Windows Analysis Report
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Overview

General Information

Sample name:	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Analysis ID:	1562191
MD5:	7714a5d364f8660817c487b2cb137381
SHA1:	2c94e7f2f817d36b43cf4c3dcd81af08dbbd3e50
SHA256:	f12cb718550f0f0b61b4564896366c476ae5080e487917195fada42cc9bcb08f
Infos:

Detection

Score:	19
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

PE file has a writeable .text section

Adds / modifies Windows certificates

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004542BF __EH_prolog3_GS,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,CryptSignHashW,CryptSignHashW,CryptSignHashW,GetLastError,GetLastError,WriteFile,WriteFile,WriteFile,	0_2_004542BF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004546DD __EH_prolog3_GS,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,GetLastError,_memmove,GetLastError,CryptVerifySignatureW,	0_2_004546DD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C59 CryptReleaseContext,	0_2_00454C59
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C91 CryptDestroyHash,	0_2_00454C91
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454CAB CryptDestroyKey,	0_2_00454CAB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454DDC CryptExportKey,	0_2_00454DDC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045505F CryptGetHashParam,GetLastError,CryptGetHashParam,	0_2_0045505F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045521D CryptHashData,	0_2_0045521D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,	0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,	0_2_00455333
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045564F CoCreateGuid,StringFromGUID2,_wcsncpy,CryptAcquireContextW,CryptCreateHash,	0_2_0045564F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559DE CryptGetHashParam,GetLastError,	0_2_004559DE
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559E0 CryptGetHashParam,GetLastError,CryptSetHashParam,	0_2_004559E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455A6D CryptAcquireContextW,CryptReleaseContext,CryptDestroyHash,	0_2_00455A6D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455DCC SetFilePointer,CryptSignHashW,GetLastError,CryptSignHashW,WriteFile,WriteFile,WriteFile,SetFilePointer,	0_2_00455DCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455D9E CryptVerifySignatureW,GetLastError,	0_2_00455D9E

Uses 32bit PE files

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr	String found in binary or memory: http://=0x%04x.iniMS
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSignp
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AE9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlF
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlY
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeC
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AED3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-assured-ts.crl
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crls
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crlhttp://crl3.digicert.com/DigiCertAssuredIDRootCA
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4E
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/G
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crlg
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551277958.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548650981.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493676371.0000027A78860000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabJ
Source: rundll32.exe, 00000013.00000002.2540957483.0000022398DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
Source: rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538932612.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/eng
Source: setup.exe, 00000001.00000003.2634859826.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751314240.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, data1.hdr.0.dr	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/data2.cabDisk1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com)
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com.
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT5hgD4pKvs0jFFLEKNQ1CjblLIPQQU9LbhIB3%2BKa7S5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2534979848.000002239AE2D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541682605.000002239AE43000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538364328.000002239AE42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2535338346.000002239AE39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000011.00000003.2494726499.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494012871.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495807434.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495586464.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494288279.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493282494.0000027A7885D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2493560372.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt?
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtb
Source: rundll32.exe, 00000013.00000002.2541580233.000002239ADF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestamp
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtk
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com7
Source: drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com8
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com=
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comB
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comH
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comf
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlV
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-as
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.coml
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.como
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comu
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com~
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coW
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coWVTAsn1SpcMinimalCriteriaInfoEncode-204Dll
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crlB
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crle
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FYHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.syO
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl8
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl;
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlc
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crll
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha25N
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com
Source: rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQd11mpyHEqFCSocj4SCu93CBydHAQUr2PWyqNOh
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com5
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comA
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comD
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl/
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.commg
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488067210.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A788DB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487358513.0000027A78D59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499925774.000002239AED6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499957144.000002239AEDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487272820.0000027A78D5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500424370.000002239AE94000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AE95000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0=
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.installshield.coW
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.ini.1.dr, setup.exe0.0.dr, setup.ini.0.dr, set8558.tmp.1.dr, set84AA.tmp.1.dr	String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D48000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, data1.hdr.0.dr, setup.ini.1.dr, setup.ini.0.dr, set8558.tmp.1.dr, Str89D.tmp.1.dr	String found in binary or memory: http://www.toshibatec.com
Source: setup.exe, 00000001.00000003.2623928553.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2749207382.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628229318.0000000002C54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2754443179.0000000002C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626801460.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com;
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com=%ld
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com_3_M0
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comldZE
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comt...
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d./
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.sym
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487242654.0000027A78D4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Potential key logger detected (key state polling based)

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_004071B9 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,

15_2_004071B9

Drops certificate files (DER)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\SeagullPublisher.cer (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Sea9298.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DCD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\tos92BC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\toshibatec.cat (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD6D.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,		0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,		0_2_00455333

System Summary

PE file has a writeable .text section

Source: ISSetup.dll.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Creates files inside the driver directory

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\Common	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\x64	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\drvinst.exe

File deleted: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA5CE.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C0B0	0_2_0047C0B0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047022B	0_2_0047022B
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004685CF	0_2_004685CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C619	0_2_0047C619
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049CA69	0_2_0049CA69
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00490B40	0_2_00490B40
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00478B63	0_2_00478B63
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047CB89	0_2_0047CB89
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D4E8	0_2_0047D4E8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D8A7	0_2_0047D8A7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004719F6	0_2_004719F6
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00475CA1	0_2_00475CA1
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049DEC4	0_2_0049DEC4
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047E023	0_2_0047E023
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045E9CF	0_2_0045E9CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0044ECB8	0_2_0044ECB8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045EEC3	0_2_0045EEC3
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463190	0_2_00463190
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F2DB	0_2_0045F2DB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463630	0_2_00463630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00493630	0_2_00493630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F710	0_2_0045F710
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045FB45	0_2_0045FB45
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047FD1C	0_2_0047FD1C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F221AD0	3_2_00007FF62F221AD0
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22CC64	3_2_00007FF62F22CC64
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22FCE4	3_2_00007FF62F22FCE4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22F11C	3_2_00007FF62F22F11C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22D308	3_2_00007FF62F22D308
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2342FC	3_2_00007FF62F2342FC
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224230	3_2_00007FF62F224230
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224E10	3_2_00007FF62F224E10
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041E86C	15_2_0041E86C
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D8F0	15_2_0041D8F0
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00408938	15_2_00408938
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D230	15_2_0041D230
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00414AAC	15_2_00414AAC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041030E	15_2_0041030E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FB2E	15_2_0040FB2E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00411BBC	15_2_00411BBC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041CCEE	15_2_0041CCEE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00416C81	15_2_00416C81
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040F65B	15_2_0040F65B
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DE00	15_2_0040DE00
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FF02	15_2_0040FF02
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041072E	15_2_0041072E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041C7AC	15_2_0041C7AC

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00423AD2 appears 41 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8C9 appears 297 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459F9F appears 77 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8FF appears 57 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B896 appears 225 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004633C1 appears 35 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004091B8 appears 102 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00466610 appears 55 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459FCD appears 56 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045A2FE appears 131 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0041AE03 appears 38 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 00410CDC appears 48 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 0040EB5B appears 64 times

PE file contains executable resources (Code or Archives)

