDB3FC6C0E9498DF30F260820EDBB62C3C5B
SHA-512:3BD5534835C5AD29D532618492F1564CBFF987DD7BFC236ED46BC2444E0A642F97F350844E5888988DD5516CFE4999FB1DF2A2BECC954B3DF457D1E1CDA233FD
Malicious:false
Reputation:unknown
Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .0.7./.0.1./.2.0.2.5. . .1.8.:.4.6.:.3.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .c.:.\.1.5.8.7.0.8.e.7.c.5.e.c.5.1.3.8.b.5.e.8.8.7.b.3.5.0.f.3.\.S.e.t.u.p...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.9.C.:.7.C.). .[.1.8.:.4.6.:.3.7.:.6.2.0.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.9.C.:.7.C.). .[.1.8.:.4.6.:.3.7.:.6.2.0.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.9.C.:.7.C.). .[.1.8.:.4.6.:.3.7.:.6.2.0.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .c.:.\.1.5.8.7.0.8.e.7.c.5.e.c.5.1.3.8.b.5.e.8.8.7.b.3.5.0.f.3.\.v.c._.r.e.d...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .(.9.C.:.7.C.). .

C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20250107_184636426.html

Download File
Process:C:\158708e7c5ec5138b5e887b350f3\Setup.exe
File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (356), with CRLF line terminators
Category:modified
Size (bytes):74430
Entropy (8bit):3.6977221323574163
Encrypted:false
SSDEEP:
MD5:D25C9491D00AB80BD5F6B2A3BE4AF26E
SHA1:50E52095756A649D6292F1E212D627507B1DF402
SHA-256:51CA25CE7678CFC88F226AD1206D52132A2A45DC0872CE4285376DA83369F483
SHA-512:2D143117961B3A376C0B97D994A8E7DABE267B360BA6F088030D6BEA892166C4C5741CB676E5452522F4CE6B9FF0CAE023F30FE65D8D9D43B15FC7E2D2F2E991
Malicious:false
Reputation:unknown
Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

C:\Users\user\AppData\Local\Temp\Setup_20250107_184633508.html

Download File
Process:C:\158708e7c5ec5138b5e887b350f3\Setup.exe
File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (322), with CRLF line terminators
Category:dropped
Size (bytes):29384
Entropy (8bit):3.7188769476845596
Encrypted:false
SSDEEP:
MD5:219137FCD985B8D1B359288039CEFE0A
SHA1:ABD45CD8CBF9FCD4ADDB998B56AA9E1753F24781
SHA-256:D1D2EEE2DFA305DEA300BC7712F8309D86D8476A60563240036BC263176806DB
SHA-512:9853C079414B4461F815C801C18E688A5FC02FD583B7CA1FD035A3E0C75DCDF30D87B4BD36E3BD13A4797BC86F9033C9EB8399A5A14D84939F40673B2F349A65
Malicious:false
Reputation:unknown
Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\BootstrapperApplicationData.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (525), with CRLF line terminators
Category:dropped
Size (bytes):23170
Entropy (8bit):3.7289094369874385
Encrypted:false
SSDEEP:
MD5:DB2EA0116CC2848464807B81BB221293
SHA1:D38BEA32DCD636AA22301BEAA87BD7A6BCA76D47
SHA-256:C20ABCEE04C48F40981A0595A5C7DA703ED196D2FAE3ECEAA8FD2841A63BAAE4
SHA-512:4DDD37E884D16893C6F8C94924A5CD5E43687B6738C409B11D2FA278D51CD32892B3EAF76A897FCFD58DCD8C75DD0508B906E1D7BFFEDADEBFB041BB392ADC25
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".(.O.P.O.S.J._.x.6.4._.E.x.i.s.t.s. .=. .0.).". .M.e.s.s.a.g.e.=.".E.p.s.o.n. .O.P.O.S. .A.D.K. .h.a.s. .a.l.r.e.a.d.y. .b.e.e.n. .i.n.s.t.a.l.l.e.d... .P.l.e.a.s.e. .u.n.i.n.s.t.a.l.l. .E.p.s.o.n. .O.P.O.S. .A.D.K...". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".(.O.P.O.S.J._.x.8.6._.E.x.i.s.t.s. .=. .0.).". .M.e.s.s.a.g.e.=.".E.p.s.o.n. .O.P.O.S. .A.D.K. .h.a.s. .a.l.r.e.a.d.y. .b.e.e.n. .i.n.s.t.a.l.l.e.d... .P.l.e.a.s.e. .u.n.i.n.s.t.a.l.l. .E.p.s.o.n. .O.P.O.S. .A.D.K...". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".(.O.P.O.S.2._.x.6.4._.E.x.i.s.t.s. .=. .0.).". .M.e.s.s.a.g.e.=.".E.p.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\license.rtf

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:dropped
Size (bytes):34704
Entropy (8bit):4.881819986208426
Encrypted:false
SSDEEP:
MD5:E29873983FA7FF11A805BDAE1C5EBA08
SHA1:6B35DE34AF79C7DA73034B3429809E00FEEB7C71
SHA-256:1A3FF6DE2C1E75D3DA7A17D9FB1F265A8A6AF38C44BBAE1BF5B9F1309E54521B
SHA-512:69176C21666F905489608569DE2EB3E6435A0A5B12E7D906D9327F3667135565C35500781EF20306C382567A4FCB0D64217E67661F54A53D0E2E4AF793276EC2
Malicious:false
Reputation:unknown
Preview:{\rtf1\ansi\ansicpg932\deff0\nouicompat\deflang1033\deflangfe1041{\fonttbl{\f0\fswiss\fprq2\fcharset0 Lucida Sans Unicode;}{\f1\fswiss\fprq2\fcharset0 userbri;}{\f2\fnil\fcharset128 \'82\'6c\'82\'72 \'96\'be\'92\'a9;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Riched20 10.0.16299}\viewkind4\uc1 ..\pard\nowidctlpar\qc\tx720\b\f0\fs20 EPSON END USER SOFTWARE LICENSE AGREEMENT\fs22\par....\pard\nowidctlpar\tx720\fs20\par....\pard\brdrl\brdrs\brdrw20\brsp20 \brdrt\brdrs\brdrw20\brsp20 \brdrr\brdrs\brdrw20\brsp20 \brdrb\brdrs\brdrw20\brsp20 \nowidctlpar\ri-22\fs18 NOTICE TO USER: PLEASE READ THIS AGREEMENT CAREFULLY BEFORE INSTALLING OR USING THIS PRODUCT. IF YOU ARE LOCATED IN THE UNITED STATES, SECTIONS 19-23 OF THIS DOCUMENT APPLY TO YOU. SECTION 22 CONTAINS A BINDING ARBITRATION PROVISION THAT LIMITS YOUR ABILITY TO SEEK RELIEF IN A COURT BEFORE A JUDGE OR JURY, AND WAIVES YOUR RIGHT TO PARTICIPATE IN CLASS ACTIONS OR CLASS ARBITRATIONS FOR CERTAIN DISPUTES.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\logo.png

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):7219
Entropy (8bit):7.943329975397625
Encrypted:false
SSDEEP:
MD5:BA44F1DB59EC361BCC009499562B7D70
SHA1:2B9D3D76FFB3F01C4AB51E1CF7BE3532F5E0292F
SHA-256:E2F5CC0D49598EA5B10C21E2812D303ED2E5FED62A9446C7747D86F615CB0AA5
SHA-512:16E6971824DB13E31E522BED93B2762E438448BBCF315BC998E2FB300316263ACA03EB825ED2ADE0D911F67B7F26A0D37A81473541DD54DB8544C82EAF3DF2FC
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...@...@......iq.....bKGD..............pHYs.................tIME.......J..3....IDATx..i.%Yu......W.^-.T/U..=.L.0hX.....F ....,..AX.e.EH^.[RH.a..a..X...a...Bc.H..`...3..3.Z.]../3.../..U/.!..FT.[*3.=.,..?...FZ...,...)-....!.......1..E..ms..........|.......K\.~....H.f<...#d...G.V.$.k..e.2..!....e...~.KH...{...<...X..m...q.....:.;;;..].b4...Bk....1...v...A......?.8...Vk.~w..|.(..m.ct..._c.RJ.8.....)m.......kW..C./Q......e....D).(f...F..M.(>.{....'......=.c..m..<...B....;v..x.......}.Q......f8.b.6.,+.m..=.b....8..~.x.^G.ZAOv...o....2.h...P...6.....v{().&!.....F)t....Ai..,D4.2.?......%~..Oa..mY.I..B.Z....C.Z...R.R...y,..r.....\.B...w.'..-,.j.a}{.....r....?..y....T...eY.....qL..\.v-..Y..n..AH'.#.....1...&..J...,W.e...l<.sk..8...S...........^...3ad..Z....R..xL.^Gk..n.$S.w]7.L[J.!@...Y...!.......:?.W.....)...W.A...!.c*..Q...c......k..)....[h.N.2.!@..R..(.$!I..8!.......lln.:.UW)..yX..p8d8..j...Zc.6Q.Q....g.S4....Z...a.T...r...#.....O....7.....[..