Source: Dri91BA.tmp.1.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000003.2049304791.000000000056A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000000.2047517567.0000000000519000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Uses 32bit PE files

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ISSetup.dll.0.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: isr8CC.tmp.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: clean19.evad.winEXE@22/183@0/0

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041F883 _memset,lstrcpyW,lstrcatW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,

0_2_0041F883

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00446187 __EH_prolog3_GS,CreateToolhelp32Snapshot,GetLastError,Process32FirstW,Process32NextW,OpenProcess,

0_2_00446187

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00420149 __EH_prolog3_catch_GS,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

0_2_00420149

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File created: C:\Program Files (x86)\InstallShield Installation Information\

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\06216D8D-027A-4116-B2E6-32328FA688BC

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXE=%s	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXEProcessBegin	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: ISSetupInit	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: >YG	0_2_00475890

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.ini

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe "C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe"
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf" "9" "4b7447563" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "C:\TEC_DRV"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: Driver Wizard.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: PnP Recovery.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: TECDRVIn.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\TECDRVIn.exe

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File written: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\0x0409.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Window found: window name: RICHEDIT

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: I accept the terms of the license agreement
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Install

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static file information: File size 50479449 > 1048576

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .rsrc

PE file contains sections with non-standard names

Source: Por9288.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea970B.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97A9.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97D9.tmp.1.dr	Static PE information: section name: _RDATA
Source: SET9D6D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9D9D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9C91.tmp.15.dr	Static PE information: section name: _RDATA
Source: SETAA4C.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAB0A.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAD2E.tmp.17.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00466655 push ecx; ret	0_2_00466668
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045B864 push ecx; ret	0_2_0045B877
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040EBFA push ecx; ret	15_2_0040EC0D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00410D21 push ecx; ret	15_2_00410D34

Source: isr8CC.tmp.1.dr

Static PE information: section name: .text entropy: 7.983505264778397

Drops PE files

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8717.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8729.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8718.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TECDRVIn.exe (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0041CAE7 __EH_prolog3_GS,GetPrivateProfileIntW,	0_2_0041CAE7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0048A330 GetLastError,SetLastError,_memset,lstrcpyA,_memset,lstrcpyW,lstrlenA,_memset,lstrcpyA,lstrlenA,lstrlenA,_memmove,lstrcmpiA,GetLastError,SetLastError,_memmove,GetPrivateProfileIntA,_memset,lstrcpyA,GetPrivateProfileStringA,GetSysColor,_memset,_memset,GetPrivateProfileSectionNamesA,lstrcpyA,lstrcpyA,lstrlenA,lstrcpyA,GetPrivateProfileStringA,GetSysColor,GetLastError,SysFreeString,SysFreeString,SysFreeString,SetLastError,lstrcpyA,lstrlenA,lstrcmpA,lstrcpyA,GetPrivateProfileStringA,GetProcAddress,	0_2_0048A330
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401419 wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401419

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Modifies existing windows services

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk	Jump to behavior

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_00404C99 IsIconic,GetWindowPlacement,GetWindowRect,

15_2_00404C99

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00463630 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00463630

Stores large binary data to the registry

Source: C:\Windows\System32\drvinst.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\TEC_DRV\TECDRVIn.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API coverage: 6.8 %
Source: C:\TEC_DRV\TECDRVIn.exe	API coverage: 9.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\SrTasks.exe TID: 2292

Thread sleep time: -290000s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041CF22 CreateFileW,CreateFileMappingW,GetSystemInfo,MapViewOfFile,IsBadReadPtr,UnmapViewOfFile,MapViewOfFile,IsBadReadPtr,GetLastError,

0_2_0041CF22

Source: setupapi.dev.log.15.dr	Binary or memory string: set: BIOS Vendor: VMware, Inc.
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Key = vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CopyFiles = vmci.DriverFiles.x64
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ServiceBinary = %12%\vmci.sys
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareProvider = "VMware, Inc."
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64.6.2]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmware_installers_addreg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.windows = "Windows"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Service Name = vmci
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.DriverFiles.x64 = 12; %%SystemRoot%%\System32\drivers
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.HW]
Source: setup.exe, 00000001.00000003.2747977102.000000000299B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2753233177.000000000299E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _IsVirtualMachine
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Product Name: VMware20,1
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareManufacturer = "VMware, Inc."
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: SrTasks.exe, 0000000D.00000003.2385472469.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.Service.x64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.name = "vwdk.installers"
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachinee
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareManufacturer%=VMware,NTamd64.6.2
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.DriverFiles.x64]
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630992434.000000000069A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddService = vmci, 2, vmci.Service.x64, common.EventLog ; SPSVCINST_ASSOCSERVICE
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006AB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2752170252.00000000006AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PInstallShield Installation Information><IFX_PRODUCT_NAME>Hgfs
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMwarePathInfo]
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Manufacturer: VMware, Inc.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00010002, %vmci.installers.value.windows%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys,,,2; COPYFLG_NOSKIP
Source: setupapi.dev.log.15.dr	Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Add Service: vmci}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.reg]
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Created new service 'vmci'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmci.reg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00000010, %vmci.installers.value.windows%
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.15.dr	Binary or memory string: set: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F -> Configured [oem2.inf:PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD,vmci.install.x64.NT] and started (ConfigFlags = 0x00000000).
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 -> Configured [disk.inf:GenDisk,disk_install.NT] and started (ConfigFlags = 0x00000000).
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: DisplayName = %loc.vmciServiceDisplayName%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; Copyright (c) 1999-2016,2019,2021 VMware, Inc. All rights reserved.
Source: setupapi.dev.log.15.dr	Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 -> Configured [cdrom.inf:GenCdRom,cdrom_install] and started (ConfigFlags = 0x00000000).
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareHostDeviceDesc% = vmci.install.x64, ROOT\VMWVMCIHOSTDEV
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys=1
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CatalogFile = vmci.cat
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.Disk1 = "VMware VMCI Device Disk"
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR, , EventMessageFile, 0x00020000, "%%SystemRoot%%\System32\drivers\vmci.sys"
Source: SrTasks.exe, 0000000D.00000003.2521534519.0000016E56ED2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT]
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachine2
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _GetVirtualMachineType
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:E
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.Services]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.vmciServiceDisplayName = "VMware VMCI Bus Driver"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareBusDeviceDesc% = vmci.install.x64, PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD, PCI\VEN_15AD&DEV_0740
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmware_installers_addreg]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareHostDeviceDesc = "VMware VMCI Host Device"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareBusDeviceDesc = "VMware VMCI Bus Device"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D://
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Provider = %VMwareProvider%

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	API call chain: ExitProcess graph end node
Source: C:\TEC_DRV\TECDRVIn.exe	API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00464F6E _memset,IsDebuggerPresent,

0_2_00464F6E

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0047A0BB EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_0047A0BB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430226 GetFileSize,GetProcessHeap,HeapAlloc,ReadFile,_strlen,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,ReadFile,GetProcessHeap,HeapFree,

0_2_00430226

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638C7 SetUnhandledExceptionFilter,	0_2_004638C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_004638EA
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22DCD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF62F22DCD4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2307D8 SetUnhandledExceptionFilter,	3_2_00007FF62F2307D8
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041814D _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0041814D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00418160 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00418160
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00415937 SetUnhandledExceptionFilter,	15_2_00415937
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00412442 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00412442
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DDEE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_0040DDEE

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004448BB __EH_prolog3_GS,AllocateAndInitializeSid,AllocateAndInitializeSid,AllocateAndInitializeSid,AllocateAndInitializeSid,_memset,SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetTempPathW,

0_2_004448BB

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00450887 GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,

0_2_00450887

Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN_
Source: setup.exe, 00000001.00000003.2051923955.0000000002590000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES,
Source: ISSetup.dll.0.dr	Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN
Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANes
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751488389.000000000067D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANp

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0046391A cpuid

0_2_0046391A

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,GetLocaleInfoW,	0_2_0046E1E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,	0_2_0046A3CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046E450
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_0047A437
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E4AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E529
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,	0_2_0046E5AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,	0_2_004125AD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046E79F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0046E8C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	0_2_0046E974
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	0_2_0046EA48
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046EF47
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046EFCD
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetLocaleInfoA,	15_2_0041BA59
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: _strcpy_s,GetLocaleInfoA,__snprintf_s,LoadLibraryA,	15_2_004022EE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	15_2_0041EC52

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0043B52C __EH_prolog3_GS,GetCurrentProcessId,_memset,GetLocalTime,GetModuleFileNameW,

0_2_0043B52C

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430174 GetVersionExW,

0_2_00430174

Source: C:\Windows\System32\drvinst.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004542BF __EH_prolog3_GS,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,CryptSignHashW,CryptSignHashW,CryptSignHashW,GetLastError,GetLastError,WriteFile,WriteFile,WriteFile,	0_2_004542BF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004546DD __EH_prolog3_GS,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,GetLastError,_memmove,GetLastError,CryptVerifySignatureW,	0_2_004546DD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C59 CryptReleaseContext,	0_2_00454C59
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C91 CryptDestroyHash,	0_2_00454C91
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454CAB CryptDestroyKey,	0_2_00454CAB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454DDC CryptExportKey,	0_2_00454DDC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045505F CryptGetHashParam,GetLastError,CryptGetHashParam,	0_2_0045505F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045521D CryptHashData,	0_2_0045521D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,	0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,	0_2_00455333
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045564F CoCreateGuid,StringFromGUID2,_wcsncpy,CryptAcquireContextW,CryptCreateHash,	0_2_0045564F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559DE CryptGetHashParam,GetLastError,	0_2_004559DE
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559E0 CryptGetHashParam,GetLastError,CryptSetHashParam,	0_2_004559E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455A6D CryptAcquireContextW,CryptReleaseContext,CryptDestroyHash,	0_2_00455A6D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455DCC SetFilePointer,CryptSignHashW,GetLastError,CryptSignHashW,WriteFile,WriteFile,WriteFile,SetFilePointer,	0_2_00455DCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455D9E CryptVerifySignatureW,GetLastError,	0_2_00455D9E

Uses 32bit PE files

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr	String found in binary or memory: http://=0x%04x.iniMS
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSignp
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AE9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlF
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlY
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeC
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AED3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-assured-ts.crl
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crls
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crlhttp://crl3.digicert.com/DigiCertAssuredIDRootCA
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4E
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/G
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crlg
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551277958.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548650981.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493676371.0000027A78860000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabJ
Source: rundll32.exe, 00000013.00000002.2540957483.0000022398DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
Source: rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538932612.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/eng
Source: setup.exe, 00000001.00000003.2634859826.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751314240.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, data1.hdr.0.dr	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/data2.cabDisk1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com)
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com.
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT5hgD4pKvs0jFFLEKNQ1CjblLIPQQU9LbhIB3%2BKa7S5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2534979848.000002239AE2D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541682605.000002239AE43000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538364328.000002239AE42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2535338346.000002239AE39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000011.00000003.2494726499.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494012871.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495807434.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495586464.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494288279.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493282494.0000027A7885D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2493560372.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt?
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtb
Source: rundll32.exe, 00000013.00000002.2541580233.000002239ADF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestamp
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtk
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com7
Source: drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com8
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com=
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comB
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comH
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comf
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlV
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-as
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.coml
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.como
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comu
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com~
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coW
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coWVTAsn1SpcMinimalCriteriaInfoEncode-204Dll
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crlB
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crle
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FYHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.syO
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl8
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl;
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlc
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crll
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha25N
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com
Source: rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQd11mpyHEqFCSocj4SCu93CBydHAQUr2PWyqNOh
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com5
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comA
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comD
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl/
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.commg
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488067210.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A788DB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487358513.0000027A78D59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499925774.000002239AED6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499957144.000002239AEDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487272820.0000027A78D5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500424370.000002239AE94000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AE95000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0=
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.installshield.coW
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.ini.1.dr, setup.exe0.0.dr, setup.ini.0.dr, set8558.tmp.1.dr, set84AA.tmp.1.dr	String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D48000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, data1.hdr.0.dr, setup.ini.1.dr, setup.ini.0.dr, set8558.tmp.1.dr, Str89D.tmp.1.dr	String found in binary or memory: http://www.toshibatec.com
Source: setup.exe, 00000001.00000003.2623928553.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2749207382.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628229318.0000000002C54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2754443179.0000000002C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626801460.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com;
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com=%ld
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com_3_M0
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comldZE
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comt...
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d./
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.sym
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487242654.0000027A78D4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Potential key logger detected (key state polling based)

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_004071B9 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,

15_2_004071B9

Drops certificate files (DER)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\SeagullPublisher.cer (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Sea9298.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DCD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\tos92BC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\toshibatec.cat (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD6D.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,		0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,		0_2_00455333

System Summary

PE file has a writeable .text section

Source: ISSetup.dll.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Creates files inside the driver directory

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\Common	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\x64	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\drvinst.exe

File deleted: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA5CE.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C0B0	0_2_0047C0B0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047022B	0_2_0047022B
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004685CF	0_2_004685CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C619	0_2_0047C619
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049CA69	0_2_0049CA69
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00490B40	0_2_00490B40
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00478B63	0_2_00478B63
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047CB89	0_2_0047CB89
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D4E8	0_2_0047D4E8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D8A7	0_2_0047D8A7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004719F6	0_2_004719F6
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00475CA1	0_2_00475CA1
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049DEC4	0_2_0049DEC4
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047E023	0_2_0047E023
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045E9CF	0_2_0045E9CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0044ECB8	0_2_0044ECB8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045EEC3	0_2_0045EEC3
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463190	0_2_00463190
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F2DB	0_2_0045F2DB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463630	0_2_00463630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00493630	0_2_00493630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F710	0_2_0045F710
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045FB45	0_2_0045FB45
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047FD1C	0_2_0047FD1C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F221AD0	3_2_00007FF62F221AD0
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22CC64	3_2_00007FF62F22CC64
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22FCE4	3_2_00007FF62F22FCE4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22F11C	3_2_00007FF62F22F11C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22D308	3_2_00007FF62F22D308
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2342FC	3_2_00007FF62F2342FC
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224230	3_2_00007FF62F224230
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224E10	3_2_00007FF62F224E10
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041E86C	15_2_0041E86C
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D8F0	15_2_0041D8F0
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00408938	15_2_00408938
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D230	15_2_0041D230
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00414AAC	15_2_00414AAC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041030E	15_2_0041030E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FB2E	15_2_0040FB2E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00411BBC	15_2_00411BBC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041CCEE	15_2_0041CCEE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00416C81	15_2_00416C81
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040F65B	15_2_0040F65B
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DE00	15_2_0040DE00
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FF02	15_2_0040FF02
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041072E	15_2_0041072E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041C7AC	15_2_0041C7AC