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\thm.wxl

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4629
Entropy (8bit):5.030288540732797
Encrypted:false
SSDEEP:
MD5:94997ABBD1A9BEEF89F45C0EA3BA634E
SHA1:3D5A6F5E78962606E396323BC03D8FCB41468503
SHA-256:B2BC4C1BB7DD387D856BB053065FB8B84D7DAC81761BDECD5181401BA850DEBC
SHA-512:77879B70D65A24EF5A1F125C2A7434BE3411B63390A29002024EE2A54BB105DB66CD6B97BC77A8D1AFC92970832A2A7F8221EB59875974AA925AA2C033F12A2D
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLouserzation Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="InstallVersion">Version [WixBundleVersion]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no U

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\thm.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):8575
Entropy (8bit):5.192252402334596
Encrypted:false
SSDEEP:
MD5:433DE4532560DF70F9A955AB07FF41F2
SHA1:9F58F70C0944AFDACBE6CD3B291B3E523FDA087B
SHA-256:0D9FDD930BF528CA1015411D25A3B73A7C5479CF5997B437830D168891C003E4
SHA-512:B9054D086EC3D6C29B9ECE323A96B08059D16E4BF0F962A09EB9B630F7549D2CF55595ED46FA8E3873C25A9A89444228829A788BF82FC74CB2EBE6C56A0CABB0
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\.ba\wixstdba.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):188848
Entropy (8bit):6.598346436496911
Encrypted:false
SSDEEP:
MD5:FE7E0BD53F52E6630473C31299A49FDD
SHA1:F706F45768BFB95F4C96DFA0BE36DF57AA863898
SHA-256:2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
SHA-512:FEED48286B1E182996A3664F0FACDF42AAE3692D3D938EA004350C85764DB7A0BEA996DFDDF7A77149C0D4B8B776FB544E8B1CE5E9944086A5B1ED6A8A239A3C
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:v.O~.c.~.c.~.c....t.c......c....f.c.,.g.n.c.,.`.l.c.,.f.a.c.wo..z.c.wo..c.c.~.b.|.c..~f.g.c..~c...c..~....c.~.....c..~a...c.Rich~.c.........PE..L...Yp.]...........!................................................................1.....@.........................`.......L...................................`.......T...........................H...@...............\............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\EPSON_OPOS_x86_3.00.0.msi

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: OPOS Installer, Author: Seiko Epson Corporation, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON OPOS ADK Ver3.00., Template: Intel;1033, Revision Number: {B172D4FD-4083-4574-A2E8-C472D5B95895}, Create Time/Date: Thu Jan 28 02:42:02 2021, Last Saved Time/Date: Thu Jan 28 02:42:02 2021, Number of Pages: 100, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:dropped
Size (bytes):9342976
Entropy (8bit):7.95684389916031
Encrypted:false
SSDEEP:
MD5:450134354271788968E49FB3112F1A4C
SHA1:A40AAF7CC05287CAD0D70A43FE79BE6F1EC87223
SHA-256:335629D1825E9E791394028CA710831257439EFB99EE882B4677BE0381AE5B7E
SHA-512:740F9C9D076A53DD2E0752E71A81F9450B172EC78709566B3A023E4EFBEA94FDC53986B01C5CACC57B38EFF287219B7F54A212B2CB00584308DD5852D89387F2
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting32.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):143360
Entropy (8bit):6.1731088942351215
Encrypted:false
SSDEEP:
MD5:9E8698B639ECC899E3218E3E37F95DC4
SHA1:F3AA64D34A7032574703F582D66AE47883BF2953
SHA-256:9F392C4C63BD5D772442BDFFA62F0306D430A2A670683AA55398D56839CFB60A
SHA-512:251FF9C21A941C49B09EF5535E56FDA18F73D43B4A455489CA370EF7D254ED6483330F58ABA88C2D5CA2E714DD8FA09E43E67FDFE8CF010D8E03CD9CB05C73E0
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2x..2x..2x..;...#x..;...]x..;....x......;x..2x.._x..;...1x..,*..3x..;...3x..Rich2x..........................PE..L...'.:_.................j........................@.......................................@.....................................d....P..x....................`..l...................................p...@............................................text....h.......j.................. ..`.rdata..............n..............@..@.data....2..........................@....rsrc...x....P......................@..@.reloc...!...`..."..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\PCSSetting64.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):171520
Entropy (8bit):6.012205867460175
Encrypted:false
SSDEEP:
MD5:3EC483711F021829375C4EB7F5DE09FA
SHA1:E211FEBF6589FD4267A8879B7F5B68A6DE54E0D2
SHA-256:56EA43C9B59C59AEE123EB3CC5400C10510E5A12E13826710C515F85125B1910
SHA-512:8512440FFBD4B09FD57FD17BED3BC54BAEB32D4DCFC4A292C33315AA4DB6DC5601145782492A8CBC638D31A6310E553652FCE31673C3B7BD8B2C15F50AB7C945
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b...1...1...1.^1...1.H1...1.Y1...1...1...1...1...1.W1...1..I1...1.L1...1Rich...1........PE..d.....:_..........".................x..........@..........................................@..................................................c..d.......x.......................t....................................................... ............................text...k........................... ..`.rdata..............................@..@.data...@A...p... ...V..............@....pdata...............v..............@..@.rsrc...x...........................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\Setup.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):52592
Entropy (8bit):6.444870054444992
Encrypted:false
SSDEEP:
MD5:BF42BF5D40BA5B5F5591BA04F8372179
SHA1:C9C2B3D3B2F26EF5837603C1189CA4D7224C7628
SHA-256:B80C677DE119D385D077A47279D2CF20953803102E9FC83B11B2888CBAB9E767
SHA-512:FE1AF9D4AD10A2BDCDBBC967A6C95989A59641ADB378B9CE9134EEE836FA0B2F3EBFEBA0F30A2042CAE9FD73F726B1F54A3CAFCAFC95925B78806FD7A6642D4C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....s.U.s.U.s.Uv..Ufs.Uv..Uos.Uv..U0s.UX..U|s.U.s.U0s.Uv..U~s.Ua!.U~s.Uv..U~s.URich.s.U................PE..L.....^.................d...D......r.............@.......................................@.................................D...(.......................p!..........0..................................@............................................text....c.......d.................. ..`.rdata...............h..............@..@.data...............................@....rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\lptInataller.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):8192
Entropy (8bit):5.362446303384912
Encrypted:false
SSDEEP:
MD5:64A7A0069BCC10353C1EDF58273F68D9
SHA1:8998FFD7453711B8B785B1E4BF6C363B2B3957DE
SHA-256:EB5DEB9AEA55D6CCB0AD8E1CE53C293D355AE34ECD12A37255AE314005923D2C
SHA-512:F397231B53A76149665626CF4216C9D2A2DD6C95AA71724C1812A24D9AAA0520D37ED8FAE762BA985C0D081EB875559707E8A43291F99C3F1B8235E2C6DCA3B5
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...tDG.m...tDE.n...tDq.|...tDp.m...f.H.h...o...U...tDt.n...tDF.n...Richo...........................PE..L...?.P\..................................... ....@..........................`.......k....@..................................#..d....@.......................P.......!...............................!..@............ ...............................text...d........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay0F6DC57774F318C405ACBC32F6DAE251

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):2948
Entropy (8bit):4.789382138283443
Encrypted:false
SSDEEP:
MD5:52F2D7ACAD4A81127F86B6772FF8CB43
SHA1:51C1D80B4A9556848791FE74E286238AAFAC42A8
SHA-256:67019F22F3A548678E6712B7F0729E07B9CB141213F91E4FA4D0BD76EE7B993C
SHA-512:1E7BEB05BF136014438565906F91ACA3B7F71A1B60EB3FD1273249533B3214ADD881D928C299C4D90A13778D0C4A9D5C808C68C8B6CDE9ABEC1DA895932DC056
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay2ED01CA94E938DDDC39A6C906E554BF9

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):521128
Entropy (8bit):6.034630612014486
Encrypted:false
SSDEEP:
MD5:BE3541BFDA8A81C474224EB84E977004
SHA1:FA9CA357BA8B16480BF92C22628A82DEDBCDD183
SHA-256:5520C35127FBDC94322966486CA76F8075EB3F64655F000B1AF16BE635309287
SHA-512:761FF8CDE80EF794EB371DE20FA1D95440F090DABECD2C58ECD6F8B6C62D908E3BC3BDBE8A3817F3B53D78CB9E395BCE146CFC9E1B9EBD03EE1F3D341B780803
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).g.m...m...m...T.t...m...-...t.g.o.....|...V.....i.J...W.l...S.l...Richm...........PE..L.....}C.................(..........|........@...............................0......T............ ..................................................................`...............................H...@............................................text....'.......(.................. ..`.data....0...@.......,..............@...Shared...............:..............@....rsrc................<..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay3793A6D3F427DBCEBAD2F1C2E50F2101

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):81112
Entropy (8bit):6.132606290457583
Encrypted:false
SSDEEP:
MD5:D17902B18A5AD47410831225B9F2F6DD
SHA1:1633AF46390C0296FEA98FF0BD87B457D8BC7B08
SHA-256:BB0247FFE847A52BEDECB144A370E1BB741A3C10F6C21D7BE26D4F4C467A8659
SHA-512:F18C184E792487057D3752A529CBD0C451B65267D1E8C9924C4EEEB69950A7BE31E65833DA2D7C5349762E74D2F4DCA642C672E7970DBDD22BEFC000EF1E3250
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...I.w].....................P.......Z............@..........................0.......&..........................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay56A2E564C42922738B0329D1013F0942

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):2918
Entropy (8bit):4.766622673620277
Encrypted:false
SSDEEP:
MD5:7B336445B0417D4CBA1F317E30C6D56B
SHA1:9C3BBCE1206D05D48E69A58C1260F422E15363EB
SHA-256:6F551A1D2717E29F43E5B0A50A16A5D507F4BF065E11546FADAB650AB1C1071B
SHA-512:29927774406E5FC12A27D6CB8F4134B96298190DB5683D442316105D2DDC75EF711BF623CBE474BB9EBAA3BD789A068CD9DC46B0507AF52A0FDEEB92EFE3CE8F
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2017. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 10/11/2017, 7.1.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay730752890336AA13ECFA7102D7D9F10A

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: x64;1033, Revision Number: {434DEA19-0155-4F29-BFD4-62ABB34F7569}, Create Time/Date: Mon Aug 17 07:17:00 2020, Last Saved Time/Date: Mon Aug 17 07:17:00 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):1916928
Entropy (8bit):7.888821385525425
Encrypted:false
SSDEEP:
MD5:4FB85836FAECB52BFD1FBBFC51B87329
SHA1:30C260063638F643CE6AD8696FD0EC58989968CE
SHA-256:EF816A3F5EB274EDAFA657025B0819B3857849D0E678DEFB707106AED36DBC71
SHA-512:8114FE1696667EE7624CDB66A7DD8F90EFD421FBC8AB93B0AC2D6B776660C8ADC693EE0950B6AA4348A9859B489A7C3867294F5FE5B39AEC30071E16473EDA3E
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay75D7BCE4F0DA279E6C7C4ABC3866A195