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00423AD2 appears 41 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8C9 appears 297 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459F9F appears 77 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8FF appears 57 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B896 appears 225 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004633C1 appears 35 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004091B8 appears 102 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00466610 appears 55 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459FCD appears 56 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045A2FE appears 131 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0041AE03 appears 38 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 00410CDC appears 48 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 0040EB5B appears 64 times

PE file contains executable resources (Code or Archives)

Source: Dri91BA.tmp.1.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000003.2049304791.000000000056A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000000.2047517567.0000000000519000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Uses 32bit PE files

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ISSetup.dll.0.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: isr8CC.tmp.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: clean19.evad.winEXE@22/183@0/0

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041F883 _memset,lstrcpyW,lstrcatW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,

0_2_0041F883

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00446187 __EH_prolog3_GS,CreateToolhelp32Snapshot,GetLastError,Process32FirstW,Process32NextW,OpenProcess,

0_2_00446187

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00420149 __EH_prolog3_catch_GS,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

0_2_00420149

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File created: C:\Program Files (x86)\InstallShield Installation Information\

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\06216D8D-027A-4116-B2E6-32328FA688BC

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXE=%s	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXEProcessBegin	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: ISSetupInit	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: >YG	0_2_00475890

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.ini

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe "C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe"
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf" "9" "4b7447563" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "C:\TEC_DRV"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: Driver Wizard.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: PnP Recovery.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: TECDRVIn.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\TECDRVIn.exe

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File written: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\0x0409.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Window found: window name: RICHEDIT

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: I accept the terms of the license agreement
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Install

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static file information: File size 50479449 > 1048576

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .rsrc

PE file contains sections with non-standard names

Source: Por9288.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea970B.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97A9.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97D9.tmp.1.dr	Static PE information: section name: _RDATA
Source: SET9D6D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9D9D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9C91.tmp.15.dr	Static PE information: section name: _RDATA
Source: SETAA4C.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAB0A.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAD2E.tmp.17.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00466655 push ecx; ret	0_2_00466668
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045B864 push ecx; ret	0_2_0045B877
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040EBFA push ecx; ret	15_2_0040EC0D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00410D21 push ecx; ret	15_2_00410D34

Source: isr8CC.tmp.1.dr

Static PE information: section name: .text entropy: 7.983505264778397

Drops PE files

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8717.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8729.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8718.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TECDRVIn.exe (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0041CAE7 __EH_prolog3_GS,GetPrivateProfileIntW,	0_2_0041CAE7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0048A330 GetLastError,SetLastError,_memset,lstrcpyA,_memset,lstrcpyW,lstrlenA,_memset,lstrcpyA,lstrlenA,lstrlenA,_memmove,lstrcmpiA,GetLastError,SetLastError,_memmove,GetPrivateProfileIntA,_memset,lstrcpyA,GetPrivateProfileStringA,GetSysColor,_memset,_memset,GetPrivateProfileSectionNamesA,lstrcpyA,lstrcpyA,lstrlenA,lstrcpyA,GetPrivateProfileStringA,GetSysColor,GetLastError,SysFreeString,SysFreeString,SysFreeString,SetLastError,lstrcpyA,lstrlenA,lstrcmpA,lstrcpyA,GetPrivateProfileStringA,GetProcAddress,	0_2_0048A330
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401419 wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401419

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Modifies existing windows services

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk	Jump to behavior

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_00404C99 IsIconic,GetWindowPlacement,GetWindowRect,

15_2_00404C99

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

0_2_00463630

Stores large binary data to the registry

Source: C:\Windows\System32\drvinst.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\TEC_DRV\TECDRVIn.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API coverage: 6.8 %
Source: C:\TEC_DRV\TECDRVIn.exe	API coverage: 9.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\SrTasks.exe TID: 2292

Thread sleep time: -290000s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041CF22 CreateFileW,CreateFileMappingW,GetSystemInfo,MapViewOfFile,IsBadReadPtr,UnmapViewOfFile,MapViewOfFile,IsBadReadPtr,GetLastError,

0_2_0041CF22

Source: setupapi.dev.log.15.dr	Binary or memory string: set: BIOS Vendor: VMware, Inc.
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Key = vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CopyFiles = vmci.DriverFiles.x64
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ServiceBinary = %12%\vmci.sys
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareProvider = "VMware, Inc."
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64.6.2]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmware_installers_addreg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.windows = "Windows"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Service Name = vmci
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.DriverFiles.x64 = 12; %%SystemRoot%%\System32\drivers
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.HW]
Source: setup.exe, 00000001.00000003.2747977102.000000000299B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2753233177.000000000299E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _IsVirtualMachine
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Product Name: VMware20,1
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareManufacturer = "VMware, Inc."
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: SrTasks.exe, 0000000D.00000003.2385472469.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.Service.x64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.name = "vwdk.installers"
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachinee
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareManufacturer%=VMware,NTamd64.6.2
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.DriverFiles.x64]
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630992434.000000000069A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddService = vmci, 2, vmci.Service.x64, common.EventLog ; SPSVCINST_ASSOCSERVICE
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006AB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2752170252.00000000006AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PInstallShield Installation Information><IFX_PRODUCT_NAME>Hgfs
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMwarePathInfo]
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Manufacturer: VMware, Inc.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00010002, %vmci.installers.value.windows%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys,,,2; COPYFLG_NOSKIP
Source: setupapi.dev.log.15.dr	Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Add Service: vmci}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.reg]
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Created new service 'vmci'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmci.reg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00000010, %vmci.installers.value.windows%
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.15.dr	Binary or memory string: set: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F -> Configured [oem2.inf:PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD,vmci.install.x64.NT] and started (ConfigFlags = 0x00000000).
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 -> Configured [disk.inf:GenDisk,disk_install.NT] and started (ConfigFlags = 0x00000000).
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: DisplayName = %loc.vmciServiceDisplayName%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; Copyright (c) 1999-2016,2019,2021 VMware, Inc. All rights reserved.
Source: setupapi.dev.log.15.dr	Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 -> Configured [cdrom.inf:GenCdRom,cdrom_install] and started (ConfigFlags = 0x00000000).
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareHostDeviceDesc% = vmci.install.x64, ROOT\VMWVMCIHOSTDEV
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys=1
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CatalogFile = vmci.cat
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.Disk1 = "VMware VMCI Device Disk"
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR, , EventMessageFile, 0x00020000, "%%SystemRoot%%\System32\drivers\vmci.sys"
Source: SrTasks.exe, 0000000D.00000003.2521534519.0000016E56ED2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT]
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachine2
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _GetVirtualMachineType
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:E
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.Services]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.vmciServiceDisplayName = "VMware VMCI Bus Driver"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareBusDeviceDesc% = vmci.install.x64, PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD, PCI\VEN_15AD&DEV_0740
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmware_installers_addreg]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareHostDeviceDesc = "VMware VMCI Host Device"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareBusDeviceDesc = "VMware VMCI Bus Device"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D://
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Provider = %VMwareProvider%

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	API call chain: ExitProcess graph end node
Source: C:\TEC_DRV\TECDRVIn.exe	API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00464F6E _memset,IsDebuggerPresent,

0_2_00464F6E

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

0_2_0047A0BB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430226 GetFileSize,GetProcessHeap,HeapAlloc,ReadFile,_strlen,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,ReadFile,GetProcessHeap,HeapFree,

0_2_00430226

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638C7 SetUnhandledExceptionFilter,	0_2_004638C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_004638EA
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22DCD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF62F22DCD4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2307D8 SetUnhandledExceptionFilter,	3_2_00007FF62F2307D8
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041814D _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0041814D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00418160 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00418160
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00415937 SetUnhandledExceptionFilter,	15_2_00415937
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00412442 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00412442
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DDEE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_0040DDEE

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

0_2_004448BB

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

0_2_00450887

Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN_
Source: setup.exe, 00000001.00000003.2051923955.0000000002590000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES,
Source: ISSetup.dll.0.dr	Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN
Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANes
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751488389.000000000067D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANp

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0046391A cpuid

0_2_0046391A

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,GetLocaleInfoW,	0_2_0046E1E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,	0_2_0046A3CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046E450
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_0047A437
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E4AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E529
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,	0_2_0046E5AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,	0_2_004125AD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046E79F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0046E8C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	0_2_0046E974
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	0_2_0046EA48
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046EF47
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046EFCD
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetLocaleInfoA,	15_2_0041BA59
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: _strcpy_s,GetLocaleInfoA,__snprintf_s,LoadLibraryA,	15_2_004022EE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	15_2_0041EC52

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0043B52C __EH_prolog3_GS,GetCurrentProcessId,_memset,GetLocalTime,GetModuleFileNameW,

0_2_0043B52C

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430174 GetVersionExW,

0_2_00430174

Source: C:\Windows\System32\drvinst.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