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):2948
Entropy (8bit):4.787508495709155
Encrypted:false
SSDEEP:
MD5:4589A63BA1FD07F3F527E29D97E7B499
SHA1:FE220BD9E9229600A3172D3015FE22654EA88A4D
SHA-256:676F70BFCA486561ED46F660C5625BE2C1E727931F02A3AFC785D1030C75E79B
SHA-512:AB830648FDCEFEBD7CB1587B40B0134E6198511EFF07A1CFEF2E3AEB9D43AEF34C12C3814C6BD5C4C48D85B55019EEB1084AB34A34A10D29B8BCDF882CB8D7F2
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSB64.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSB64.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models,NTamd64....;-----------------------------------------------------------------

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay7BD4773AC9B54A2A21AAEEC2DC0774D3

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):67408
Entropy (8bit):6.331473511886832
Encrypted:false
SSDEEP:
MD5:F2CED91D6669E6118854F55974954046
SHA1:80D670BCF1B483AAE56633E3EA0BA4AE8957DBAD
SHA-256:BDCE7F7A41ADAEFB4C0F4DD3F82B308A614B8BCFE299CF1E2C3392CF43D64CF8
SHA-512:04426588715BB58E9E6C5C5C71D163A1215E6DD6B7F77DD69DA3C82AEF9A8CB80122B991CDA726795A4D5C71B43C1F683748D20991737A4C332A13EFB7CD4623
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..A..A..H.>.D..A.....H.8.B..H...E..H.$.J..H.9.@..H.<.@..RichA..................PE..d...W[.Y..........".................d...............................................T...... ....................................................<.......................P............................................................................................text...z........................... ..h.rdata..T...........................@..H.data...............................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B................................................H..%c..H......H...)..H.. ...H......H..H...H...<..H.ApH...@..H......H......H......H...N..H......H...P..H......H..,...H..(...H..z...H.AhH.A0H......H.H.3..........H.\$.H.t$.WH.. H.A@H..H..H...[....GCH......HH..H........H.....

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay927811705D452D60115D384E7785346C

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):8467
Entropy (8bit):7.196735702019979
Encrypted:false
SSDEEP:
MD5:B679DB2783876DD75C44DE0FED6978E2
SHA1:F5C3BCB22D84AE386A671976D2FC86005B32B0E4
SHA-256:94980C82C4EE4B0EF1C4618FAB4536E55C024295CDDDAB9D106A7B888311FF5F
SHA-512:57D7201433F9EB43E8DE31F9D6EF4733C08EC8D68F254619D3D8C3AA0937D8383936BA68E2D5C8EDD44E4204448BAC3AA4607442134CE720B057B4400548CE92
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0. ....1.0...+......0.....+.....7......0...0...+.....7......L..^.K.....a...171025072237Z0...+.....7.....0..B0....R5.1.C.1.D.8.0.B.4.A.9.5.5.6.8.4.8.7.9.1.F.E.7.4.E.2.8.6.2.3.8.A.A.F.A.C.4.2.A.8...1..A0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........Q...J.V....t.#...B.0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.8.7.7.4.F.2.1.B.C.E.3.D.1.5.A.7.4.4.6.1.1.9.E.B.6.7.7.D.6.A.1.4.F.4.2.8.0.2.2...1..I0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........wO!...ZtF...w.OB."0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......s0..o0J..+.....7....<0:.&.Q.u.a.l.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pay9B381276256D0D04C67314F8E3E10168

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):1829
Entropy (8bit):5.628042597184881
Encrypted:false
SSDEEP:
MD5:D7FB2496BDE13C08E7713E22259D1817
SHA1:1B1EAAE704E507575AF32C4187E77C1F060DCCC8
SHA-256:12DBECC696081497040BECCB66676F59725777BB7380F2ADCC32BF5941FFEEC3
SHA-512:3A59D98BFEC45A65A6D33CE536936C3B9DB3B11B9EE14E0234FE75AF380F9D50D65F7922D43DC51BE6E5995B01029C9BA0BCBC967A000186E77C815D4B6EF222
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.7.10 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.7.10 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.7.10 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.7.10 ...............</finishTitle>.. </langua

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payB817A58592B86A58C1F9BA7DC8C72429

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):57168
Entropy (8bit):6.529055351568545
Encrypted:false
SSDEEP:
MD5:2731434A1ECAE28D15209A9F1BE6C80B
SHA1:FF02B11F9369D9CF69B921739D5735978E437692
SHA-256:6A785D053C9E3A353E1CFF9C3734B82399D02EB953C7BE25E0499D2F233E9350
SHA-512:09136146B04F70EAE30C7965C126B6C52B5E449A8F4728B5AF9EC9679A2B509DB627F63F3D4D438B10157C1999387D0C434F5BD5C59D24896465638D4C43795D
Malicious:false
Reputation:unknown
Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........................................................................................................................................................................................................................................................................................................................................................................................................[..:...:...:...:...:...B<..:...B:..:...B,..:...B;..:...B>..:..Rich.:..................PE..L...i[.Y............................>...............................................W......$................................P...P.......................P...............................................................4............................text............................... ..h.rdata..............................@..H.data...............................@...INIT............................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payB818B3D2E260A901D958FE9A59A056F7

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):1829
Entropy (8bit):5.622509436120777
Encrypted:false
SSDEEP:
MD5:DBD52CC335E81EA31F5839BD67E39A16
SHA1:9D48C104AC238AF9F2C21E4D3DDFE4A4F1AAE85A
SHA-256:5BC6DD9D40738D6F2DBE6161A596AC35D7A6C32005B7EB0A79C5A0C6ACF673BF
SHA-512:1DAFA72F6E5930608F4A88C4F1A82C4D5B9253D3508F7B80D170960EE67C209B50F354172EC069650F090CF6086EC593D1F6BCD52790C361715C911F9A8152E2
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<dpInst>.... <language code="0x411">.. <dpinstTitle>EPSON TMUSB Driver Ver.8.00 Installer</dpinstTitle>.. <welcomeTitle>EPSON TMUSB Driver Ver.8.00 . ..............</welcomeTitle>.. <welcomeIntro>..........EPSON TM/BA/EU......USB........(EPSON TMUSB Driver)..............</welcomeIntro>.. .. <eulaHeaderTitle>............</eulaHeaderTitle>.. <eulaYesButton>.............(&amp;A)</eulaYesButton>.. <eulaNoButton>..............(&amp;D)</eulaNoButton>.. <eula type="txt" path="licenseJ.txt" />.... <installHeaderTitle>EPSON TMUSB Driver Ver.8.00 ...............</installHeaderTitle>.. <finishTitle>EPSON TMUSB Driver Ver.8.00 ...............</finishTitle>.. </langua

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payC15467B293607C85E30B32A63A8E16BE

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Non-ISO extended-ASCII text, with very long lines (318), with CRLF, NEL line terminators
Category:dropped
Size (bytes):6843
Entropy (8bit):6.070133181113526
Encrypted:false
SSDEEP:
MD5:23C03EAB4C58009DC86992A09C8ECD20
SHA1:169066A19D739BD3364AAA9F2AD0FA3B69B35DBE
SHA-256:42F8C76B10EE528201CF15D1947681E2200C13D300122F9880902C2CBD903A99
SHA-512:EE2A669F654827E688B4B2F57C6FC337DE54E336E00442093965A51D5DD7197C510DA36F0E33FAF7B1DFD096593BB70D515C73D87CBE53D59FAFFD15C4D24F73
Malicious:false
Reputation:unknown
Preview:.\.t.g.E.F.A.g.p....._..........\.t.g.E.F.A...g.p....O..{.\.t.g.E.F.A.g.p....._...i....u.{._...v.........j..T.d..............B....\.t.g.E.F.A...C...X.g.[...A.....A.........@..g.p.......A.{._...............S......].......................B.{._................A....\.t.g.E.F.A..g.p.................B.....Z.C.R.[.G.v.\.........i....A.u....v.........j........T.v...C...[..A...q.l.........\.t.g.E.F.A.i....A.u.{.\.t.g.E.F.A.v.........j.....L...........g.p.......I..........................B.....L...P. .g.p......(a) ...q.l..A.{.\.t.g.E.F.A......e.L.X.g.t.@.C.....w......n.[.h.E.F.A...i.......q.l..A.v...P.[.V.....\.t.g.E.F.A.i....A.u.{.A.v...P.[.V.....\.t.g.E.F.A.v.........j...........s.....I........A.{.\.t.g.E.F.A...g.p..............B..(b) ...q.l..A.{.\.t.g.E.F.A.....q.l...g.p........R...s...[.^.A.......q.l........l.b.g...[.N..............R...s...[.^..C...X.g.[......

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCB40CD10A10870E5AE1385FA0F1F3337

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):65496
Entropy (8bit):6.742122600451226
Encrypted:false
SSDEEP:
MD5:292828F5482C6DC0DB73B2DDAEAC5863
SHA1:88D8DEE0922729D0F2EF38F2D38E2948FE41EC76
SHA-256:171DA446F1E30D4117F84E137C50A91E505080603133EE62E451334893858BAB
SHA-512:FBEE652BABBFAE631059440707B33E8BD370A4A2FD535DC1DEB7C9B41E0793DA745971BC1CC3DBF5250E58CE9A9BBF6A4E9049D41D1B122D1014BA8493B8225F
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q.T.q.T.q.T...U.q.T...U.q.T.q.T.q.T...U.q.T.. T.q.T...U.q.TRich.q.T................PE..L...A..\..........................................@.................................|.....@E................................L...P........................?..............8...........................8...................4............................text............................... ..h.rdata..h...........................@..H.data...............................@...INIT................................ ..b.rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payCD625093AC3B4D0C421A592FE082EAEB

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):81112
Entropy (8bit):6.134331252868346
Encrypted:false
SSDEEP:
MD5:71AB5B907347419FA65784CA9E7C3D29
SHA1:447FD2E2123D5D32845E8322C3DCC8B35AC33165
SHA-256:3C34A4302546B2B937725A19F91774FC1DD1F098EF0E3B020FB79721C6349BE8
SHA-512:93DA89ED34C2F24873B00E80B34D495D11A47DCBEEBABF11CE2EF46DFB271C65395A8FEB5665CEAACED99A0D7F937E625894183082BCE165725C3160CEC1B70D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.o.Fu<.Fu<.Fu<.Zy<.Fu<wZ{<.Fu<.Y.<.Fu<.ef<.Fu<.Yf<.Fu<.Ft<.Fu<.Y~<.Fu<L@s<.Fu<Rich.Fu<........PE..L...[.w].....................P.......Z............@..........................0..................................................x.... ............... ...............................................................................................text.............................. ..`.rdata..L........ ..................@..@.data....-....... ..................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD039A7816E27A6FBD54DCE620E35B501

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:ASCII text, with very long lines (882), with CRLF line terminators
Category:dropped
Size (bytes):9636
Entropy (8bit):4.922480052503302
Encrypted:false
SSDEEP:
MD5:B73B9ECD459ADE5DDB784C5BB4990663
SHA1:1480DDCE20D9D66A9D7FE928E9ED16EA7EE45983
SHA-256:CE52C3097E7229861F5AC49ADDA3C4EC399062A6ECE2D9A568B253DEADE44222
SHA-512:EDC536DF6FB59A470514023C09DFEFEA14DD63F55B98516C880ED9B781F9977C1C0B92B927410A2C27DCA3F64EA6AFB99F170A3A30FD18A0A1796E0F167335B9
Malicious:false
Reputation:unknown
Preview:Please read the following Software License Agreement ("SLA"). Use the scroll bar to view the entire SLA...----------------------------------------------------....SOFTWARE LICENSE AGREEMENT....IMPORTANT! READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY. The computer software product and/or data, including any accompanying explanatory written materials (the "Software") should only be installed or used by the Licensee ("you") on the condition you agree with SEIKO EPSON CORPORATION ("EPSON") to the terms and conditions set forth in this SLA. By installing or using the Software, you are representing to agree all the terms and conditions set forth in this SLA. You should read this SLA carefully before installing or using the Software. If you do not agree with the terms and conditions of this SLA, you are not permitted to install or use the Software.....If you agree to and accept all the terms and conditions of this SLA, EPSON and its suppliers grant to you a nonexclusive license to use the

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD1FB11A55FA8F697A3D799DCCDBE7F52

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):8632
Entropy (8bit):7.170823701950428
Encrypted:false
SSDEEP:
MD5:980DCB467C271F79CC40F06C13E168BE
SHA1:20EA1EED5406A8FA8B0DF60F2E0BBD95F8C974E3
SHA-256:40C8325A828C277C254CEB619256FB6FA7E058AAC21658BCB85D7406F574BCC8
SHA-512:1B24C10BF7599805869557FEAF5CD86E5053D09E7D8AB92C86C2FC9771721B6AE54EAAB294884EF0E76419D38A8C943929E0CAE6600B162FDCC08F40A1C72AD9
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!.0.!....1.0...+......0.....+.....7......0...0...+.....7.......70C.+C.$.D..Y...190311070845Z0...+.....7.....0..F0....R9.3.1.8.A.8.E.4.0.1.4.5.4.8.3.9.E.5.3.3.E.1.7.4.6.8.C.C.8.C.7.1.F.8.8.1.6.0.D.1...1..K0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.............EH9.3.th.q..`.0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.E.2.2.0.B.D.9.E.9.2.2.9.6.0.0.A.3.1.7.2.D.3.0.1.5.F.E.2.2.6.5.4.E.A.8.8.A.4.D...1..C0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.6.4...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........."..."....-0.."eN..M0Z..+.....7...1L0J...O.S.A.t.t.r.......42.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD52466B200E5130EB517C4FBF89527F1

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):2918
Entropy (8bit):4.764729768099715
Encrypted:false
SSDEEP:
MD5:77DD9A90ED1101258EBE9582ED15813F
SHA1:71071783E4B9C5632D8787CDDBAE8207DA1BADCB
SHA-256:50C388BE7417EF207F296CF4FD7879E9A77361EB6842F413C54D5BB2B808802E
SHA-512:A3BE21CF0423713AF3DA710061743519A9F2375682911AFDF641F9817C80FCACB4E610940EA48FFD20CAB46B64BE30CACE45211B96E4108E3F456EE0EB12C43D
Malicious:false
Reputation:unknown
Preview:;..; Installation inf for the EPSON USB Controller for TM/BA/EU Printers..;..; Copyright(C) SEIKO EPSON CORPORATION 1999-2019. All rights reserved...;....;----------------------------------------------------------------------------..[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %Mfg%..DriverVer = 02/28/2019, 8.0.0.0..CatalogFile = TMUSBXP.CAT....;----------------------------------------------------------------------------..[DestinationDirs]..; [DefaultDestDir=dirid[,subdir]] ..; [file-list-section=dirid[,subdir]] ... ..DefaultDestDir = 12..NTCopyFiles = 12....;----------------------------------------------------------------------------..;..[NTCopyFiles]..TMUSBXP.SYS....;----------------------------------------------------------------------------..[Manufacturer]..; %manufacturer-name% = models-section-name..%Mfg% = Models....;-------------------------------------------------------------------------

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD8BE18A02ADC48FE69E3A131176F1FAD

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: EPSON Port Communication Service, Author: SEIKO EPSON CORPORATION, Keywords: Installer,MSI,Database, Comments: This installer database contains the logic and data required to install EPSON Port Communication Service., Template: Intel;1033, Revision Number: {1AB11C59-343A-4F93-AD8B-CB28D4693DFC}, Create Time/Date: Mon Aug 17 07:16:54 2020, Last Saved Time/Date: Mon Aug 17 07:16:54 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Category:dropped
Size (bytes):1425408
Entropy (8bit):7.866378647977808
Encrypted:false
SSDEEP:
MD5:B4FA9A3B9F6DE15FED75A54A82740C9C
SHA1:EFF9BA2D1E2E7FC4A6DF1C8F86ABCEC2E171D7CA
SHA-256:F6C65C24C74FE7893830CB286A3A746C6F8064E1AA089AF8CF2FE1396C089383
SHA-512:BA417312EED1AACA87E9DD3A365FAAFE33F0E551FA3ABCCDF91BF3A1EEE566BE2BA8EFC3A50911F91D33E6966211373EB4803B4CCA1A9EF6508729C2BC0B9FFB
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payD96CC85FD4558BCF17E2CBDDBC84F45C

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):77272
Entropy (8bit):6.488510790160452
Encrypted:false
SSDEEP:
MD5:559700A3F07FE041E1CA9E669B0CD173
SHA1:5201C82B25ACE127B988D3DB2B459397FC9B8BFD
SHA-256:3B07FC5B01AEA82012D89264073BC362CA1CA38CCD9469B33D2F78A1D224069B
SHA-512:DFFF6673733BB969CD002E4DC689E2FA62D12D98157110B4233041AD90163F53502C8EB299E54A0645AC7D53339CA6DB148482D90017DA2143CB53019A434E84
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..S.r...r...r..`....r..`....r..`....r...r..Fr.......r....h..r.......r..Rich.r..........................PE..d.../..\.........."............................@.............................@...........`A....................................................<.... ...................?...0..........8...........................@...................(............................text............................... ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HINIT................................ ..b.rsrc........ ......................@..B.reloc.......0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payDCB5286E01B9DE4C43422CE433335639

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32+ executable (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):845736
Entropy (8bit):5.911869545670581
Encrypted:false
SSDEEP:
MD5:7CE61B7C402728CE373FBC0DC9214066
SHA1:687E176263E778DE37F36D097754FD3B6BDD8E5F
SHA-256:5B8F31594F208E1BD15BA972B13B3142E7EFB78560B8B3674AB6C09E589ECE4E
SHA-512:EC06186912605263138D67B1ADB005295F7CB5D88018234B7D86B7755EC7AEF0630A38F2D4C04922AE201D01B7ECE7D5EE2E2740AEA4B89360037C5ED489FB4C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9Y..}8.O}8.O}8.OdA.O.8.O}8.O%9.O...Od8.O...O.8.O...Oe8.O...Oa8.O.7.O|8.O...O|8.ORich}8.O........................PE..d.....}C..........#......l...l......Pj............................................................... .......................................X.......p..........X....................................................................................................text....k.......l.................. ..`.data................p..............@....pdata..X............z..............@..@Shared.......`......................@....rsrc........p.......0..............@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payEF5C0E45BE69D622685F1FCF3E48EAA7

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):8431
Entropy (8bit):7.204842928934396
Encrypted:false
SSDEEP:
MD5:632F2D5AA9461F22291F1D15E859C290
SHA1:8DF31E51C641AF58020F9AE7A03BD8019EE3355B
SHA-256:FC1AA4618B700200AF482BC2B37A9374451E38CBE728F7C56300EB2867AAAEEE
SHA-512:0922C92071DD581189482E98FE297722C84AFDD0CD9CB4911D4B663C312739ADD6D68FEBFF03631C08F6A8693D70A76788CB85E994897AAF2EE72899A668DB0F
Malicious:false
Reputation:unknown
Preview:0. ...*.H........ .0. ....1.0...+......0.....+.....7......0...0...+.....7.....C.f...$B.Y...?)..171025072237Z0...+.....7.....0..*0....R6.D.0.B.F.6.1.B.2.C.7.7.A.2.3.B.F.E.0.8.0.C.4.0.4.4.3.7.B.3.6.9.F.F.8.2.C.1.4.1...1..=0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0M..+.....7...1?0=0...+.....7...0...........0!0...+........m...,w.;...@D7.i...A0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.C.3.B.B.C.E.1.2.0.6.D.0.5.D.4.8.E.6.9.A.5.8.C.1.2.6.0.F.4.2.2.E.1.5.3.6.3.E.B...1..50:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+.........;.. m..i...`.".Sc.0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.5...0.0.,.2.:.5...1.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......g0..c0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\payF7361A3A14F94EDEDDC1F424F97B29B5

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:data
Category:dropped
Size (bytes):8588
Entropy (8bit):7.16457215874801
Encrypted:false
SSDEEP:
MD5:4E66428B05CDF30BD9319305BF6391C8
SHA1:1E44320E71B9B687DDD310766426D93B3EBA931A
SHA-256:07B65D8092A36CD97768124DC58439D42A4D7CB591FD69D575EDAE44CCA1B5DD
SHA-512:5A7F6ECF2D2374C592CFABECE9C093608212A65408420A75C4BBDB6D630E37572059F03BA04266B2701C94E1D2027DB32EBC5E8643F052C2E17B55F8EC220742
Malicious:false
Reputation:unknown
Preview:0.!...*.H........!y0.!u...1.0...+......0..m..+.....7.....^0..Z0...+.....7.......X..g@....Qc....190311070845Z0...+.....7.....0...0....R7.1.0.7.1.7.8.3.E.4.B.9.C.5.6.3.2.D.8.7.8.7.C.D.D.B.A.E.8.2.0.7.D.A.1.B.A.D.C.B...1..70:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.9.0...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........q.....c-..........0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.1.0.4.0.2.F.8.7.6.0.1.5.2.6.3.B.B.6.A.7.0.5.9.C.D.0.F.6.1.0.B.4.1.B.B.D.0.9.A...1..?0:..+.....7...1,0*...F.i.l.e........t.m.u.s.b.x.p...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+............v.Rc.jpY..a.A..0N..+.....7...1@0>...O.S.A.t.t.r.......(2.:.5...0.0.,.2.:.5...1.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\pcsInstaller.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):23040
Entropy (8bit):5.655118301130325
Encrypted:false
SSDEEP:
MD5:6ECEA205F1D913C29183D95BBFE8321E
SHA1:5C2B44DB83CB443D34132B805B3232F411EA4F0F
SHA-256:F745AD051A868E36BB6AAA4F6EC09C83F32BB49370D07C27A2B2506618B15AC6
SHA-512:FDB9647B2406F121923AD4ECDBE13192524C3CBD0353B0B58F9309F01955F2058265FCC39CCF35AE005261A1948C98328B6D3E93735AB1F4B9473C16C85FF336
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n..|n...ne.wn...n.\qn...n.\En...n.\sn...n...nl..n.\Dn...n.\@n...n.\rn...nRich...n........................PE..L.....|\.................&...0......"+.......@....@.................................gR....@.................................,Q.......p..........................`....A.............................. L..@............@...............................text....$.......&.................. ..`.rdata..F....@.......*..............@..@.data........`.......D..............@....rsrc........p.......H..............@..@.reloc..j............L..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{79F4700E-475E-4FB9-A39D-93BA38BCCE11}\vcredist_x86.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4995416
Entropy (8bit):7.998905724333139
Encrypted:true
SSDEEP:
MD5:CEDE02D7AF62449A2C38C49ABECC0CD3
SHA1:B84B83A8A6741A17BFB5F3578B983C1DE512589D
SHA-256:66B797B3B4F99488F53C2B676610DFE9868984C779536891A8D8F73EE214BC4B
SHA-512:D2D99E06D49A5990B449CF31D82A33104A6B45164E76FBEB34C43D10BCD25C3622AF52E59A2D4B7F5F45F83C3BA4D23CF1A5FC0C03B3606F42426988E63A9770
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ................................L.......... ..................................................."L.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............K.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{93020C0E-E0E4-4B6A-B1E7-58ACC6B18324}\.cr\EPSON_OPOS_ADK_V3.00ER10.exe

Download File
Process:C:\Users\user\Desktop\EPSONOPOSADKV3.00ER10\EPSON_OPOS_ADK_V3.00ER10.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):593493
Entropy (8bit):7.1154621530709115
Encrypted:false
SSDEEP:
MD5:EC7D781FF597D391E89EA6B4E65C10F0
SHA1:F91C485532EEE9DB8D6C1E0268B8A0EF5D284D25
SHA-256:D9B3D485A2EA5BCB5197BB2A825CBEE24E0D094501FD59A85B5D59F28FAD7E16
SHA-512:891E16FC8AFC794956875D58DE203E5B3E98AD5EDA59A458525E6B93C5955D5A9C71978200D865C8456C1B6B597D6AAF79E44D9221D2ECC04B74DADA608214C3
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......|k..}k...k......|k..Rich}k..........PE..L...2p.].....................~......q.............@..........................P............@..............................................:.......................=..0p..T....................p.......j..@...................4|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc....:.......<..................@..@.reloc...=.......>..................@..B........................................................................................................................................................................................................................................................

C:\Windows\DPINST.LOG

Download File
Process:C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\DPInst.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):5538
Entropy (8bit):3.7139285762397356
Encrypted:false
SSDEEP:
MD5:917C09A93ADCA4A42A373C172262A0B4
SHA1:5E11C27CBAE15CA50D1EFCAA16EB26C49270749E
SHA-256:837E9BB330D5E59DE0A01FF6EAA705683FE4C708B6307170A514E419CD1A500C
SHA-512:ED0C305ADCDAC96188C015C84CFA4F49CA20CF3147CEA1A98CF94900F69B39F3E57C1A8295051DFC118B98A48BBEC1718C071E6EF44A9967404A1B5E747BEA4E
Malicious:false
Reputation:unknown
Preview:..I.N.F.O.:. . . .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....I.N.F.O.:. . . .0.1./.0.7./.2.0.2.5. .1.8.:.4.6.:.5.7.....I.N.F.O.:. . . .P.r.o.d.u.c.t. .V.e.r.s.i.o.n. .2...0...1...0.......I.N.F.O.:. . . .V.e.r.s.i.o.n.:. .6...0...6.0.0.0. .....I.N.F.O.:. . . .P.l.a.t.f.o.r.m. .I.D.:. .2. .(.N.T.).....I.N.F.O.:. . . .S.e.r.v.i.c.e. .P.a.c.k.:. .0...0.....I.N.F.O.:. . . .S.u.i.t.e.:. .0.x.0.1.0.0.,. .P.r.o.d.u.c.t. .T.y.p.e.:. .1.....I.N.F.O.:. . . .A.r.c.h.i.t.e.c.t.u.r.e.:. .A.M.D.6.4.......I.N.F.O.:. . . .I.n.t.e.r.a.c.t.i.v.e. .W.i.n.d.o.w.s. .S.t.a.t.i.o.n.....I.N.F.O.:. . . .C.o.m.m.a.n.d. .L.i.n.e.:. .'.T.M.U.S.B.6.4.\.d.p.i.n.s.t...e.x.e. ./.s. ./.s.e. ./.s.w. ./.s.a. ./.e.l.'.....I.N.F.O.:. . . .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....I.N.F.O.:. . . .C.u.r.r.e.n.t. .w.o.r.k.i.n.g. .d.i.r.e.c.t.o.r.y.:. .'.c.:.\.p.r.o.g.r.a.m.d.a.t.a.\.p.a.c.k.a.g.e. .c.a.c.h.e.\.c.9.c.2.b.3.d.3.b.2.f.2.6.e.f.5.8.

C:\Windows\INF\setupapi.dev.log

Download File
Process:C:\ProgramData\Package Cache\C9C2B3D3B2F26EF5837603C1189CA4D7224C7628\TMUSB800\TMUSB64\DPInst.exe
File Type:Generic INItialization configuration [BeginLog]
Category:dropped
Size (bytes):2496219
Entropy (8bit):5.224312196911018
Encrypted:false
SSDEEP:
MD5:B36864C7A8B6F5A1B050CD8B2ACF6ECF
SHA1:E493BD7A2A0A5E4AAC7FF7216281165936AC0B2B
SHA-256:C071B8FC95E6D492AFC93C8A682024BB54D7E415B88EA8F49DD8303D375A6900
SHA-512:7A8A8849E33AFED108C67F465352F6CC1DF6E337829F2A599699D753251957CA8D8FE342DD183AA200972030A96DAD80F2FD5D08E3222E9B8569697A355AEEEA
Malicious:false
Reputation:unknown
Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):421200
Entropy (8bit):6.595802017835318
Encrypted:false
SSDEEP:
MD5:E3C817F7FE44CC870ECDBCBC3EA36132
SHA1:2ADA702A0C143A7AE39B7DE16A4B5CC994D2548B
SHA-256:D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF
SHA-512:4FCF3FCDD27C97A714E173AA221F53DF6C152636D77DEA49E256A9788F2D3F2C2D7315DD0B4D72ECEFC553082F9149B8580779ABB39891A88907F16EC9E13CBE
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A._M.........."!.................<.............x.................................{....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):773968
Entropy (8bit):6.901569696995594
Encrypted:false
SSDEEP:
MD5:BF38660A9125935658CFA3E53FDC7D65
SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI160C.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):94720
Entropy (8bit):6.212189528458648
Encrypted:false
SSDEEP:
MD5:7063C6D41F40B0EACCDE0B9021ABB71B
SHA1:BEF0D263798A4654681DA788327D1BF10BEC6FC5
SHA-256:A3F6C39BF24A69F5CCD6240A686E2A98BFE3FDD94C9EFCC937CA029D199DBEC6
SHA-512:0C1C6B2C1B91A49E8C99871CB25FE91999BC50DFDF238A5F27928B00B63DAB656B76D54153EC3CB3F4B702F43E5F5E222E91B0DA9A129FCC55498BBC27F44DA2
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7..IV.NIV.NIV.NR..NXV.NR..N<V.NR./N{V.N@..NDV.NIV.N.V.NR.+NKV.NR..NHV.NR..NHV.NRichIV.N........PE..L...z$.`...........!.........r.......W..............................................C.....@.........................@Q..l....I..d....................................................................<..@............................................text............................... ..`.rdata...A.......B..................@..@.data....>...`.......B..............@....rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI5EB1.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):235008
Entropy (8bit):6.144530622134622
Encrypted:false
SSDEEP:
MD5:4B6069962FE31249C2178A3888912AFD
SHA1:7116285806C9929EFFADF515577181788BFC7399
SHA-256:012919932C9D88DA5E783806DDDDCA0E5397084853351443C4D6713A9BB8F4A4
SHA-512:CA53A6FB1DEB87C679C3108A2CE353F3DD3209A9C32F5963CCA871C3FF4AD3682EB8FD7DC181D0B3B37CD67E836DD945419C42ABB255E30DDAC505A67FE2BD97
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.M..M..M......M..5..!M..5..M..5..M.....M..M..7M..5..M..5..M.....M..5..M..Rich.M..................PE..d.....:_.........." .....p...".......F...............................................8....@......................................... Q.......C................... ..............D......................................................h............................text....n.......p.................. ..`.rdata.."............t..............@..@.data...0A...`... ...H..............@....pdata... ......."...h..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI5EF1.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):950215
Entropy (8bit):6.154079121719106
Encrypted:false
SSDEEP:
MD5:6ABBAE74D2CDF21D4533FF913F216849
SHA1:5D94A05241D111354805BF112E47321D12C81A53
SHA-256:F2500276617DDE72D01C564A241EF5BFBA2764C76084794E938B15426C4E6F50
SHA-512:7415DA5BABA61DDBD90731224F8FE5846ED671CA6079EF8204C1FE4D674D9B6009BC7AF56E04A679DD2FD76377A1B3063EB76E5FDEDEBC039F151EB1CB4705DD
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{3DA6B8DD-EAA9-4800-A913-9B34407DEA16} .EPSON Port Communication Service..PCS64.msi.@.....@.....@.....@........&.{434DEA19-0155-4F29-BFD4-62ABB34F7569}.....@.....@.....@.....@.......@.....@.....@.......@.... .EPSON Port Communication Service......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3EFB3260-D67D-48C8-B0A6-9F71B8AECF50}9.C:\Program Files\epson\portcommunicationservice\PCSVC.exe.@.......@.....@.....@......&.{B7EC7AFF-6113-46E9-A08D-6A013B33AB67};.C:\Program Files\epson\portcommunicationservice\Replace.DLL.@.......@.....@.....@......&.{6171CD59-BDE9-4F00-8F27-53BE03D1D654}D.C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe.@.......@.....@.....@......&.{3AAAFDBF-D307-4E95-A6EC-5745B03D99A5}9.C:\Program Files\epson\portcommunicationservice\PCSIF.DLL.@.......@.....@....

C:\Windows\Installer\MSIC38.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):213558
Entropy (8bit):6.278774506367684
Encrypted:false
SSDEEP:
MD5:30DA71A7FA39D2EF8E7E0693228736F7
SHA1:E7478CE51D7C4DBBECAE0FABCE2F57153C0C10B3
SHA-256:CE245A72B3630C634C505BF78DBC118159047E1003A6CA67AF95B7C6B5F32B06
SHA-512:F197652FEC6D841B6E36161ABA8529615934ACE5FB10F74A69DF4AAEFEA320F613D33144D1C774A278CD4257279F3EB7CAE41A176CE26A6A8FBECC52E3C089F8
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{889DAB46-C9C4-4F8E-B5C0-704F07E76F41}..EPSON OPOS ADK Ver3.00..EPSON_OPOS_x86_3.00.0.msi.@.....@.....@.....@........&.{B172D4FD-4083-4574-A2E8-C472D5B95895}.....@.....@.....@.....@.......@.....@.....@.......@......EPSON OPOS ADK Ver3.00......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@R....@.....@.]....&.{FD4B1516-7E5D-4F88-B341-338D7101DB6D}".C:\ProgramData\EPSON\OPOS\CSStore\.@.......@.....@.....@......&.{1576EC96-81F6-45A5-9973-B5F8321C91BA}%.C:\ProgramData\EPSON\OPOS\DeviceInfo\.@.......@.....@.....@......&.{3DE2F290-D208-4BE6-A4B8-2FBE44A5574B}!.C:\ProgramData\EPSON\OPOS\NVInfo\.@.......@.....@.....@......&.{038E6A7C-41FA-4945-AEA8-D76E7F841443}).C:\ProgramData\EPSON\OPOS\StatisticsInfo\.@.......@.....@.....@......&.{AD0DD4DE-7E98-44CE-B049-C477CC0A2B00}0.01:\Software\Seiko Epson\EPSON OPOS ADK Ver3.00\.@..

C:\Windows\Installer\MSIDCDB.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):20341
Entropy (8bit):6.1328766395663035
Encrypted:false
SSDEEP:
MD5:DD6AB87F73A303A5770F344446B2053D
SHA1:11662AE05D4CA7043435656ADEAFFE5F6EEF266B
SHA-256:3BA373342D507682F8114EE142A0B0E046C0E136F6BD82892861F9829F51A68C
SHA-512:2FAD8CC989BDC4281D4B1C9C97796640D2D20957E581CBD9EA95E223C4CCB1992561318A200A0A21C67758B11F06372BB827F7FA01E7F1AC649CE85C4A2F9C4A
Malicious:false
Reputation:unknown
Preview:...@IXOS.@.....@.'Z.@.....@.....@.....@.....@.....@......&.{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5};.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219..vc_red.msi.@.....@.....@.....@........&.{461C455E-DA40-49B3-871B-14308CC7CEFF}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@>....@.....@.]....&.{8453C4E7-26E8-3408-B3A4-5940CA95BC60}@.02:\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x86\Version.@.......@.....@.....@......&.{1414BD84-D9A5-3EE5-AA73-118D7C072370}D.02:\SOFTWARE\Microsoft\DevDiv\vc\Servicing\10.0\red\x86\1033\Install.@.......@.....@.....@......&.{E2F46933-FF4F-46E0-B997-F64D2C6D4FA1}D.c:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll.@.......@.....@.....@......&.{529D0A60-398C-38A2-97EF-82FAFA798A06}..c:\Win