ID:	1562191
Product:	CloudBasic
Start time:	10:25:26
Start date:	25.11.2024
Sample:	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7714a5d364f8660817c487b2cb137381
SHA1:	2c94e7f2f817d36b43cf4c3dcd81af08dbbd3e50
SHA256:	f12cb718550f0f0b61b4564896366c476ae5080e487917195fada42cc9bcb08f
Filetype:	Win32 Executable (generic) a (10002005/4) 95.94%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x0409.ini (copy)	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators	8586214463BD73E1C2716113E5BD3E13	F02E3A76FD177964A846D4AA0A23F738178DB2BE	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x08548.tmp	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators	8586214463BD73E1C2716113E5BD3E13	F02E3A76FD177964A846D4AA0A23F738178DB2BE	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	40FEFC3D907D44A9ADC84475AB073A6E	4CBEA84B4784ACB795E3891B5ED60B25809DB762	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	40FEFC3D907D44A9ADC84475AB073A6E	4CBEA84B4784ACB795E3891B5ED60B25809DB762	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat8459.tmp	InstallShield CAB	86CCA99B2DC07DAB3FE3042137D4E916	700B822ADCE467535FA386450D9697C9F824F15C	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat846A.tmp	InstallShield CAB	1D930AFA1372F6A1862DB4C516329EDF	B164D4583F03DFD1A643271149266982F3EC321E	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.cab (copy)	InstallShield CAB	1D930AFA1372F6A1862DB4C516329EDF	B164D4583F03DFD1A643271149266982F3EC321E	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.hdr (copy)	InstallShield CAB	86CCA99B2DC07DAB3FE3042137D4E916	700B822ADCE467535FA386450D9697C9F824F15C	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\lay8458.tmp	data	092F4FB630B5CE79DF6C2CD9571E8B22	7FF9766F04A025745AF675F0ABAA52A4C0144823	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\layout.bin (copy)	data	092F4FB630B5CE79DF6C2CD9571E8B22	7FF9766F04A025745AF675F0ABAA52A4C0144823	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	97F32563F6B0D290E09DB98FBFC10AAE	AD0DCCFC34E240D526149A87F732978ECCFB833E	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set8558.tmp	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3E08FD47356199164BFCA62C0F4E1CC8	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	97F32563F6B0D290E09DB98FBFC10AAE	AD0DCCFC34E240D526149A87F732978ECCFB833E	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ilg (copy)	Composite Document File V2 Document, Cannot read section info	8D79A0F3E8BEB1F8184CE64D05E895AA	02C630CB94889D4164EC7B744C6FBBD6A270F16F	894D6E0F70806D8B26015CAD8C8303DB932FED06DD1E7A1E866397CCAB28DD2D
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	947524E6D0FD8D2E65AE0E8375D68F92	46AB22A0FAD56B7DD84DC376284A4325EBFAB7FC	49CFEC2F63DF5FBD9771F38BD7A906B2778B59EA65DA520099BBA86E4F29119E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	F7E2C8757802A75EE3EE125D90AC5236	F78E0F752CB58B13D88F83ACAAA64FA3EC7D445D	13CFB502DAA712A85DE31FA4DD0732B0C5B52B70F4B3779FC761F134FBEDBC2E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Archive, ctime=Mon Nov 25 08:26:54 2024, mtime=Mon Nov 25 08:26:54 2024, atime=Tue Dec 14 18:58:52 2021, length=3103448, window=hide	74C31E164EC07D09CEFF662680E86CBC	A8DE6D924FE42163CB82D10032C0957CFEB0FE7B	A095E9FF523284534CCB2B90077EC08C03BA61919D1CE168721209446868B90F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Normal, ctime=Mon Nov 25 08:26:51 2024, mtime=Mon Nov 25 08:26:54 2024, atime=Wed Oct 6 15:45:44 2010, length=192512, window=hide	387A766E5102488F2D84AC40E869C44C	4BDB5E53848AE27245BAF3A25D5E46E112894756	F701DF5A802D9882F087090DC94AD696D58AAD3B6B236F2AB95BA233345D0E77
C:\TEC_DRV\Common\Def8579.tmp	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\TEC_DRV\Common\Defaults[TT]_2021.3.0.0.sds (copy)	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\TEC_DRV\Common\t2s8599.tmp	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\TEC_DRV\Common\t2s85AA.tmp	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\TEC_DRV\Common\t2sTT_2021.3.0.0.ini (copy)	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\TEC_DRV\Common\t2sTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\TEC_DRV\Common\tec85CA.tmp	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\TEC_DRV\Common\tec85CB.tmp	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\TEC_DRV\Common\tecTT_2021.3.0.0.ini (copy)	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\TEC_DRV\Common\tecTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\TEC_DRV\Common\tt#85DB.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\TEC_DRV\Common\tt#8698.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\TEC_DRV\Common\tt#86A9.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\TEC_DRV\Common\tt#base_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\TEC_DRV\Common\tt#t2s_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\TEC_DRV\Common\tt#tec_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\TEC_DRV\Dri8749.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	56C2992414A067AAD5D5F1101DA6B39A	8B8C40F2DFF10822089767EBDB41E7333F3EF8DC	7DC1E385D5AC480BDA37BCFF0A1FF480EAB5D5F2248957E5B10438D4537D3286
C:\TEC_DRV\Dri91BA.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	72F18029B6AC00294BEFE777570E0243	AE6768EF4FD139A1BB31530C348662785465F3BB	9A31DAF79FF6F6C004529D9055D4858C214D2530738D4DB1AEDC154B83B00E8A
C:\TEC_DRV\Dri9276.tmp	ASCII text, with CRLF line terminators	7E0131F56CD5C6A408FDCF38A80CAB97	4E11DCBDF94CB14ED61E9FAE01EA2BCDC91D64BF	3CCD19B2AAEB9EFCE250073BA5DCC31E3159F41D2D38041602A9C6F06DE6E01A
C:\TEC_DRV\DriverWizard.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	56C2992414A067AAD5D5F1101DA6B39A	8B8C40F2DFF10822089767EBDB41E7333F3EF8DC	7DC1E385D5AC480BDA37BCFF0A1FF480EAB5D5F2248957E5B10438D4537D3286
C:\TEC_DRV\DriverWizard.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	72F18029B6AC00294BEFE777570E0243	AE6768EF4FD139A1BB31530C348662785465F3BB	9A31DAF79FF6F6C004529D9055D4858C214D2530738D4DB1AEDC154B83B00E8A
C:\TEC_DRV\DriverWizard.ini (copy)	ASCII text, with CRLF line terminators	7E0131F56CD5C6A408FDCF38A80CAB97	4E11DCBDF94CB14ED61E9FAE01EA2BCDC91D64BF	3CCD19B2AAEB9EFCE250073BA5DCC31E3159F41D2D38041602A9C6F06DE6E01A
C:\TEC_DRV\Ins9277.tmp	HTML document, ASCII text, with CRLF line terminators	3295ED4E182D0A9AD7D8C550DA8AF92F	C849C2CF0C21D9043E3E2F93FAAF66A0C44F7EC8	AD1004EE23C5C77A7E615F663F3F524EF4E97FDE72C2BF877F341158D7F42F6A
C:\TEC_DRV\Installation_Instructions.html (copy)	HTML document, ASCII text, with CRLF line terminators	3295ED4E182D0A9AD7D8C550DA8AF92F	C849C2CF0C21D9043E3E2F93FAAF66A0C44F7EC8	AD1004EE23C5C77A7E615F663F3F524EF4E97FDE72C2BF877F341158D7F42F6A
C:\TEC_DRV\Por9288.tmp	PE32+ executable (console) x86-64, for MS Windows	96B8E20B31B39182FB5876DC1784AA9B	25388F1A57313E398D948DBEE1BC0CFC0C9E15E2	9B574DC4A371FB5F51FDE08DDBACA855ECC9882673DB8D089457CB0B7F35C079
C:\TEC_DRV\PortHelperWow64.exe (copy)	PE32+ executable (console) x86-64, for MS Windows	96B8E20B31B39182FB5876DC1784AA9B	25388F1A57313E398D948DBEE1BC0CFC0C9E15E2	9B574DC4A371FB5F51FDE08DDBACA855ECC9882673DB8D089457CB0B7F35C079
C:\TEC_DRV\Sea9298.tmp	Certificate, Version=3	FC56104DE32A1C6ECD3CE1CBA7024152	0ECA937423F01F974CA582BCFC417550BE20B95E	AF2B976EF0BAFFEA42886240CE807F97AC1C3BB5A27B132B24363A021576BABB
C:\TEC_DRV\SeagullPublisher.cer (copy)	Certificate, Version=3	FC56104DE32A1C6ECD3CE1CBA7024152	0ECA937423F01F974CA582BCFC417550BE20B95E	AF2B976EF0BAFFEA42886240CE807F97AC1C3BB5A27B132B24363A021576BABB
C:\TEC_DRV\TEC8717.tmp (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A2D3A064D147ABD9A7234974824FFE91	7272971F8E5211A72F2842F0A9173B4069A16127	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
C:\TEC_DRV\TEC8718.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A2D3A064D147ABD9A7234974824FFE91	7272971F8E5211A72F2842F0A9173B4069A16127	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
C:\TEC_DRV\TEC8729.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	A2D3A064D147ABD9A7234974824FFE91	7272971F8E5211A72F2842F0A9173B4069A16127	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
C:\TEC_DRV\TECDRVIn.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	A2D3A064D147ABD9A7234974824FFE91	7272971F8E5211A72F2842F0A9173B4069A16127	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