C:\Windows\Installer\SourceHash{3DA6B8DD-EAA9-4800-A913-9B34407DEA16}

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.1618171422237489
Encrypted:false
SSDEEP:
MD5:38488004F393C3AE80B3ACEAFDD04A4C
SHA1:BB960CA21B69232FB830418E39C2DF5CCBA1CD99
SHA-256:911571A81070DC32E06E8BA8B36A5612A3E387D80ADED259ED563946BC9F8C25
SHA-512:92AC5A8A1C04B62B48F68EF77E6F561B181BD2A1F358D33322969E4AFC7D54CDB88AF0F808915F6182568A345257A40AB135632092B2A52643119677DFD1BF21
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.5323865507857004
Encrypted:false
SSDEEP:
MD5:EE4D6DABA2B8C28D6695B13B6B819A97
SHA1:7913559D2A06DC920126F8CB0F568689EEACCDE9
SHA-256:54D5A6B3BC0394A99F7ABCDC9D17709C9E6B92558DADB08DC58DBF240096072E
SHA-512:14DC952D7C55B6BDF48C732BD68F347CA24C63892D8542E352434A3DF3602509E6DDA95D3DAFB462651F148A14F44547AF866E30AE98B09D549BDD6EC6043742
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.78796500114976
Encrypted:false
SSDEEP:
MD5:4A2FD0120DC4CB8C3E9172BF17123E3E
SHA1:445425232ED4860E7B24EADD1AF89E7834560902
SHA-256:B6BD0AD381EBB5E7FF18F6F6F9026CFF3C18F088B00F9A6432C6257CECA54C12
SHA-512:07BADFA998FF1C5AFAB2A8CA94247B2BBC6A3381DD2C290BA761287BCEA6CFE842A93C505494331050C2EAC05D5EB7C6004B9314D30FF401A6AE52E4A4D3A6CB
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):454328
Entropy (8bit):5.356205618582381
Encrypted:false
SSDEEP:
MD5:E36A9721A40FF655D23192D616615BD9
SHA1:6ACC997354B6CA51C9BE2266CDB9C80638A6DD12
SHA-256:6766CA9E8914B85EEA1F9D84303C9BD27FF9DE16076C1000CFC45CB51E9829CC
SHA-512:0786BD76765671FB5FFC9F82FD91B237838776D1F991509A51AEF8F5B207B82A1C246A7AA9D71FF06B3843D7CBEED0F8CCB192DB7BCBDC35E444E8F952B5ED1A
Malicious:false
Reputation:unknown
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\SysWOW64\atl100.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):138056
Entropy (8bit):6.454887624220969
Encrypted:false
SSDEEP:
MD5:00D2C06A552F782C1F16ACF77DB765A5
SHA1:640FD59AE52C7C381D7696CE66668AEAAA25B711
SHA-256:F54FE6535538174C139B1B0CB2AC0753B2E34412153A443482CCAE53FFBC4DC6
SHA-512:BBDFA6945D57C49A886442A7D1032E08656D4999E614D5A0BE0D318832BE94520601D2DB9C0E3AFF5E083D7A1392C72FB38EAD2873520947E26993DAED7AC795
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..&V.&V.&V..V.&V.0.V.&V.0.V..&V..V.&V.'V..&V.0.V.&V.0.V.&V.0.V.&V.0.V.&VRich.&V........PE..L...W._M.........."!.........x......5..............x.........................`......T.....@.................................T...(........"..............H....0..$....................................@..@...............|...........................text...q........................... ..`.data....0..........................@....rsrc....".......$..................@..@.reloc..8 ...0..."..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\mfc100.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4397384
Entropy (8bit):7.044986254855662
Encrypted:false
SSDEEP:
MD5:A807596CB3CB377A1A687C9734D67A37
SHA1:29DD7CA9AF4085C6897788C1AFAADF59DD5D8B0E
SHA-256:496E1A21645ABAA90FA544C025E6F0DE1CBCBD5D060007A8A9E2FB5787655D0E
SHA-512:7534CC0BF5CFCF238FEFDBE47FA895E47D08F7545CFE2E9DCEDA703E7652060821E3CFF9F839E5BC78A11205B9A0FD1A5DBA47B845AE83D05A6005F49A224E28
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.1...1...1.......1.......1.......1.'....1.......1.......1.......1.......1...0.H.1.....(.1.......1.......1.......1.Rich..1.................PE..L....)_M.........."!......*..d........%.......+....x..........................C.....OdC...@.........................@.*.......).......,.H.............C.H.....@.$..../..................................@...............8.....)......................text...3.*.......*................. ..`.data.........+.......*.............@....rsrc...H.....,.......+.............@..@.reloc...a....@..b....?.............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\mfc100chs.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):36176
Entropy (8bit):5.565145082259986
Encrypted:false
SSDEEP:
MD5:F7E75862299194C1B9103F7742EA7B25
SHA1:51A18051A8199A826AF854D724F600F3951C715C
SHA-256:09C2F7DD0970FA29984D8E92D8B3EE038BAC94228B30ABFB1AF11993A62C5356
SHA-512:93C8F3149BE532345DE57126FB0CC6BA0D65BFD5618171B90A83640249807292321193F7B8C880EDAC0894734AE3363AFEC49003E2C0A57D61334743439EBB1B
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...p)_M.........."!.........t....................6]................................36....@..............................................r...........v..P............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100cht.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):36176
Entropy (8bit):5.623062559496089
Encrypted:false
SSDEEP:
MD5:8280A96D8B44ABBFE8A22F19EAF9EC0D
SHA1:A7DC0249591477976A88026A4F9671C25C000DBA
SHA-256:E984EAEA8294F17D00B380B588679E209A2D87A4D77D68B58E65A0FCE979294C
SHA-512:4B23C8E1C4954F644848EB7D96AA78CEB16039FF6A5F1770F6342707BC72DB8D319328E5B1324018ABD661538503A69B571B7BFAC6E85F2654B143C333641D3C
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...p)_M.........."!.........t....................6]................................!.....@..............................................r...........v..P............................................................................................rsrc....r.......t..................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100deu.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):64336
Entropy (8bit):4.137117954467132
Encrypted:false
SSDEEP:
MD5:4AF4B6E8A4D185B75122773562D25975
SHA1:A25E887DF095BBCC61A2DA3B9696AEA59A3B5EB0
SHA-256:1CCAC5A935128A4DB17197F248566C1FCC798F3C4C1A62A4C05745209F527FDE
SHA-512:0BF09D53966C6D8E5F3AF269E8DF7DEEC9EC0C73AD2CF702B1E95133212510B94116073520474A88C19BA73E86BFC3D46486B59B0FEE688BA9A716EDF8C7B985
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...p)_M.........."!..............................6].................................s....@.............................................................P............................................................................................rsrc...............................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100enu.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):55120
Entropy (8bit):4.198533172081631
Encrypted:false
SSDEEP:
MD5:F908FE45F8FE9E0D4CBE65F9FF5DF6DA
SHA1:55BDF4AD2DB61B8CD0B37011906B74A5505B3746
SHA-256:6FEC7C478F790D0EDCC4F0EFB2594A64878AC8FC8878B03F3611311C920E29BE
SHA-512:5F02643BC0F79129E2F48349D8594BBBAACEED50146B82AD880E27B6A512F263FCD69F2AD8E956BB147790F05AFE64729DE4A699261019AB509E89BE863F3063
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...r)_M.........."!..............................6].................................T....@.............................................0...............P............................................................................................rsrc...0...........................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100esn.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):63824
Entropy (8bit):4.071025332838685
Encrypted:false
SSDEEP:
MD5:9328256796EFAD2AC9632FD9A76EED95
SHA1:1540E2881F97E7C49E16FBEE5411E14A7019E6CB
SHA-256:29DBDBB0B49FE25E350ECB13ACF5BDEA19EF9E650CA7D035E398974A35115705
SHA-512:8DCCC5B29F6FEC20A49D88760D48134F0F6F6D5FBF7A23E11A63C4A6A51972DBEFF7AAD1BBBCF1B6DF24FBAA9BC61EB581B2FEBC617C49CDD34D4223A2403F54
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...p)_M.........."!..............................6]......................................@.............................................P...............P............................................................................................rsrc...P...........................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100fra.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):64336
Entropy (8bit):4.116469441988545
Encrypted:false
SSDEEP:
MD5:ECAF994DBDDE7409A4C2270CDA8177A6
SHA1:BD2FD0318A6A036D3FE0D7C1FD4E1235556B7DC7
SHA-256:B52BE52DEA598AB61516A35D34180BB94CE232F34E2D3482527EC9A790EFCF49
SHA-512:E0BBF39EF49F8B94CA6A2176ABCD86DAFBEA1AFD4C73689223D7ED7CE2ED0AD967B49897407A6DC1F1B5FDE83B3540A99464E6C13A39237F29153A0D94025A43
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...q)_M.........."!..............................6]................................S-....@.............................................................P............................................................................................rsrc...............................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100ita.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):62288
Entropy (8bit):4.096027904670536
Encrypted:false
SSDEEP:
MD5:D460F47453E2E186A981E1EB0DC7F6C9
SHA1:E00D69F5063F859D72A2622A35D3DC5EC81B3A9B
SHA-256:DB16717FF48F8FD073ED02D186CC5F71A7FD6D4D31A52753EEAFE5F0ABE178DB
SHA-512:1391DEC17E75D6D0BC23965518901521823C98658468C36742D0E9A358E071BC94F8511ACA6DE1AA7A7BE715111D8E78B007A82B2F48DC2CDE49977E30887B96
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...q)_M.........."!..............................6]......................................@.............................................................P............................................................................................rsrc...............................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100jpn.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):43856
Entropy (8bit):5.447621036331157
Encrypted:false
SSDEEP:
MD5:BF7B39A609B1C84A888158BBE6CADC3B
SHA1:B77FE021F5B0C94CC97132C50086ED37128EDE64
SHA-256:90F0EF59DD22008CB092029D19D1D14E60504E9A0023DC0C4C56FE444270A627
SHA-512:A1B3FB45C938C148A96880996678AC2CF85BFC05FAC7FBA111255001B1C5F97AE0954F855C69936B6AB5C4A0079EDFC3A37FAD2B138DC6C55723CE4E7E805A5D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...q)_M.........."!..............................6]......................................@.............................................X...............P............................................................................................rsrc...X...........................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100kor.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):43344
Entropy (8bit):5.550778347897452
Encrypted:false
SSDEEP:
MD5:17F28E88C2006EB6447FB31F25D7D937
SHA1:C80F9EA7A596DF6F7F65ADD76E6AA64F5CACC752
SHA-256:47CEFC05B67EF82128DA16A6A007E4978D8C0DF24A2B8C2C3C34C8830E6F49FA
SHA-512:67A7F37F83205847416BCC6D8B9FAFF5CAD14BBBEF45BFF7843F1E43A2A1CEBD5D958118056754685BDA9BF923470974547CD632B31FFA7AD58F140CED8BA68D
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...q)_M.........."!..............................6]................................a.....@.............................................................P............................................................................................rsrc...............................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100rus.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):60752
Entropy (8bit):4.6890295964295685
Encrypted:false
SSDEEP:
MD5:E25790E6E0612B621C8EA80206036672
SHA1:78DE33243AC083FCB57B2CFCFED52F5DC4CEC2DD
SHA-256:136DE86F96AE881A430724AE854D902749A0A72B3EDC17DF83E83257C511CBC5
SHA-512:E1F298A2BED0D5B632EC5EA81834FF4FD69084B79C37A63D8B5C7E7317A757E0CFCB9D311D585980A303D16640ED2C9224EE442BF3CD2ED7BB026E181599601B
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................5%......5".....Rich............................PE..L...q)_M.........."!..............................6]......................................@.............................................................P............................................................................................rsrc...............................@..@....................................................8.......P.......8....... .......8....................>..P....................>..h....>.......?.......?.......?.......?.......?.......?.......?..(....A..@....B..X... B..p...AB......BB......CB......VB......lB.......B.......B.......B..0....x..H....x..`....x..x....x.......~.......~.......~....................;..................... .......8.......P.......h...........!.......(.......).......*.......,.......-...........(.......@.......X.......p...........................

C:\Windows\SysWOW64\mfc100u.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4422992
Entropy (8bit):7.012472770624414
Encrypted:false
SSDEEP:
MD5:F32077DF74EFD435A1DCDF415E189DF1
SHA1:2771393D56FF167275BF03170377C43C28EE14E1
SHA-256:24BB6838DEFD491DF5460A88BED2D70B903A2156C49FB63E214E2C77251ECA71
SHA-512:FB708E0949854998FB80635138C80AC05D77DCA3089D3E5974663DDF2376D6A03535DAE1A068514C3B58BC06C8E4078B37CFB6BC90F080F7F31FEFC972A34850
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.r1..r1..r1......r1......r1....r1.'<...r1....r1....r1....r1......r1..r0.^q1...(s1....r1....r1....r1.Rich.r1.................PE..L....)_M.........."!.....P+..h......I:&......`+..._x..........................C.......C...@.........................P}*.P...HE*......p,.H............fC.P.....@.....`/..............................@N..@...................<)*......................text....N+......P+................. ..`.data........`+......T+.............@....rsrc...H....p,.......,.............@..@.reloc..Fc....@..d....@.............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\mfcm100.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):81744
Entropy (8bit):6.143527599899884
Encrypted:false
SSDEEP:
MD5:DFAE4207CE3F2B3B88DABC6A7C73C450
SHA1:432A2FDDBB87BD13E4E40428E4C6A167EEBF7BF1
SHA-256:F7E920AB186D9F5F8218A012F9D6E603BF351C047CBFB6C4BF41850D50373A0B
SHA-512:577FF996023D7D00584E3657C73711B921FF2904E72536DE78224C07CD960672D3D035FC06EFEE85BA1F14CA86B03B699B7085B96CF2DC7362781BB4C96A0754
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l../(.|(.|(.|!.?|*.|6./|*.|3Q |-.|..$|).|3Q"|).|3Q.|$.|!./|,.|(.|..|3Q.|=.|3Q'|).|3Q&|).|3Q!|).|Rich(.|................PE..L...F*_M.........."!.....B...8......0O.......`.....x.................................t....@........................../......D)..x....................(..P............b..............................0p..@............`...............b..H............text....@.......B.................. ..`.rdata.......`.......F..............@..@.data....X...@......................@....rsrc...............................@..@.reloc..$............ ..............@..B................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\mfcm100u.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:dropped
Size (bytes):81744
Entropy (8bit):6.150747808645515
Encrypted:false
SSDEEP:
MD5:0B6C9E162B102F7B819E61A80257CA92
SHA1:E7FB9B6A36E2F9AD381D00D14E1A20B541C70D94
SHA-256:D159D2AE0A3F73FD7489960320DF92ADEE9B481027785BC8B82F8A10C2E66808
SHA-512:53AEFE0592CF92C6EB3DB4D6FE32F75A2B1E0EB8D9C5B7AF334F3A5043589D6918412309CADA9B6B96A98F3BE7DB00647D3BAE52BB775D1EC1DEA810E0EC8982
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l../(.|(.|(.|!.?|*.|6./|*.|3Q |-.|..$|).|3Q"|).|3Q.|$.|!./|,.|(.|..|3Q.|=.|3Q'|).|3Q&|).|3Q!|).|Rich(.|................PE..L...F*_M.........."!.....B...P......0O.......`.....x......................................@..........................0.......*..x....................(..P............b..............................@p..@............`...............b..H............text....@.......B.................. ..`.rdata..@....`.......F..............@..@.data....p...@......................@....rsrc...............................@..@.reloc..8............ ..............@..B................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\vcomp100.dll

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):51024
Entropy (8bit):6.58747423701147
Encrypted:false
SSDEEP:
MD5:A7E63D69F1D55A3662907ECD48B345CA
SHA1:6FD80A3C9134CC09AC7C353D64FF2B1E34D55206
SHA-256:887C58E0B5E315F2D9714BD4D0F8126EF615D5792BAAAE4C7B75409FDECB5C45
SHA-512:2564DE05FD1763E26A1B1E00603961EB2F53624005A11837DD1E798740AFAE3E0E7AB4D48E76CC23FECA0CCC509399659DF6E41976C3046D95CC600CAB87769E
Malicious:false
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.>. .P. .P. .P.;..-.P.;...-.P.)..%.P. .Q...P.;...-.P.;..!.P.;..!.P.;..!.P.Rich .P.........PE..L...Y*_M.........."!.................W.............r................................{O....@.........................P.......D...<.......................P.......\.......................................@............................................text.............................. ..`.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\catroot2\dberr.txt

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):74041
Entropy (8bit):5.390547173105644
Encrypted:false
SSDEEP:
MD5:D56B767F5B59E5F956C435DE91351440
SHA1:45731F393822AC6D41E2D41FF86EC4965E2ECACB
SHA-256:76A4D0912687B100FB7903B9DBDF998E045F275E93C5E38D878589DC3C8217DF
SHA-512:3ED7510966827BCF18901318EFAF07CE6734B637343DF31CB46905029E586FF9200E497602365D5E17EB3D8110FAFA07E82BD5E3C077813D2F2CAE2595B335F1
Malicious:false
Reputation:unknown
Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

C:\Windows\Temp\~DF05365B2FBDE3564E.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):73728
Entropy (8bit):0.15778716377721066
Encrypted:false
SSDEEP:
MD5:D76D63115A69A6999370374376BB6059
SHA1:8F06D8B0A0C9C3EE383CA794B98534B58DDCBB86
SHA-256:EC38A46A2DCCB828E02DF5B0607678F1F07AF442548D2CDA34DF99B5BA5FFB20
SHA-512:71B3D3CAD2DA85CFB83953A79FD76CD0DDCC845F15539FE0FC8888C9BDE6AC364961AE1805ED6E5A74D87C27FC3542C3F9E47102D06C440BD8A3E12305BB25EB
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF0F3DB20C183343DB.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):69632
Entropy (8bit):0.24657351232162994
Encrypted:false
SSDEEP:
MD5:56F34B6720A876FC704EA2E6B4802BDE
SHA1:FD6704F23A2C8211E867334E683E6D3263C607F6
SHA-256:40FD5DCEB827BDBB3D1DF12577D9D11D5295E8037A4CBE4A5CDA2520D981D1AC
SHA-512:E6F4C15E2592110760B97BB358B3697CE28000BDEF33237E6D85402340EEB3ED4F160DED393C81625983E632AA199A3AE81E49D83F6DC97C8E9A9402A34E15C9
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF12D0C169E26ECE7E.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):20480
Entropy (8bit):1.625985155659377
Encrypted:false
SSDEEP:
MD5:8640DE416432137B25B38CE673990DC1
SHA1:46B89724BA28FD6FF1A30E22F31991ABE7F29105
SHA-256:8CB7F020067F88EAD8DF229A29A2AC3FFCBF1A63D2E2E1027B2220FF7D73B9CD
SHA-512:04F4C06511C080D9182EE51DB8A2424179FBFAF8DB523765D10686AC78E89850418F66702335443C940F85E335B242E7086F11D6A22D275178792BEC54FD34C6
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF56E0855E7F565A9B.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.4393077194717754
Encrypted:false
SSDEEP:
MD5:0713235442D5F69BA71B0108439AC7BC
SHA1:078086F9C6C5677B4F86351DCBF166BCE57B80E4
SHA-256:ED73B12D8E25D10086C755588ADDC7D40CDA23BE652665AAD39C72865CAFB70D
SHA-512:4497ADDBA3B1ACEE55A62E9CB96A4BD7D2C747E5A7AA99A0B940A698D731F78A589949CD9D74826A2989EF841895CD275995688827759E3F468C0E4A128B57DA
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5B5EB7974878A751.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.4144849575214726
Encrypted:false
SSDEEP:
MD5:C035B1531757448E8B91DA48BB968191
SHA1:3E88DA8EA86EE63E0FD86A36ECCF8E6AFA868947
SHA-256:897012896EA2E68AE236371979658BBB74AB29E40250388031BAF7DD6FCE3C36
SHA-512:BF8BE6A781C42E245E779698C16A9FA4772E0309A072B28D55A8EABA239837FDB36F2A11950F2B2BB164C637C8D8D3B7E60293DEDAD9C668E80A6494B03E4DED
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB1B622B58A8F8BDA.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.06907270421787542
Encrypted:false
SSDEEP:
MD5:328C877021E2436D44D8AC48F993E43A
SHA1:C5BE0A5A30D763D4EE1316F3EA25F449159C6231
SHA-256:813D380DE6AE20FB52962F7DB1A067FB0BCDA2DE2A2ECE6407EBD9956B5C575D
SHA-512:C03AB07B8DBD4A1EDABD934EB2A91FBB0734C1AB7889C67FA1919262D7B35A861F53F15C9C4A32A514DDB95B43639AC9EC70E9FD09BC101FB84832125633348C
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB800B472888FBC08.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):32768
Entropy (8bit):1.2964183296418808
Encrypted:false
SSDEEP:
MD5:7A627738F61854E0E6DDECA82178B2C7
SHA1:61BA0E6B5E8D846A28CD81DDEFCAEF655CD9C8DF
SHA-256:F2412D52BEDA23F923B65FAE3054BFB706E26B771985C17A7DE7631058D11F8D
SHA-512:5723A4F72F1A41262C85C66057CBE79D783BB32E7AFFB42C894C4F45935DF21659208A25F3D3D49C531251F82254F5B8C7DA72FC17AF87A7D2E64154EFA54805
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFECD601686B528BDF.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.33578196856874776
Encrypted:false
SSDEEP:
MD5:E062D1A015D2F223D5B29AA00AF5C304
SHA1:456522C6326377D4540CCAC38DEEC23F7A9C8FAA
SHA-256:EF9ABAC4C6DE39128A3B7CEBB84754D1627FAEB3C51D6C18A5585DA42B239E02
SHA-512:9DC302075DDC4C80E89CBF79E22B70F8AC33F2ECDD015BBD68D951CD97E19ACEB9A79B81C59C71EE52E8DBDD4F2A4532D1A4203713501A7C1F060399DE962FF7
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFEF28AD398C4C84AA.TMP

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Reputation:unknown
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):7.999436909926464
TrID:
  • ZIP compressed archive (8000/1) 100.00%
File name:EPSONOPOSADKV3.00ER10.zip
File size:26'818'108 bytes
MD5:76afb557129adfa8f9a2b0cbf64d2b3a
SHA1:6189f91d560020b39491d7b923c08de0dbcb78fb
SHA256:3a16fb42a5737bc79ee2b1d99389ff0ca6d2a3a7d54cc9d67162594b812adf77
SHA512:84d1663de801a18b022693119ee6c7ab0b4decc33e313c1c5484bf560dc30112296d6d64779e2bf8024fa0685010550764573591351c43ab3127902670a33e0a
SSDEEP:786432:VgMDByLzIwmoNCK7EX+NyqGQDwMTT8OJWZ9Jg:q6ByLEwm9uNiQbTAOJWZPg
TLSH:914733AF4130C66AE60A7AA17B78635A7CDA30E734BDEA55FF0DD52880E30E355325C1
File Content Preview:PK........a.iQ....yIj.sRj.....Documentation.zip.(,..PK........vm+O................Documentation/PK.........meN.g.......1......Documentation/ADG.pdf.Z.XT....K..E:....n.......V.DZ.)...P@A.%....F...-.|..{.~.3s..9gf..g.|...#.....cZZ........<.g.;<...2..f....Y.

File Icon

Icon Hash:1c1c1e4e4ececedc