C:\TEC_DRV\TOS92AA.tmp	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\TEC_DRV\TOSHIBATEC.inf (copy)	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\TEC_DRV\Win32\Sea93E9.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	BD9F1E06CCD3C288755B7F7023539E3C	F3E315577109F20C9F3F16F4C5BC5675A6A52412	BC5F3BD109E7EBEBD263DA55D0E726587D0A6583BE1D283A43B960E1CFB8D30E
C:\TEC_DRV\Win32\Sea9418.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	33FF361BE4E3B8DCA92F26533FF9A841	51F56219DCFFB04954361058A2C161E24DCD535D	0DEF002E4B8F5EBB7BF919708CBEE1A8C34CFE9457FD39D705A45CD03F70CD12
C:\TEC_DRV\Win32\Sea9439.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C29E9C33F6A07D6349E255311087D4AC	2CA38280E26F89F56AC0B4896037B7BC17A4D2F3	BCEB10130FF61A4B7B1620856C85DD95B0329E67D7A89A4FDD4696D95892123C
C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	BD9F1E06CCD3C288755B7F7023539E3C	F3E315577109F20C9F3F16F4C5BC5675A6A52412	BC5F3BD109E7EBEBD263DA55D0E726587D0A6583BE1D283A43B960E1CFB8D30E
C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	33FF361BE4E3B8DCA92F26533FF9A841	51F56219DCFFB04954361058A2C161E24DCD535D	0DEF002E4B8F5EBB7BF919708CBEE1A8C34CFE9457FD39D705A45CD03F70CD12
C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C29E9C33F6A07D6349E255311087D4AC	2CA38280E26F89F56AC0B4896037B7BC17A4D2F3	BCEB10130FF61A4B7B1620856C85DD95B0329E67D7A89A4FDD4696D95892123C
C:\TEC_DRV\Win32\tt#92CC.tmp	Microsoft Cabinet archive data, many, 5511341 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 387 datablocks, 0x1 compression	C4AA8151D769CEEF3B3C5545B87E1E4C	BA4DA227B5033E5E77166115AD6D682182EBDF9F	6CEB6FFDAC191977A6303ACA1D3D06E64EADAB86F35EE16301F3800D5F2465C6
C:\TEC_DRV\Win32\tt#9389.tmp	Microsoft Cabinet archive data, many, 54849 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 4 datablocks, 0x1 compression	B9185349EA9A3EC412E073BC71B9ECE7	6887FB50CAC95A64AECA650E23894BBE1BF83639	E221801BF8702AEE5A369CD82C1578FAEDE4B89AE63F1BFFEBC14177E779D8E2
C:\TEC_DRV\Win32\tt#93C8.tmp	Microsoft Cabinet archive data, many, 169505 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	3A327AEDA1E73774C9036C38290791EE	4CFDF2A5B5A7CC35485DC2D0D844BE151567DC45	81BA1A75E49D1180F03FEA3630FC3295EB9CD835A5ADF44F2C00289444E5D38E
C:\TEC_DRV\Win32\tt#base_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 5511341 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 387 datablocks, 0x1 compression	C4AA8151D769CEEF3B3C5545B87E1E4C	BA4DA227B5033E5E77166115AD6D682182EBDF9F	6CEB6FFDAC191977A6303ACA1D3D06E64EADAB86F35EE16301F3800D5F2465C6
C:\TEC_DRV\Win32\tt#t2s_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 54849 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 4 datablocks, 0x1 compression	B9185349EA9A3EC412E073BC71B9ECE7	6887FB50CAC95A64AECA650E23894BBE1BF83639	E221801BF8702AEE5A369CD82C1578FAEDE4B89AE63F1BFFEBC14177E779D8E2
C:\TEC_DRV\Win32\tt#tec_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 169505 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	3A327AEDA1E73774C9036C38290791EE	4CFDF2A5B5A7CC35485DC2D0D844BE151567DC45	81BA1A75E49D1180F03FEA3630FC3295EB9CD835A5ADF44F2C00289444E5D38E
C:\TEC_DRV\lic92AB.tmp	Rich Text Format data, version 1, ANSI, code page 1252	D79ED09013D9B1B95282A47FE0FE118F	AFEC8C4B7125FAD1F5DEE4A13509E55AC6FFA153	ABE35F1AADE97C74640EBC7D9829061F70A6627945E69C679CD9384B0A4F921C
C:\TEC_DRV\licTTenu.rtf (copy)	Rich Text Format data, version 1, ANSI, code page 1252	D79ED09013D9B1B95282A47FE0FE118F	AFEC8C4B7125FAD1F5DEE4A13509E55AC6FFA153	ABE35F1AADE97C74640EBC7D9829061F70A6627945E69C679CD9384B0A4F921C
C:\TEC_DRV\tos92BC.tmp	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\TEC_DRV\toshibatec.cat (copy)	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\TEC_DRV\x64\Sea970B.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\TEC_DRV\x64\Sea97A9.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\TEC_DRV\x64\Sea97D9.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\TEC_DRV\x64\tt#9469.tmp	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\TEC_DRV\x64\tt#95B2.tmp	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\TEC_DRV\x64\tt#95F1.tmp	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\TEC_DRV\x64\tt#base_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\TEC_DRV\x64\tt#t2s_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\TEC_DRV\x64\tt#tec_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\Users\user\AppData\Local\Temp\7F7.tmp	Composite Document File V2 Document, Cannot read section info	8D79A0F3E8BEB1F8184CE64D05E895AA	02C630CB94889D4164EC7B744C6FBBD6A270F16F	894D6E0F70806D8B26015CAD8C8303DB932FED06DD1E7A1E866397CCAB28DD2D
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\Defaults[TT]_2021.3.0.0.sds (copy)	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9AB2.tmp	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9AF1.tmp	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B02.tmp	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B22.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B33.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B53.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9BD1.tmp	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9BE2.tmp	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\t2sTT_2021.3.0.0.ini (copy)	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\t2sTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tecTT_2021.3.0.0.ini (copy)	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tecTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#base_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#t2s_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#tec_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DCD.tmp	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DED.tmp	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.cat (copy)	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf (copy)	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C31.tmp	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C70.tmp	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9CB1.tmp	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#base_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#t2s_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#tec_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp	PE32+ executable (GUI) x86-64, for MS Windows	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA	49199A62DE0EDA485B5287BAD469F92AD8EBD407	4104FDE5404BFB3C5347B8ECDAEC89A2E746B1162DC75186BC79738805818C0A
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)	PE32+ executable (GUI) x86-64, for MS Windows	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA	49199A62DE0EDA485B5287BAD469F92AD8EBD407	4104FDE5404BFB3C5347B8ECDAEC89A2E746B1162DC75186BC79738805818C0A
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\cor84A.tmp	ASCII text, with CRLF line terminators	09D38CECA6A012F4CE5B54F03DB9B21A	01FCB72F22205E406FF9A48C5B98D7B7457D7D98	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\corecomp.ini (copy)	ASCII text, with CRLF line terminators	09D38CECA6A012F4CE5B54F03DB9B21A	01FCB72F22205E406FF9A48C5B98D7B7457D7D98	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	A6CBAC7CEF4B03FCB1A9D65A5337B46C	DEC659C2ADEEA0B8E6C40DB8290F5855D652D7F4	46AD0972344B2C71B560DAEB90075FDC5BD80F5D3AF33F1FD8B4C2D3A09FF978
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86C.tmp	ASCII text, with CRLF line terminators	DB722945AB9C024CE55E469644393824	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	A6CBAC7CEF4B03FCB1A9D65A5337B46C	DEC659C2ADEEA0B8E6C40DB8290F5855D652D7F4	46AD0972344B2C71B560DAEB90075FDC5BD80F5D3AF33F1FD8B4C2D3A09FF978
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe.config (copy)	ASCII text, with CRLF line terminators	DB722945AB9C024CE55E469644393824	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\DIF849.tmp	ASCII text, with CRLF line terminators	1EB6253DEE328C2063CA12CF657BE560	46E01BCBB287873CF59C57B616189505D2BB1607	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\DIFxData.ini (copy)	ASCII text, with CRLF line terminators	1EB6253DEE328C2063CA12CF657BE560	46E01BCBB287873CF59C57B616189505D2BB1607	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Fon839.tmp	ASCII text, with CRLF line terminators	D1BDA1CBB8E18BC2977C5C29BAC13891	418093A89C55C38E6014E7A4B1300C40314DE04F	4586A347528185485758D2EA2D49E9893D6DC3DF26AFD70A611E1EEB31E303FC
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\FontData.ini (copy)	ASCII text, with CRLF line terminators	D1BDA1CBB8E18BC2977C5C29BAC13891	418093A89C55C38E6014E7A4B1300C40314DE04F	4586A347528185485758D2EA2D49E9893D6DC3DF26AFD70A611E1EEB31E303FC
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Lic838.tmp	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	E0B897E5971285262887688167924298	DBBF1E0EE9323F77B8B8B92ED0D71FFB28F18F2B	0D37B537E1BB3BA4F3848262C10F2ECE651B07169B1317090D758E34F6680131
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\License.rtf (copy)	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	E0B897E5971285262887688167924298	DBBF1E0EE9323F77B8B8B92ED0D71FFB28F18F2B	0D37B537E1BB3BA4F3848262C10F2ECE651B07169B1317090D758E34F6680131
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Str89D.tmp	Unicode text, UTF-16, little-endian text, with CRLF line terminators	89B9FFF50A2AFC35A2796DDE5B273329	F8D49D15D11AB67B1CCE905726BCE96CA95814C6	4B7F9354CE0BD9D301C1463874EF3AD66E437E5ABC67D9F37AD3996D1B40A43F
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\StringTable_0x0409.ips (copy)	Unicode text, UTF-16, little-endian text, with CRLF line terminators	89B9FFF50A2AFC35A2796DDE5B273329	F8D49D15D11AB67B1CCE905726BCE96CA95814C6	4B7F9354CE0BD9D301C1463874EF3AD66E437E5ABC67D9F37AD3996D1B40A43F
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A05838872C391E729B414D2B15083983	027038259B7C4BFE0066B6F5635E416EFBD84157	A7C7DB8CE84441DF150EE880E5BDE9C17BC7C85DC87A61B1760738ECEB61AD52
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A05838872C391E729B414D2B15083983	027038259B7C4BFE0066B6F5635E416EFBD84157	A7C7DB8CE84441DF150EE880E5BDE9C17BC7C85DC87A61B1760738ECEB61AD52
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\def9C7.tmp	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c	0ABAFE3F69D053494405061DE2629C82	E414B6F1E9EB416B9895012D24110B844F9F56D1	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\default.pal (copy)	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c	0ABAFE3F69D053494405061DE2629C82	E414B6F1E9EB416B9895012D24110B844F9F56D1	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	67B3328F3CC34596EC941DDA8574F606	219A67104A18F71C0CCB7B9D73F435D76E44F584	CB80BFDD8263BB9AFF04BDC7D6BE71AD09800895B616223D8F97048AA0A506F7
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	67B3328F3CC34596EC941DDA8574F606	219A67104A18F71C0CCB7B9D73F435D76E44F584	CB80BFDD8263BB9AFF04BDC7D6BE71AD09800895B616223D8F97048AA0A506F7
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\set818.tmp	data	3318F6FEA6DBB00C6F81A852C61FEAA9	6CA7D50C2947C849F666300640D2E46537627684	535E4139060BDEACAD3FA63C9E940E228EFAD4502D6C63C6740BA9854A315457
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.inx (copy)	data	3318F6FEA6DBB00C6F81A852C61FEAA9	6CA7D50C2947C849F666300640D2E46537627684	535E4139060BDEACAD3FA63C9E940E228EFAD4502D6C63C6740BA9854A315457
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\0x0409.ini	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators	8586214463BD73E1C2716113E5BD3E13	F02E3A76FD177964A846D4AA0A23F738178DB2BE	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\0x0409.ini	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators	8586214463BD73E1C2716113E5BD3E13	F02E3A76FD177964A846D4AA0A23F738178DB2BE	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	40FEFC3D907D44A9ADC84475AB073A6E	4CBEA84B4784ACB795E3891B5ED60B25809DB762	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\data1.cab	InstallShield CAB	1D930AFA1372F6A1862DB4C516329EDF	B164D4583F03DFD1A643271149266982F3EC321E	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\data1.hdr	InstallShield CAB	86CCA99B2DC07DAB3FE3042137D4E916	700B822ADCE467535FA386450D9697C9F824F15C	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\layout.bin	data	092F4FB630B5CE79DF6C2CD9571E8B22	7FF9766F04A025745AF675F0ABAA52A4C0144823	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	97F32563F6B0D290E09DB98FBFC10AAE	AD0DCCFC34E240D526149A87F732978ECCFB833E	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3E08FD47356199164BFCA62C0F4E1CC8	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed	40FEFC3D907D44A9ADC84475AB073A6E	4CBEA84B4784ACB795E3891B5ED60B25809DB762	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	97F32563F6B0D290E09DB98FBFC10AAE	AD0DCCFC34E240D526149A87F732978ECCFB833E	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3E08FD47356199164BFCA62C0F4E1CC8	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
C:\Windows\INF\oem4.inf	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\Windows\INF\setupapi.dev.log	Generic INItialization configuration [BeginLog]	8C10318B415F225B9854A72FE47F7E39	9003D26C8F50A9A0DB3EB7947574371829F2F452	B0E42ED4B9E49E0AD403F8719C88BA69C6C6EC480E61874691A3A5C1CBB1AFB4
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\Defaults[TT]_2021.3.0.0.sds (copy)	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA5CE.tmp	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA61D.tmp	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA63D.tmp	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA65D.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA70A.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA759.tmp	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA845.tmp	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators	C40A8AB8A393FEDC51CB7E53F9C88934	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA901.tmp	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\t2sTT_2021.3.0.0.ini (copy)	Windows setup INFormation	E1E46332575EE0D2EE93C5E61D8E41F1	09FFD1A95415FE724B6D244E4491AB7EC37D70AD	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\t2sTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	2C8D686A0FD03173FC3EC0F3E4D4F7C9	E6CBDB30B3A617308E025D0773F444F9F42A409A	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tecTT_2021.3.0.0.ini (copy)	Windows setup INFormation	792E0E29A4C3A993F9F12BF329A22390	560952AD978A6B0900B58D466B207A1A9F8B25AE	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tecTTenu_2021.3.0.0.chm (copy)	MS Windows HtmlHelp Data	706B1787512DA5FBF1D5974669CF7D44	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#base_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	26AFEEE00E5A8E75063450D5E36FF5EC	77E4537365E034E6756DEFBAF18CECCB92560728	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#t2s_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	4DBDA1311E4D8CE72CE8022046D07F6A	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#tec_2021.3.0.0.ddz (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C8970ADBE608FC51529EBA430544BA92	661DAE1FB9B885183B11D580055F5601805A0B03	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD6D.tmp	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD7E.tmp	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat (copy)	data	7A3D20F599E997740DDDB77B1CC9C615	F55050493940DAF132EF81C301AF46C45249150E	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf (copy)	Windows setup INFormation	530E9F36C66472657270FDFAA0803D3E	D11025CFA551A2F31E3E730726CBEA583489BB17	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETA960.tmp	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETA9FD.tmp	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA6C.tmp	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	22532CB8A21D85E7C87AE6F480DFEAB9	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	08B03468B132E3D05647125E1CEB90CF	6F556CFF26E1EEB20409D513CC72FED01F2700EB	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	92D30094BFB552A51905E0DE2EEBA60E	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#base_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression	87C88C721C9CDE98408E1902D2FE4AFA	8AC81416E672D5956E34D8492FE3E124A268C9B6	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#t2s_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression	A4E7F2CFE1F3575C5E3B759DEE012D2B	818223124DD137B5E6C52224063BDA94AB24D553	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#tec_2021.3.0.0.cab (copy)	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression	AD672B8D14487613B01657D2CC8CBFE7	41A0BE5CB752F3834A8475990B69B5FC63A225FF	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
C:\Windows\System32\catroot2\dberr.txt	ASCII text, with CRLF line terminators	7CAD3C2DAEAF36E2729D22DEB9203864	7EA5FE801967B0B3DB05FE6EE3889A0D67EE32CE	5835C356D3EFB7790F1354C50D6188174F955703AAEADA19B6D482E6F02E72A7

Windows Analysis Report
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe