Edit tour

Windows Analysis Report
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Overview

General Information

Sample name:	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Analysis ID:	1562191
MD5:	7714a5d364f8660817c487b2cb137381
SHA1:	2c94e7f2f817d36b43cf4c3dcd81af08dbbd3e50
SHA256:	f12cb718550f0f0b61b4564896366c476ae5080e487917195fada42cc9bcb08f
Infos:

Detection

Score:	19
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

PE file has a writeable .text section

Adds / modifies Windows certificates

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe (PID: 3200 cmdline: "C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" MD5: 7714A5D364F8660817C487B2CB137381)

setup.exe (PID: 2940 cmdline: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe" MD5: 97F32563F6B0D290E09DB98FBFC10AAE)

ISBEW64.exe (PID: 5548 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

ISBEW64.exe (PID: 4760 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

ISBEW64.exe (PID: 6160 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

ISBEW64.exe (PID: 5380 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

ISBEW64.exe (PID: 3128 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

ISBEW64.exe (PID: 6668 cmdline: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03} MD5: 8A1E5A6B1C4E0C7D706EB2B36FA6C8EA)

TECDRVIn.exe (PID: 6644 cmdline: C:\TEC_DRV\TECDRVIn.exe MD5: A2D3A064D147ABD9A7234974824FFE91)

SrTasks.exe (PID: 5136 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)

conhost.exe (PID: 3812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

drvinst.exe (PID: 5492 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf" "9" "4b7447563" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "C:\TEC_DRV" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)

rundll32.exe (PID: 5252 cmdline: rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004542BF __EH_prolog3_GS,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,CryptSignHashW,CryptSignHashW,CryptSignHashW,GetLastError,GetLastError,WriteFile,WriteFile,WriteFile,	0_2_004542BF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004546DD __EH_prolog3_GS,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,GetLastError,_memmove,GetLastError,CryptVerifySignatureW,	0_2_004546DD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C59 CryptReleaseContext,	0_2_00454C59
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454C91 CryptDestroyHash,	0_2_00454C91
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454CAB CryptDestroyKey,	0_2_00454CAB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00454DDC CryptExportKey,	0_2_00454DDC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045505F CryptGetHashParam,GetLastError,CryptGetHashParam,	0_2_0045505F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045521D CryptHashData,	0_2_0045521D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,	0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,	0_2_00455333
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045564F CoCreateGuid,StringFromGUID2,_wcsncpy,CryptAcquireContextW,CryptCreateHash,	0_2_0045564F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559DE CryptGetHashParam,GetLastError,	0_2_004559DE
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004559E0 CryptGetHashParam,GetLastError,CryptSetHashParam,	0_2_004559E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455A6D CryptAcquireContextW,CryptReleaseContext,CryptDestroyHash,	0_2_00455A6D
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455DCC SetFilePointer,CryptSignHashW,GetLastError,CryptSignHashW,WriteFile,WriteFile,WriteFile,SetFilePointer,	0_2_00455DCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455D9E CryptVerifySignatureW,GetLastError,	0_2_00455D9E

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr	String found in binary or memory: http://=0x%04x.iniMS
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSignp
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AE9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlF
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlY
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeC
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AED3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-assured-ts.crl
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crls
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493238199.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crlhttp://crl3.digicert.com/DigiCertAssuredIDRootCA
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4E
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/G
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crlg
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551277958.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548650981.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493676371.0000027A78860000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabJ
Source: rundll32.exe, 00000013.00000002.2540957483.0000022398DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
Source: rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538932612.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/eng
Source: setup.exe, 00000001.00000003.2634859826.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751314240.0000000000671000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, data1.hdr.0.dr	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	String found in binary or memory: http://deviis4.installshield.com/NetNirvana/data2.cabDisk1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com)
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com.
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT5hgD4pKvs0jFFLEKNQ1CjblLIPQQU9LbhIB3%2BKa7S5
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2534979848.000002239AE2D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541682605.000002239AE43000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2538364328.000002239AE42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2535338346.000002239AE39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493872701.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494328263.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494758373.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000011.00000003.2494726499.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494012871.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495807434.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495586464.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494288279.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2493282494.0000027A7885D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.d
Source: drvinst.exe, 00000011.00000003.2493560372.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt?
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crtb
Source: rundll32.exe, 00000013.00000002.2541580233.000002239ADF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestamp
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: drvinst.exe, 00000011.00000003.2497358946.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtQ
Source: drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtk
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551642736.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com7
Source: drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com8
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com=
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comB
Source: drvinst.exe, 00000011.00000003.2492323538.0000027A78864000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492939540.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comH
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542935675.0000027A78869000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comf
Source: rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlV
Source: drvinst.exe, 00000011.00000002.2551129088.0000027A78846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-assured-ts.crlhttp://crl4.digicert.com/sha2-as
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.coml
Source: drvinst.exe, 00000011.00000003.2542729706.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.como
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comu
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com~
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coW
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.coWVTAsn1SpcMinimalCriteriaInfoEncode-204Dll
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crlB
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crle
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FYHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.syO
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl8
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl;
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crlc
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crll
Source: drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha25N
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com
Source: rundll32.exe, 00000013.00000003.2502415182.000002239AE44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQd11mpyHEqFCSocj4SCu93CBydHAQUr2PWyqNOh
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com5
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comA
Source: rundll32.exe, 00000013.00000003.2502502892.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comD
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comG
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crl/
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2503101158.0000022398E4F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.commg
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488067210.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A788DB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549068109.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2550723274.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D57000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495515349.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551096434.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2497677227.0000027A78D53000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495710924.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494207793.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D55000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487358513.0000027A78D59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499925774.000002239AED6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499957144.000002239AEDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487272820.0000027A78D5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: drvinst.exe, 00000011.00000003.2492680309.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2491815640.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500424370.000002239AE94000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AE95000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0
Source: rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0=
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D42000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.installshield.coW
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.ini.1.dr, setup.exe0.0.dr, setup.ini.0.dr, set8558.tmp.1.dr, set84AA.tmp.1.dr	String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487572724.0000027A78D48000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, data1.hdr.0.dr, setup.ini.1.dr, setup.ini.0.dr, set8558.tmp.1.dr, Str89D.tmp.1.dr	String found in binary or memory: http://www.toshibatec.com
Source: setup.exe, 00000001.00000003.2623928553.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2749207382.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628229318.0000000002C54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2754443179.0000000002C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626801460.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com;
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com=%ld
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.com_3_M0
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comldZE
Source: setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.toshibatec.comt...
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d./
Source: drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.sym
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552290450.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, TECDRVIn.exe, 0000000F.00000003.2552790672.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2548522286.0000027A78910000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A786E4000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543080885.0000027A7876D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492479763.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492518312.0000027A7885C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2549377324.0000027A78859000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485647635.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492388241.0000027A78D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2543040453.0000027A7890F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551129088.0000027A7885A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487242654.0000027A78D4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: drvinst.exe, 00000011.00000003.2487314359.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542893903.0000027A7874D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2492064754.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.2551713883.0000027A79080000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2485270000.0000027A78694000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2484914597.0000027A7868A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2542729706.0000027A78D41000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2539651370.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498610285.0000022398E1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498560821.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502415182.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2502710823.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2498661621.0000022398E14000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2541124656.0000022398E3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_004071B9 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,

15_2_004071B9

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\SeagullPublisher.cer (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Sea9298.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DCD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\tos92BC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\toshibatec.cat (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD6D.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004552A9 CryptImportKey,		0_2_004552A9
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00455333 __EH_prolog3_GS,CreateFileW,ReadFile,CryptCreateHash,ReadFile,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,ReadFile,CryptImportKey,GetLastError,GetLastError,		0_2_00455333

System Summary

PE file has a writeable .text section

Source: ISSetup.dll.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}

Jump to behavior

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\Common	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\toshibatec.inf_amd64_5f0621577328b896\x64	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf	Jump to behavior

Source: C:\Windows\System32\drvinst.exe

File deleted: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA5CE.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C0B0	0_2_0047C0B0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047022B	0_2_0047022B
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004685CF	0_2_004685CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047C619	0_2_0047C619
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049CA69	0_2_0049CA69
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00490B40	0_2_00490B40
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00478B63	0_2_00478B63
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047CB89	0_2_0047CB89
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D4E8	0_2_0047D4E8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047D8A7	0_2_0047D8A7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004719F6	0_2_004719F6
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00475CA1	0_2_00475CA1
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0049DEC4	0_2_0049DEC4
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047E023	0_2_0047E023
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045E9CF	0_2_0045E9CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0044ECB8	0_2_0044ECB8
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045EEC3	0_2_0045EEC3
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463190	0_2_00463190
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F2DB	0_2_0045F2DB
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00463630	0_2_00463630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00493630	0_2_00493630
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045F710	0_2_0045F710
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045FB45	0_2_0045FB45
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0047FD1C	0_2_0047FD1C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F221AD0	3_2_00007FF62F221AD0
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22CC64	3_2_00007FF62F22CC64
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22FCE4	3_2_00007FF62F22FCE4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22F11C	3_2_00007FF62F22F11C
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22D308	3_2_00007FF62F22D308
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2342FC	3_2_00007FF62F2342FC
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224230	3_2_00007FF62F224230
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F224E10	3_2_00007FF62F224E10
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041E86C	15_2_0041E86C
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D8F0	15_2_0041D8F0
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00408938	15_2_00408938
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041D230	15_2_0041D230
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00414AAC	15_2_00414AAC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041030E	15_2_0041030E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FB2E	15_2_0040FB2E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00411BBC	15_2_00411BBC
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041CCEE	15_2_0041CCEE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00416C81	15_2_00416C81
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040F65B	15_2_0040F65B
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DE00	15_2_0040DE00
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040FF02	15_2_0040FF02
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041072E	15_2_0041072E
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041C7AC	15_2_0041C7AC

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00423AD2 appears 41 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8C9 appears 297 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459F9F appears 77 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B8FF appears 57 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045B896 appears 225 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004633C1 appears 35 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 004091B8 appears 102 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00466610 appears 55 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 00459FCD appears 56 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0045A2FE appears 131 times
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: String function: 0041AE03 appears 38 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 00410CDC appears 48 times
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: String function: 0040EB5B appears 64 times

Source: Dri91BA.tmp.1.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000003.2049304791.000000000056A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000000.2047517567.0000000000519000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Binary or memory string: OriginalFilenameInstallShield Setup.exe` vs Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ISSetup.dll.0.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8CC.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS8518.tmp.1.dr	Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: isr8CC.tmp.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: clean19.evad.winEXE@22/183@0/0

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00447C87 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00447C87

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041F883 _memset,lstrcpyW,lstrcatW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,

0_2_0041F883

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00446187 __EH_prolog3_GS,CreateToolhelp32Snapshot,GetLastError,Process32FirstW,Process32NextW,OpenProcess,

0_2_00446187

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00420149 __EH_prolog3_catch_GS,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

0_2_00420149

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File created: C:\Program Files (x86)\InstallShield Installation Information\

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\06216D8D-027A-4116-B2E6-32328FA688BC

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXE=%s	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: EXEProcessBegin	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: ISSetupInit	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: @/L	0_2_00425FCC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Command line argument: >YG	0_2_00475890

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.ini

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File read: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe "C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe"
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf" "9" "4b7447563" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "C:\TEC_DRV"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process created: C:\TEC_DRV\TECDRVIn.exe C:\TEC_DRV\TECDRVIn.exe	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: Driver Wizard.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: PnP Recovery.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\DriverWizard.exe
Source: TECDRVIn.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\TEC_DRV\TECDRVIn.exe

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

File written: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\0x0409.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Window found: window name: RICHEDIT

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: I accept the terms of the license agreement
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Automated click: Install

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static file information: File size 50479449 > 1048576

Source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_NetMonDispatcher.pdb source: TECDRVIn.exe, 0000000F.00000003.2551956643.000000000075C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2495645607.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2483971546.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, SET9D9D.tmp.15.dr, Sea97A9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb$ source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_ConfigDispatcher.pdb source: drvinst.exe, 00000011.00000003.2495324918.0000027A78D95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb& source: Sea93E9.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_ConfigDispatcher.pdb source: Sea93E9.tmp.1.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: setup.exe, 00000001.00000003.2061359845.000000000069A000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000003.00000002.2628334153.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000003.00000000.2073589886.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000000.2074497366.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000004.00000002.2076116112.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000000.2075185323.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000005.00000002.2077349298.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000000.2076057538.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000006.00000002.2078176120.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000002.2079327007.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000007.00000000.2077075092.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000000.2110700411.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp, ISBEW64.exe, 00000008.00000002.2625002345.00007FF62F237000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-Win32\Seagull_V3_NetMonDispatcher.pdb source: Sea9418.tmp.1.dr
Source:	Binary string: E:\work\printticket_work\driver\bin\Dispatchers\Release-x64\Seagull_V3_PrintDispatcher.pdb source: drvinst.exe, 00000011.00000003.2494569010.0000027A78D67000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2478075992.0000027A786E6000.00000004.00000020.00020000.00000000.sdmp, Sea97D9.tmp.1.dr, SETAA4C.tmp.17.dr

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Source: initial sample

Static PE information: section where entry point is pointing to: .rsrc

Source: Por9288.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea970B.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97A9.tmp.1.dr	Static PE information: section name: _RDATA
Source: Sea97D9.tmp.1.dr	Static PE information: section name: _RDATA
Source: SET9D6D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9D9D.tmp.15.dr	Static PE information: section name: _RDATA
Source: SET9C91.tmp.15.dr	Static PE information: section name: _RDATA
Source: SETAA4C.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAB0A.tmp.17.dr	Static PE information: section name: _RDATA
Source: SETAD2E.tmp.17.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00466655 push ecx; ret	0_2_00466668
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0045B864 push ecx; ret	0_2_0045B877
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040EBFA push ecx; ret	15_2_0040EC0D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00410D21 push ecx; ret	15_2_00410D34

Source: isr8CC.tmp.1.dr

Static PE information: section name: .text entropy: 7.983505264778397

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8717.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8729.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	File created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TEC8718.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\TEC_DRV\TECDRVIn.exe (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	File created: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0041CAE7 __EH_prolog3_GS,GetPrivateProfileIntW,	0_2_0041CAE7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0048A330 GetLastError,SetLastError,_memset,lstrcpyA,_memset,lstrcpyW,lstrlenA,_memset,lstrcpyA,lstrlenA,lstrlenA,_memmove,lstrcmpiA,GetLastError,SetLastError,_memmove,GetPrivateProfileIntA,_memset,lstrcpyA,GetPrivateProfileStringA,GetSysColor,_memset,_memset,GetPrivateProfileSectionNamesA,lstrcpyA,lstrcpyA,lstrlenA,lstrcpyA,GetPrivateProfileStringA,GetSysColor,GetLastError,SysFreeString,SysFreeString,SysFreeString,SetLastError,lstrcpyA,lstrlenA,lstrcmpA,lstrcpyA,GetPrivateProfileStringA,GetProcAddress,	0_2_0048A330
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401419 wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401419

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk	Jump to behavior

Source: C:\TEC_DRV\TECDRVIn.exe

Code function: 15_2_00404C99 IsIconic,GetWindowPlacement,GetWindowRect,

15_2_00404C99

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00463630 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00463630

Source: C:\Windows\System32\drvinst.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\TEC_DRV\TECDRVIn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Dri91BA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9418.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97D9.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\PortHelperWow64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea970B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\DriverWizard.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Por9288.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Sea97A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea9439.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Sea93E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	Jump to dropped file
Source: C:\TEC_DRV\TECDRVIn.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\TEC_DRV\TECDRVIn.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_0-73518

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API coverage: 6.8 %
Source: C:\TEC_DRV\TECDRVIn.exe	API coverage: 9.1 %

Source: C:\Windows\System32\SrTasks.exe TID: 2292

Thread sleep time: -290000s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00425659 __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,DeleteFileW,lstrcpyW,	0_2_00425659
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_0042C966 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,	0_2_0042C966
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_00451BC7 __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW,	0_2_00451BC7
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00401140 GetVersionExA,GetPrivateProfileStringA,wsprintfA,_sscanf,GetWindowsDirectoryA,wsprintfA,FindFirstFileA,SetupUninstallOEMInfA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,GetPrivateProfileStringA,GetPrivateProfileStringA,SetupUninstallOEMInfA,FindNextFileA,FindClose,GetCurrentDirectoryA,wsprintfA,FindFirstFileA,wsprintfA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,FindNextFileA,FindClose,SetupCopyOEMInfA,	15_2_00401140

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0041CF22 CreateFileW,CreateFileMappingW,GetSystemInfo,MapViewOfFile,IsBadReadPtr,UnmapViewOfFile,MapViewOfFile,IsBadReadPtr,GetLastError,

0_2_0041CF22

Source: setupapi.dev.log.15.dr	Binary or memory string: set: BIOS Vendor: VMware, Inc.
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Key = vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CopyFiles = vmci.DriverFiles.x64
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ServiceBinary = %12%\vmci.sys
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareProvider = "VMware, Inc."
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64.6.2]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmware_installers_addreg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.windows = "Windows"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Service Name = vmci
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.DriverFiles.x64 = 12; %%SystemRoot%%\System32\drivers
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; vmci.inf
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.HW]
Source: setup.exe, 00000001.00000003.2747977102.000000000299B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2753233177.000000000299E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _IsVirtualMachine
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Product Name: VMware20,1
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareManufacturer = "VMware, Inc."
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: SrTasks.exe, 0000000D.00000003.2385472469.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.Service.x64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.installers.value.name = "vwdk.installers"
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630854757.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631490443.00000000006C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachinee
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareManufacturer%=VMware,NTamd64.6.2
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.DriverFiles.x64]
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630992434.000000000069A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626579547.0000000000659000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine
Source: setup.exe, 00000001.00000003.2629421457.0000000002A95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630365127.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2629655158.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine<
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddService = vmci, 2, vmci.Service.x64, common.EventLog ; SPSVCINST_ASSOCSERVICE
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: setupapi.dev.log.15.dr	Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setup.exe, 00000001.00000003.2626579547.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631647953.00000000006AB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2630814944.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2752170252.00000000006AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PInstallShield Installation Information><IFX_PRODUCT_NAME>Hgfs
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMwarePathInfo]
Source: setupapi.dev.log.15.dr	Binary or memory string: set: System Manufacturer: VMware, Inc.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00010002, %vmci.installers.value.windows%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys,,,2; COPYFLG_NOSKIP
Source: setupapi.dev.log.15.dr	Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.15.dr	Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Add Service: vmci}
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.reg]
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Created new service 'vmci'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AddReg = vmci.reg
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR,, %vmci.installers.value.name%, 0x00000010, %vmci.installers.value.windows%
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.15.dr	Binary or memory string: set: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F -> Configured [oem2.inf:PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD,vmci.install.x64.NT] and started (ConfigFlags = 0x00000000).
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 -> Configured [disk.inf:GenDisk,disk_install.NT] and started (ConfigFlags = 0x00000000).
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_GetVirtualMachineType
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: DisplayName = %loc.vmciServiceDisplayName%
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ; Copyright (c) 1999-2016,2019,2021 VMware, Inc. All rights reserved.
Source: setupapi.dev.log.15.dr	Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.15.dr	Binary or memory string: set: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 -> Configured [cdrom.inf:GenCdRom,cdrom_install] and started (ConfigFlags = 0x00000000).
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [VMware.NTamd64]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareHostDeviceDesc% = vmci.install.x64, ROOT\VMWVMCIHOSTDEV
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmci.sys=1
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CatalogFile = vmci.cat
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.Disk1 = "VMware VMCI Device Disk"
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HKR, , EventMessageFile, 0x00020000, "%%SystemRoot%%\System32\drivers\vmci.sys"
Source: SrTasks.exe, 0000000D.00000003.2521534519.0000016E56ED2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT]
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setup.exe, 00000001.00000003.2627910712.0000000002BD1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626388711.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628503603.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0_IsVirtualMachine2
Source: setup.exe, 00000001.00000003.2748557236.0000000005437000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2623601448.0000000005428000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0bIsVirtualMachine=%ld
Source: setup.exe, 00000001.00000003.2062131087.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _GetVirtualMachineType
Source: setupapi.dev.log.15.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:E
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmci.install.x64.NT.Services]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.vmciServiceDisplayName = "VMware VMCI Bus Driver"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %loc.VMwareBusDeviceDesc% = vmci.install.x64, PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD, PCI\VEN_15AD&DEV_0740
Source: setupapi.dev.log.15.dr	Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [vmware_installers_addreg]
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareHostDeviceDesc = "VMware VMCI Host Device"
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: loc.VMwareBusDeviceDesc = "VMware VMCI Bus Device"
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: SrTasks.exe, 0000000D.00000003.2518649004.0000016E56F2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D://
Source: setupapi.dev.log.15.dr	Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.15.dr	Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: TECDRVIn.exe, 0000000F.00000003.2429455527.0000000002190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Provider = %VMwareProvider%

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	API call chain: ExitProcess graph end node	graph_0-73520
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	API call chain: ExitProcess graph end node
Source: C:\TEC_DRV\TECDRVIn.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00464F6E _memset,IsDebuggerPresent,

0_2_00464F6E

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0047A0BB EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_0047A0BB

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004443E5 __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance,

0_2_004443E5

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430226 GetFileSize,GetProcessHeap,HeapAlloc,ReadFile,_strlen,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,ReadFile,GetProcessHeap,HeapFree,

0_2_00430226

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638C7 SetUnhandledExceptionFilter,	0_2_004638C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: 0_2_004638EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_004638EA
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F22DCD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF62F22DCD4
Source: C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe	Code function: 3_2_00007FF62F2307D8 SetUnhandledExceptionFilter,	3_2_00007FF62F2307D8
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0041814D _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0041814D
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00418160 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00418160
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00415937 SetUnhandledExceptionFilter,	15_2_00415937
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_00412442 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00412442
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: 15_2_0040DDEE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_0040DDEE

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Process created: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\setup.exe -package:"c:\users\user\desktop\sterownik do drukarki tpcl-drv_2021.3_m-0_e (1).exe" -no_selfdeleter -is_temp -media_path:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\" -tempdisk1folder:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\" -is_originallauncher:"c:\users\user\appdata\local\temp\{9f7ba959-f754-4698-9ed9-66fc40e61686}\disk1\setup.exe"	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} global\{95b0d15e-59ba-f945-a362-1292ebab1705} c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.inf c:\windows\system32\driverstore\temp\{ad084959-69d4-2442-9d3d-6604520f436b}\toshibatec.cat	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_004448BB __EH_prolog3_GS,AllocateAndInitializeSid,AllocateAndInitializeSid,AllocateAndInitializeSid,AllocateAndInitializeSid,_memset,SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetTempPathW,

0_2_004448BB

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00450887 GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,

0_2_00450887

Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN_
Source: setup.exe, 00000001.00000003.2051923955.0000000002590000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES,
Source: ISSetup.dll.0.dr	Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMAN
Source: setup.exe, 00000001.00000003.2632293655.0000000000672000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626269878.0000000000656000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2631915653.000000000066E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANes
Source: setup.exe, 00000001.00000003.2633539652.000000000067C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2632152886.000000000067A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2751488389.000000000067D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OPTYPE_PROGMANp

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0046391A cpuid

0_2_0046391A

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,GetLocaleInfoW,	0_2_0046E1E0
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,	0_2_0046A3CF
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046E450
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_0047A437
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E4AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_0046E529
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,	0_2_0046E5AC
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,	0_2_004125AD
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046E79F
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0046E8C7
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	0_2_0046E974
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	0_2_0046EA48
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: EnumSystemLocalesW,	0_2_0046EF47
Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	Code function: GetLocaleInfoW,	0_2_0046EFCD
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetLocaleInfoA,	15_2_0041BA59
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: _strcpy_s,GetLocaleInfoA,__snprintf_s,LoadLibraryA,	15_2_004022EE
Source: C:\TEC_DRV\TECDRVIn.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	15_2_0041EC52

Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_0043B52C __EH_prolog3_GS,GetCurrentProcessId,_memset,GetLocalTime,GetModuleFileNameW,

0_2_0043B52C

Source: C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Code function: 0_2_00430174 GetVersionExW,

0_2_00430174

Source: C:\Windows\System32\drvinst.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0ECA937423F01F974CA582BCFC417550BE20B95E Blob

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 Input Capture	1 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	2 Windows Service	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	1 Input Capture	Junk Data	Exfiltration Over Bluetooth	1 System Shutdown/Reboot
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	2 Windows Service	3 Obfuscated Files or Information	Security Account Manager	37 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	2 Process Injection	2 Software Packing	NTDS	31 Security Software Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	1 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	2 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	3%	ReversingLabs
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp	0%	ReversingLabs
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)	0%	ReversingLabs
C:\TEC_DRV\Dri91BA.tmp	0%	ReversingLabs
C:\TEC_DRV\DriverWizard.exe (copy)	0%	ReversingLabs
C:\TEC_DRV\Por9288.tmp	0%	ReversingLabs
C:\TEC_DRV\PortHelperWow64.exe (copy)	0%	ReversingLabs
C:\TEC_DRV\TEC8717.tmp (copy)	0%	ReversingLabs
C:\TEC_DRV\TEC8718.tmp	0%	ReversingLabs
C:\TEC_DRV\TEC8729.tmp	0%	ReversingLabs
C:\TEC_DRV\TECDRVIn.exe (copy)	0%	ReversingLabs
C:\TEC_DRV\Win32\Sea93E9.tmp	0%	ReversingLabs
C:\TEC_DRV\Win32\Sea9418.tmp	0%	ReversingLabs
C:\TEC_DRV\Win32\Sea9439.tmp	0%	ReversingLabs
C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)	0%	ReversingLabs
C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)	0%	ReversingLabs
C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)	0%	ReversingLabs
C:\TEC_DRV\x64\Sea970B.tmp	0%	ReversingLabs
C:\TEC_DRV\x64\Sea97A9.tmp	0%	ReversingLabs
C:\TEC_DRV\x64\Sea97D9.tmp	0%	ReversingLabs
C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)	0%	ReversingLabs
C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)	0%	ReversingLabs
C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.toshibatec.com;	0%	Avira URL Cloud	safe
http://www.installshield.coW	0%	Avira URL Cloud	safe
https://d./	0%	Avira URL Cloud	safe
http://ts-crl.ws.syO	0%	Avira URL Cloud	safe
http://www.toshibatec.com=%ld	0%	Avira URL Cloud	safe
http://www.toshibatec.com_3_M0	0%	Avira URL Cloud	safe
http://s.symcb.coWVTAsn1SpcMinimalCriteriaInfoEncode-204Dll	0%	Avira URL Cloud	safe
https://d.sym	0%	Avira URL Cloud	safe
http://s.symcb.coW	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://=0x%04x.iniMS	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.exe0.0.dr, set84AA.tmp.1.dr	false		high
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0	drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certplus.com/CRL/class3.crl0	drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.e-me.lv/repository0	drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487358513.0000027A78D59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499925774.000002239AED6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499957144.000002239AEDA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.acabogacia.org/doc0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489021052.0000027A7876A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.chambersign.org/chambersroot.crl0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.suscerte.gob.ve0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.postsignum.cz/crl/psrootqca2.crl02	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.dhimyotis.com/certignarootca.crl0	drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0	drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.chambersign.org1	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.pkioverheid.nl/policies/root-policy0	drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.toshibatec.com_3_M0	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://repository.swisssign.com/0	drvinst.exe, 00000011.00000003.2489387696.0000027A78769000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A78767000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488018704.0000027A78766000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.suscerte.gob.ve/lcr0#	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ssc.lt/root-c/cacrl.crl0	drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://postsignum.ttc.cz/crl/psrootqca2.crl0	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.symcb.coW	rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ca.disig.sk/ca/crl/ca_disig.crl0	rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0	drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certplus.com/CRL/class3P.crl0	drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.suscerte.gob.ve/dpc0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500639968.000002239AE33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certeurope.fr/reference/root2.crl0	drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certplus.com/CRL/class2.crl0	drvinst.exe, 00000011.00000003.2488196965.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489081039.0000027A78907000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.disig.sk/ca/crl/ca_disig.crl0	rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.defence.gov.au/pki0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sk.ee/cps/0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.globaltrust.info0=	rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.toshibatec.com;	setup.exe, 00000001.00000003.2623928553.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2749207382.0000000002C55000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2628229318.0000000002C54000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2754443179.0000000002C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000003.2626801460.0000000002C4D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.anf.es	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.postsignum.cz/crl/psrootqca4.crl02	drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pki.registradores.org/normativa/index.htm0	drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499988705.000002239AEC7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://policy.camerfirma.com0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ssc.lt/cps03	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://d./	rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.pki.gva.es0	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.anf.es/es/address-direccion.html	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.anf.es/address/)1(0&	drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?	drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488674433.0000027A788DE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ca.mtin.es/mtin/ocsp0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ssc.lt/root-b/cacrl.crl0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://web.ncdc.gov.sa/crl/nrcacomb1.crl0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certicamara.com/dpc/0Z	drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wwww.certigna.fr/autorites/0m	drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2504256689.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2533616762.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AEBC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2542026909.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500782818.000002239AEBE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.dnie.es/dpc0	drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ca.mtin.es/mtin/DPCyPoliticas0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.anf.es/AC/ANFServerCA.crl0	drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://repository.tsp.zetes.com0	drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.globaltrust.info0	rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://certificates.starfieldtech.com/repository/1604	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500085043.000002239AE9A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://acedicom.edicomgroup.com/doc0	drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certplus.com/CRL/class3TS.crl0	drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	false		high
https://crl.anf.es/AC/ANFServerCA.crl0	drvinst.exe, 00000011.00000003.2488984372.0000027A788C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500508411.000002239AE3B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.certeurope.fr/reference/pc-root2.pdf0	drvinst.exe, 00000011.00000003.2489348259.0000027A78750000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501030159.000002239AE21000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ac.economia.gob.mx/last.crl0G	drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://deviis4.installshield.com/NetNirvana/data2.cabDisk1	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe	false		high
https://www.catcert.net/verarrel	rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.disig.sk/ca0f	rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.e-szigno.hu/RootCA.crl	drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501425512.000002239AEC4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499830991.000002239AEC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sk.ee/juur/crl/0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.chambersign.org/chambersignroot.crl0	drvinst.exe, 00000011.00000003.2487112116.0000027A78936000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499861485.000002239AEB7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.xrampsecurity.com/XGCA.crl0	drvinst.exe, 00000011.00000003.2488860061.0000027A788CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://cacerts.digicert	drvinst.exe, 00000011.00000003.2543000887.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	false		high
http://certs.oati.net/repository/OATICA2.crl0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.oces.trust2408.com/oces.crl0	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500749101.000002239AE2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ssc.lt/root-a/cacrl.crl0	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://certs.oaticerts.com/repository/OATICA2.crl	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://certs.oati.net/repository/OATICA2.crt0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.accv.es00	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.toshibatec.com=%ld	setup.exe, 00000001.00000002.2753187444.0000000002990000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pkioverheid.nl/policies/root-policy-G20	drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.netlock.net/docs	rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.e-trust.be/CPS/QNcerts	drvinst.exe, 00000011.00000003.2487146537.0000027A78D50000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487272820.0000027A78D5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499889865.000002239AEDE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.ncdc.gov.sa0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://d.sym	drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://s.symcb.coWVTAsn1SpcMinimalCriteriaInfoEncode-204Dll	rundll32.exe, 00000013.00000003.2502710823.0000022398E13000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2501077861.0000022398E10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ts-crl.ws.syO	drvinst.exe, 00000011.00000003.2548522286.0000027A78909000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0	drvinst.exe, 00000011.00000003.2489230231.0000027A7875A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500875592.000002239AE2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500680763.000002239AE29000.00000004.00000020.00020000.00000000.sdmp	false		high
http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0	drvinst.exe, 00000011.00000003.2487393008.0000027A78921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl2.postsignum.cz/crl/psrootqca4.crl01	drvinst.exe, 00000011.00000003.2488600196.0000027A788DD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500290272.000002239AE5D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0	drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://web.ncdc.gov.sa/crl/nrcaparta1.crl	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.datev.de/zertifikat-policy-int0	drvinst.exe, 00000011.00000003.2487695486.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488196965.0000027A788E1000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488067210.0000027A7891F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487511275.0000027A78916000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500223113.000002239AE5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500018385.000002239AE9C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.installshield.coW	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, 00000000.00000002.2757486278.000000000054B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;	drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
https://repository.luxtrust.lu0	drvinst.exe, 00000011.00000003.2492064754.0000027A78D4D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487190126.0000027A78D45000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487242654.0000027A78D4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2499793474.000002239AECC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2487946580.0000027A78909000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500189469.000002239AE8B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.acabogacia.org0	rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.firmaprofesional.com/cps0	drvinst.exe, 00000011.00000003.2491815640.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488531554.0000027A788D6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2488860061.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.2489156029.0000027A788D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500389694.000002239AE46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.uce.gub.uy/acrn/acrn.crl0	drvinst.exe, 00000011.00000003.2487695486.0000027A788F6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2500151531.000002239AE7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe, setup.ini.1.dr, setup.exe0.0.dr, setup.ini.0.dr, set8558.tmp.1.dr, set84AA.tmp.1.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562191
Start date and time:	2024-11-25 10:25:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Detection:	CLEAN
Classification:	clean19.evad.winEXE@22/183@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 70 Number of non-executed functions: 307
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, VSSVC.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Simulations

Behavior and APIs

Time	Type	Description
04:26:51	API Interceptor	29x Sleep call for process: SrTasks.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)	SCWSConSetup_1.0.1.65_ver.exe	Get hash	malicious	Unknown	Browse
	SCWSConSetup_1.0.1.65_ver.exe	Get hash	malicious	Unknown	Browse
	SCWSConSetup.exe	Get hash	malicious	Unknown	Browse
	TPCL-drv_2020.4_M-2_E.exe	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp	SCWSConSetup_1.0.1.65_ver.exe	Get hash	malicious	Unknown	Browse
	SCWSConSetup_1.0.1.65_ver.exe	Get hash	malicious	Unknown	Browse
	SCWSConSetup.exe	Get hash	malicious	Unknown	Browse
	TPCL-drv_2020.4_M-2_E.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x0409.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	22490
Entropy (8bit):	3.484827950705229
Encrypted:	false
SSDEEP:	384:CTmyuV//BiTbh/Y4AwC2WrP2DBWa/Oa0Mhs+XVgv:CT6V//BiXh/N/lWr0aa0Mhs+XVgv
MD5:	8586214463BD73E1C2716113E5BD3E13
SHA1:	F02E3A76FD177964A846D4AA0A23F738178DB2BE
SHA-256:	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
SHA-512:	309200F38D0E29C9AAA99BB6D95F4347F8A8C320EB65742E7C539246AD9B759608BD5151D1C5D1D05888979DAA38F2B6C3BF492588B212B583B8ADBE81FA161B
Malicious:	false
Preview:	..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x08548.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	22490
Entropy (8bit):	3.484827950705229
Encrypted:	false
SSDEEP:	384:CTmyuV//BiTbh/Y4AwC2WrP2DBWa/Oa0Mhs+XVgv:CT6V//BiXh/N/lWr0aa0Mhs+XVgv
MD5:	8586214463BD73E1C2716113E5BD3E13
SHA1:	F02E3A76FD177964A846D4AA0A23F738178DB2BE
SHA-256:	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
SHA-512:	309200F38D0E29C9AAA99BB6D95F4347F8A8C320EB65742E7C539246AD9B759608BD5151D1C5D1D05888979DAA38F2B6C3BF492588B212B583B8ADBE81FA161B
Malicious:	false
Preview:	..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	800256
Entropy (8bit):	7.772746681961582
Encrypted:	false
SSDEEP:	12288:mIGz7ovgUHjhKtYCdP2q4/8mnL2YCTdSxZa65jcttUO+UC1nHZ:mIGz8IUDP0OqGL2YCsxZa6RuUO+UCd5
MD5:	40FEFC3D907D44A9ADC84475AB073A6E
SHA1:	4CBEA84B4784ACB795E3891B5ED60B25809DB762
SHA-256:	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
SHA-512:	F6D64FDF76EA8E5725451B50A2A49042A3DBB66A68BA787BA742EB202345E298317257740E11C8C8BA0E217059DE991A10FF0DC95F83B8F820BB248AF71E9229
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Joe Sandbox View:	Filename: SCWSConSetup_1.0.1.65_ver.exe, Detection: malicious, Browse Filename: SCWSConSetup_1.0.1.65_ver.exe, Detection: malicious, Browse Filename: SCWSConSetup.exe, Detection: malicious, Browse Filename: TPCL-drv_2020.4_M-2_E.exe, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l.j.(...(...(......).....1...........c......./.......)...(...4}......=......#....../......S......)......)...(...)......)...Rich(...................PE..L.....yY...........!.....(...*......E.%......P................................%......C..............................8.%.G.....%.......#.0.....................%.....`X..8....................................................k.......................text.....#......"......PEC2MO...... ....rsrc.........#......&.............. ....reloc........%......4..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	800256
Entropy (8bit):	7.772746681961582
Encrypted:	false
SSDEEP:	12288:mIGz7ovgUHjhKtYCdP2q4/8mnL2YCTdSxZa65jcttUO+UC1nHZ:mIGz8IUDP0OqGL2YCsxZa6RuUO+UCd5
MD5:	40FEFC3D907D44A9ADC84475AB073A6E
SHA1:	4CBEA84B4784ACB795E3891B5ED60B25809DB762
SHA-256:	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
SHA-512:	F6D64FDF76EA8E5725451B50A2A49042A3DBB66A68BA787BA742EB202345E298317257740E11C8C8BA0E217059DE991A10FF0DC95F83B8F820BB248AF71E9229
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Joe Sandbox View:	Filename: SCWSConSetup_1.0.1.65_ver.exe, Detection: malicious, Browse Filename: SCWSConSetup_1.0.1.65_ver.exe, Detection: malicious, Browse Filename: SCWSConSetup.exe, Detection: malicious, Browse Filename: TPCL-drv_2020.4_M-2_E.exe, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l.j.(...(...(......).....1...........c......./.......)...(...4}......=......#....../......S......)......)...(...)......)...Rich(...................PE..L.....yY...........!.....(...*......E.%......P................................%......C..............................8.%.G.....%.......#.0.....................%.....`X..8....................................................k.......................text.....#......"......PEC2MO...... ....rsrc.........#......&.............. ....reloc........%......4..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat8459.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	17982
Entropy (8bit):	3.4084002807671
Encrypted:	false
SSDEEP:	384:QJabkkxkkYRkpkkJakikkJDkukkekkkkkSkkkkkgUkGkksNkbkk+kkkkk1Wk/kkC:SabkkxkkYRkpkkJakikkJDkukkekkkkN
MD5:	86CCA99B2DC07DAB3FE3042137D4E916
SHA1:	700B822ADCE467535FA386450D9697C9F824F15C
SHA-256:	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
SHA-512:	F13E6F2EEAAE0746299E3BBA3AF8331640BFD1B9CED7CCF32EDC95BA83781FCEFF999DA259102B1E19972D953E774E3844C301D90D0A38343F4B013321FA45A6
Malicious:	false
Preview:	ISc(............O..>F..........................................................................B~..........................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................%!..........O..........................9.............................................................................%.......=...................................I.......U.......a...............m...................y...................................................................................................................................................................................................................................!...........................................-.

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat846A.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	1053024
Entropy (8bit):	7.997195031164146
Encrypted:	true
SSDEEP:	24576:a/vZ2TnNs5PskNM7bp5x+3C1aiKkqqch+9kxdfp:a52Ta55OxmHiKkqqcZp
MD5:	1D930AFA1372F6A1862DB4C516329EDF
SHA1:	B164D4583F03DFD1A643271149266982F3EC321E
SHA-256:	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
SHA-512:	E8A53CB090D2702424A442C49D464EAE6D5956547ABA8803C22FFCE61C1C7CBF2895712A07AF379AFD34E8835898ED6B7128443C0CF11BAAD67B03E2BFF76006
Malicious:	false
Preview:	ISc(..........................................................................................................................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................jn\..\..}/...-............,...+^..S.N-2..5L.:u.._..3..a..5.X.#.0B.3.X...G,Zt........b...y.O.+...9..z=..^.m.k...M:..rh..<5,....}w{...~E...48.fE...t......q.....na.l!......Jj=.TT............[...RJ.G.D=}.&q{'.....3.e.g..h..G._.\|.'..a..P.......W..]\..l,..-)...c.....R.96&j.H..:;.9.a....4fNXLX.a...I....g..!..w..K..G.....*J......a....w.g.........D...11..duJ....44..4W..\.v..q.qt4....mc........(.h1...2.>..U!t.n.L.....iv......)Y.))...7.x...Rk^..yI..=.2.>..$.].FD.l,.gv....

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	1053024
Entropy (8bit):	7.997195031164146
Encrypted:	true
SSDEEP:	24576:a/vZ2TnNs5PskNM7bp5x+3C1aiKkqqch+9kxdfp:a52Ta55OxmHiKkqqcZp
MD5:	1D930AFA1372F6A1862DB4C516329EDF
SHA1:	B164D4583F03DFD1A643271149266982F3EC321E
SHA-256:	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
SHA-512:	E8A53CB090D2702424A442C49D464EAE6D5956547ABA8803C22FFCE61C1C7CBF2895712A07AF379AFD34E8835898ED6B7128443C0CF11BAAD67B03E2BFF76006
Malicious:	false
Preview:	ISc(..........................................................................................................................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................jn\..\..}/...-............,...+^..S.N-2..5L.:u.._..3..a..5.X.#.0B.3.X...G,Zt........b...y.O.+...9..z=..^.m.k...M:..rh..<5,....}w{...~E...48.fE...t......q.....na.l!......Jj=.TT............[...RJ.G.D=}.&q{'.....3.e.g..h..G._.\|.'..a..P.......W..]\..l,..-)...c.....R.96&j.H..:;.9.a....4fNXLX.a...I....g..!..w..K..G.....*J......a....w.g.........D...11..duJ....44..4W..\.v..q.qt4....mc........(.h1...2.>..U!t.n.L.....iv......)Y.))...7.x...Rk^..yI..=.2.>..$.].FD.l,.gv....

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.hdr (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	17982
Entropy (8bit):	3.4084002807671
Encrypted:	false
SSDEEP:	384:QJabkkxkkYRkpkkJakikkJDkukkekkkkkSkkkkkgUkGkksNkbkk+kkkkk1Wk/kkC:SabkkxkkYRkpkkJakikkJDkukkekkkkN
MD5:	86CCA99B2DC07DAB3FE3042137D4E916
SHA1:	700B822ADCE467535FA386450D9697C9F824F15C
SHA-256:	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
SHA-512:	F13E6F2EEAAE0746299E3BBA3AF8331640BFD1B9CED7CCF32EDC95BA83781FCEFF999DA259102B1E19972D953E774E3844C301D90D0A38343F4B013321FA45A6
Malicious:	false
Preview:	ISc(............O..>F..........................................................................B~..........................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................%!..........O..........................9.............................................................................%.......=...................................I.......U.......a...............m...................y...................................................................................................................................................................................................................................!...........................................-.

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\lay8458.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	1.8239459738478505
Encrypted:	false
SSDEEP:	3:A1aaRt/flIlXlft//149llbtlz/NllV/7777777j2J4klM/plylL4klyDlX/BSlF:A51GKN2COl8JDWLNglETl127W7Jtn
MD5:	092F4FB630B5CE79DF6C2CD9571E8B22
SHA1:	7FF9766F04A025745AF675F0ABAA52A4C0144823
SHA-256:	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
SHA-512:	A8B2C4C0CC9312245DA047AA2E2029701A6DA13FADC86FA20402B612CC13F64E5F8DFB190203890340F504EE04D510C109CAD2AE6A67931F49B41C3E8D37C4DA
Malicious:	false
Preview:	c..S.@...................................................................................................................................................................................................................................................................... ...@...............`...v...........................t...t...t...t...t...t...t...t...s.e.t.u.p...i.n.i.....I.S.S.e.t.u.p...d.l.l...0.x.0.4.0.9...i.n.i...d.a.t.a.1...h.d.r...d.a.t.a.1...c.a.b...d.a.t.a.2...c.a.b...l.a.y.o.u.t...b.i.n...s.e.t.u.p...e.x.e...

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\layout.bin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	1.8239459738478505
Encrypted:	false
SSDEEP:	3:A1aaRt/flIlXlft//149llbtlz/NllV/7777777j2J4klM/plylL4klyDlX/BSlF:A51GKN2COl8JDWLNglETl127W7Jtn
MD5:	092F4FB630B5CE79DF6C2CD9571E8B22
SHA1:	7FF9766F04A025745AF675F0ABAA52A4C0144823
SHA-256:	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
SHA-512:	A8B2C4C0CC9312245DA047AA2E2029701A6DA13FADC86FA20402B612CC13F64E5F8DFB190203890340F504EE04D510C109CAD2AE6A67931F49B41C3E8D37C4DA
Malicious:	false
Preview:	c..S.@...................................................................................................................................................................................................................................................................... ...@...............`...v...........................t...t...t...t...t...t...t...t...s.e.t.u.p...i.n.i.....I.S.S.e.t.u.p...d.l.l...0.x.0.4.0.9...i.n.i...d.a.t.a.1...h.d.r...d.a.t.a.1...c.a.b...d.a.t.a.2...c.a.b...l.a.y.o.u.t...b.i.n...s.e.t.u.p...e.x.e...

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1193984
Entropy (8bit):	6.68437219706928
Encrypted:	false
SSDEEP:	24576:eGjk6PMUtgtIKIch5+915zApy/MrllllVrGifVOCW6A:fjk6PMUtgtJphMDw3llllVrGSVsn
MD5:	97F32563F6B0D290E09DB98FBFC10AAE
SHA1:	AD0DCCFC34E240D526149A87F732978ECCFB833E
SHA-256:	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
SHA-512:	FF32AEE7DB16AAE15481A037118DA151439045842EEDDD60ACE58ED383B3265ED115F6AB776A45A8900BE4235EBD7FEC5B380C7CBCBB2948062FCA3CA30C2C56
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^y....s...s...s.....s......s.....s.....s....Z.s..o....s...r...s..o....s...7.s.....s.......s.....s.Rich..s.........................PE..L...d.yY.....................p....................@..........................................................................B..........t...............................8...........................x4..@...............t...H:.. ....................text............................... ..`.rdata..............................@..@.data...$L...p...&...N..............@....rsrc...t............t..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set8558.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2450
Entropy (8bit):	3.6947003089346673
Encrypted:	false
SSDEEP:	48:rsAMkozUM9dmcPTmscu/+S8gvn6CJkkY09TzcqYtxkYOvl5ZAMXvrcOyb0pn:rsAMkGUPcrmqrvnp6kY05w7tCYOvlnAM
MD5:	3E08FD47356199164BFCA62C0F4E1CC8
SHA1:	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5
SHA-256:	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
SHA-512:	23C582D4B6EE8FF41FDA19A382E28A2258838393BBD33044CED4B2E74AAFD7CC19E0A294C01619F2459E7A1BCE9408C05020049A911E7B107AD2BD0274ACD6E7
Malicious:	false
Preview:	..[.S.t.a.r.t.u.p.].....P.r.o.d.u.c.t.=.T.P.C.L. .P.R.I.N.T.E.R. .D.R.I.V.E.R. .Q.M.2.0.2.1._.3._.M.0.....P.r.o.d.u.c.t.G.U.I.D.=.0.6.2.1.6.D.8.D.-.0.2.7.A.-.4.1.1.6.-.B.2.E.6.-.3.2.3.2.8.F.A.6.8.8.B.C.....C.o.m.p.a.n.y.N.a.m.e.=.T.o.s.h.i.b.a. .T.e.c.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...t.o.s.h.i.b.a.t.e.c...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.4.0.9.....S.u.p.p.o.r.t.e.d.=.0.x.0.4.0.9.....R.e.q.u.i.r.e.E.x.a.c.t.L.a.n.g.M.a.t.c.h.=.0.x.0.4.0.4.,.0.x.0.8.0.4.....R.T.L.L.a.n.g.s.=.0.x.0.4.0.1.,.0.x.0.4.0.d.........[.

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1193984
Entropy (8bit):	6.68437219706928
Encrypted:	false
SSDEEP:	24576:eGjk6PMUtgtIKIch5+915zApy/MrllllVrGifVOCW6A:fjk6PMUtgtJphMDw3llllVrGSVsn
MD5:	97F32563F6B0D290E09DB98FBFC10AAE
SHA1:	AD0DCCFC34E240D526149A87F732978ECCFB833E
SHA-256:	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
SHA-512:	FF32AEE7DB16AAE15481A037118DA151439045842EEDDD60ACE58ED383B3265ED115F6AB776A45A8900BE4235EBD7FEC5B380C7CBCBB2948062FCA3CA30C2C56
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^y....s...s...s.....s......s.....s.....s....Z.s..o....s...r...s..o....s...7.s.....s.......s.....s.Rich..s.........................PE..L...d.yY.....................p....................@..........................................................................B..........t...............................8...........................x4..@...............t...H:.. ....................text............................... ..`.rdata..............................@..@.data...$L...p...&...N..............@....rsrc...t............t..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ilg (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	204800
Entropy (8bit):	2.818856053143072
Encrypted:	false
SSDEEP:	3072:RvkFaU3JJGACQ0alHQD5lbQ8ckY2qhLYZRLaopc0pIVYcQtQzQfCQlpU7xxCQ0C3:
MD5:	8D79A0F3E8BEB1F8184CE64D05E895AA
SHA1:	02C630CB94889D4164EC7B744C6FBBD6A270F16F
SHA-256:	894D6E0F70806D8B26015CAD8C8303DB932FED06DD1E7A1E866397CCAB28DD2D
SHA-512:	E3CC4B3C6F21621F6106FA0960BCB5C420E4F6CC937AEF8359D9C2D476ACDD60BF5CE95FBF383F0DC461DF9757CD3568FA2E6EFABBD33FE6047244946C1E9819
Malicious:	false
Preview:	......................>.......................................................u.......................................................................................................................................................................................................................................................................................................................................................................................................................................................!..............................................................................................................."... ...)...^...#...$...%...&...'...(...6...7...+...,...-......./...0...1...2...3...4...5.......8...T...9...:...;...<...=...>...?...@...A...\...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...U...[...V...W...X...Y...Z...n...]..._...`.......m...a...t...c...d...e...f...g...h...i...j...k...l.......s...o...p...q...r...................w...x...y...z...

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2598
Entropy (8bit):	3.7174281170682004
Encrypted:	false
SSDEEP:	48:rsAMkozUM9dmcPTskFOmscu/+S8gvn6CJkkY09TzcqYtxkYOvl5ZAMXvrcOyb0pn:rsAMkGUPcA+Omqrvnp6kY05w7tCYOvlR
MD5:	947524E6D0FD8D2E65AE0E8375D68F92
SHA1:	46AB22A0FAD56B7DD84DC376284A4325EBFAB7FC
SHA-256:	49CFEC2F63DF5FBD9771F38BD7A906B2778B59EA65DA520099BBA86E4F29119E
SHA-512:	9246A41043604E42D3CBB724BD4139216A2852B5110524BEB7C13D4CF53F9A3720A3BB78C21A4B2825976F9D66C8987455F97B732CC374EE76F47C06126C9D68
Malicious:	false
Preview:	..[.S.t.a.r.t.u.p.].....P.r.o.d.u.c.t.=.T.P.C.L. .P.R.I.N.T.E.R. .D.R.I.V.E.R. .Q.M.2.0.2.1._.3._.M.0.....P.r.o.d.u.c.t.G.U.I.D.=.0.6.2.1.6.D.8.D.-.0.2.7.A.-.4.1.1.6.-.B.2.E.6.-.3.2.3.2.8.F.A.6.8.8.B.C.....C.o.m.p.a.n.y.N.a.m.e.=.T.o.s.h.i.b.a. .T.e.c.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...t.o.s.h.i.b.a.t.e.c...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.....S.o.u.r.c.e.=.0.....A.l.l.U.s.e.r.s.=.1.....I.n.s.t.a.l.l.G.u.i.d.=.{.0.6.2.1.6.D.8.D.-.0.2.7.A.-.4.1.1.6.-.B.2.E.6.-.3.2.3.2.8.F.A.6.8.8.B.C.}.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.4.0.9.....S.u.p.p.o.r.t.e.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	421
Entropy (8bit):	2.660646924430768
Encrypted:	false
SSDEEP:	6:4xtSl/cWyl//oCzg8KuWs3Tm6tl4hWs3Tm6t/:8gl0Wm/w8Ku9O9l
MD5:	F7E2C8757802A75EE3EE125D90AC5236
SHA1:	F78E0F752CB58B13D88F83ACAAA64FA3EC7D445D
SHA-256:	13CFB502DAA712A85DE31FA4DD0732B0C5B52B70F4B3779FC761F134FBEDBC2E
SHA-512:	41B80DA3DC8385D68A53FD897793C0A585AAAF8DB6557F5C6DB8042698A9EB9A92F42CBAAAF12280D58E60F81B4E0B07607FA8047EDC6245A50C87299C2C09A1
Malicious:	false
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................V.1...........TEC_DRV.@............................................T.E.C._.D.R.V.....r.2...........DriverWizard.exe..R............................................D.r.i.v.e.r.W.i.z.a.r.d...e.x.e... ...-.....\.....\.....\.....\.....\.....\.....\.T.E.C._.D.R.V.\.D.r.i.v.e.r.W.i.z.a.r.d...e.x.e.....

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Archive, ctime=Mon Nov 25 08:26:54 2024, mtime=Mon Nov 25 08:26:54 2024, atime=Tue Dec 14 18:58:52 2021, length=3103448, window=hide
Category:	dropped
Size (bytes):	696
Entropy (8bit):	4.594811956559765
Encrypted:	false
SSDEEP:	12:8PPiJV8m/G8Wpl0zK485u/S90jA0Z691NiTNzIlI3mV:83iteBcK4z/AgA0Zo1ARzkqm
MD5:	74C31E164EC07D09CEFF662680E86CBC
SHA1:	A8DE6D924FE42163CB82D10032C0957CFEB0FE7B
SHA-256:	A095E9FF523284534CCB2B90077EC08C03BA61919D1CE168721209446868B90F
SHA-512:	C9AA5553272FD9B140E025EA0D5026B09B9F94D7C5DA03782732E53557E52E5BC82F95D203B927C20A841EF0508221392EBCE0DFA4AB91B68B5AF5FD5B80D137
Malicious:	false
Preview:	L..................F.... ....Yy.?.....?....\.%....Z/..........................P.O. .:i.....+00.../C:\...................V.1.....yY\K..TEC_DRV.@......yYZKyY\K....K.....................SN..T.E.C._.D.R.V.....n.2..Z/..SZ. .DRIVER~1.EXE..R......yY\KyY\K..............................D.r.i.v.e.r.W.i.z.a.r.d...e.x.e.......J...............-.......I....................C:\TEC_DRV\DriverWizard.exe..-.....\.....\.....\.....\.....\.....\.....\.T.E.C._.D.R.V.\.D.r.i.v.e.r.W.i.z.a.r.d...e.x.e...I.n.s.t.a.l.l. ./.a.u.t.o.d.e.t.e.c.t.`.......X.......445817...........hT..CrF.f4... .&.c.....,...W..hT..CrF.f4... .&.c.....,...W..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Normal, ctime=Mon Nov 25 08:26:51 2024, mtime=Mon Nov 25 08:26:54 2024, atime=Wed Oct 6 15:45:44 2010, length=192512, window=hide
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.524777841925923
Encrypted:	false
SSDEEP:	12:8mChssqm/G8Ob8b9lFjAQ+ul+mkf93mV:8mChsKeJuAQC/Fm
MD5:	387A766E5102488F2D84AC40E869C44C
SHA1:	4BDB5E53848AE27245BAF3A25D5E46E112894756
SHA-256:	F701DF5A802D9882F087090DC94AD696D58AAD3B6B236F2AB95BA233345D0E77
SHA-512:	A8F3024AE960F592BDBBE038DBA0F57012DFBD4C5CBDA4C98D196C8791B47CE7A1FCCCEB03FB5D535854C8506E5E041CB26471242914B8EABD4CEBD48D7DB1B2
Malicious:	false
Preview:	L..................F...........(.?..Q..*.?...,..ue...............................P.O. .:i.....+00.../C:\...................V.1.....yY\K..TEC_DRV.@......yYZKyY\K....K.....................SN..T.E.C._.D.R.V.....f.2.....F=....TECDRVIn.exe..J......yYZKyYZK..............................T.E.C.D.R.V.I.n...e.x.e.......F...............-.......E....................C:\TEC_DRV\TECDRVIn.exe..).....\.....\.....\.....\.....\.....\.....\.T.E.C._.D.R.V.\.T.E.C.D.R.V.I.n...e.x.e...C.:.\.T.E.C._.D.R.V.`.......X.......445817...........hT..CrF.f4... .&.c.....,...W..hT..CrF.f4... .&.c.....,...W..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\TEC_DRV\Common\Def8579.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\TEC_DRV\Common\Defaults[TT]_2021.3.0.0.sds (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\TEC_DRV\Common\t2s8599.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\TEC_DRV\Common\t2s85AA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\TEC_DRV\Common\t2sTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\TEC_DRV\Common\t2sTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\TEC_DRV\Common\tec85CA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\TEC_DRV\Common\tec85CB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\TEC_DRV\Common\tecTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\TEC_DRV\Common\tecTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\TEC_DRV\Common\tt#85DB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\TEC_DRV\Common\tt#8698.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\TEC_DRV\Common\tt#86A9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\TEC_DRV\Common\tt#base_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\TEC_DRV\Common\tt#t2s_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\TEC_DRV\Common\tt#tec_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\TEC_DRV\Dri8749.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	27458866
Entropy (8bit):	7.997426570564924
Encrypted:	true
SSDEEP:	393216:s+nxGyjuKW4PwUJW4PwU6iOBeGmdd9FuEwugOBeGmhm3gSXt+OBeGmDOBeGmbOB6:s+nvju9bUYbU6hud9FuEwuzqmQSXrLr6
MD5:	56C2992414A067AAD5D5F1101DA6B39A
SHA1:	8B8C40F2DFF10822089767EBDB41E7333F3EF8DC
SHA-256:	7DC1E385D5AC480BDA37BCFF0A1FF480EAB5D5F2248957E5B10438D4537D3286
SHA-512:	FBC8B74E6587F903031D361B391EA38B322D4654898B2AD7D4E457DDAC45067B9558E6EA3D6917945A3514D7D4B4E551A61885DF81D6AA41C2C981FB1547179B
Malicious:	false
Preview:	PK.........v.St.Ji...........ModelEquivalents.txt.ZMs.6..{....d........Y.m.R.JH..M.1.[I..rb....E..$.......@).6../d..8....t.:.y~:.......D.[;.-q...sjj...l^.$..\|HbJ........cN..0i..ql.!.]...>.Q1.....}9u....@Mt.@PDs:.....<.+...30.V=.UOj.Z..V=.UOj.......d...^..j......rC.8......k.......4.H.Q....\|..EY<3..sW....enQ..en.............a..Km...YK.[`P=Km.......!.,......I..c..q....E.P..PA..v..<..!.G.=$.(.........?.<..........="..."df.f....BLlnT......Gr..Vw..j..w.q3...dC..\|..r.... ...}.S.E....1K"...drD.[q.l.I1^.W...)....g,!.Oh>..t...S.~.....C05...^.X..U...j..I.....d..R~......i.`...[......=.~.y.s.=_w.m.&...fM.y..#~.....[.d.S..6r~v........%.b...x.....W..dL..&!....2.<.Xq=..w...j/..Z....o....&..kR.......q.}..;u..}....1.......>....~{..X.h...-.....j.4[{..A...Om..Fm.......Y@wB.......P.f....o..4T...vn.....9.\I.W....u.'L.o.o..0.`.nQ....e.9.A.~S>>...E........zS7...'r.+..zS=...j....,dS.'....D.R..odG:N.$.&..~_......+.Q....%........_....b'........B.B%.C..D.

C:\TEC_DRV\Dri91BA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3103448
Entropy (8bit):	6.4586329506306965
Encrypted:	false
SSDEEP:	49152:al8QmrGWHiDiYXYSo2dqfbnsF03cL6WWVkXnzr5frY0fZmPwOAHO+krRkTjZehMZ:alXmTmBhEDn+03cOW3Xn35fM0fZaPAHb
MD5:	72F18029B6AC00294BEFE777570E0243
SHA1:	AE6768EF4FD139A1BB31530C348662785465F3BB
SHA-256:	9A31DAF79FF6F6C004529D9055D4858C214D2530738D4DB1AEDC154B83B00E8A
SHA-512:	9560F40F755EDB46C5EBE2D17E21DDA0227A77DD594440B9C4475B122E8430662889FB2B6D620738411B49B527D056B6D95B553791B8980A543C9C8315364D32
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......T.........................5.........................B......B......B.............?......7...........[....g...................Rich....................PE..L....!.a..................#..........3........#...@.........................../......x/.......@...............................,.\|....p-.P............./..<.......... .(.T.....................(......o'.@.............#.....$.+.@....................text...J.#.......#................. ..`.rdata..6N....#..P....#.............@..@.data....+...@,......,,.............@....rsrc...P....p-.......-.............@..@........................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Dri9276.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	71
Entropy (8bit):	4.407990036085695
Encrypted:	false
SSDEEP:	3:zp+wJsEMMXFyzByXSRhTjFdMlWF3:zxzYtyXYxph
MD5:	7E0131F56CD5C6A408FDCF38A80CAB97
SHA1:	4E11DCBDF94CB14ED61E9FAE01EA2BCDC91D64BF
SHA-256:	3CCD19B2AAEB9EFCE250073BA5DCC31E3159F41D2D38041602A9C6F06DE6E01A
SHA-512:	ECA67198E92C4E10D74174DBC189FE12B196FD8F678A507748B243E7E679703CE0AE2E8D4FCC1A93F2A47024AD581B7244583A707202ADC5C20DA3BD7B4A6D0D
Malicious:	false
Preview:	[OEM]..WizardTitle=TEC Driver Wizard..DriversName=TEC Printer Drivers..

C:\TEC_DRV\DriverWizard.ddz (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	27458866
Entropy (8bit):	7.997426570564924
Encrypted:	true
SSDEEP:	393216:s+nxGyjuKW4PwUJW4PwU6iOBeGmdd9FuEwugOBeGmhm3gSXt+OBeGmDOBeGmbOB6:s+nvju9bUYbU6hud9FuEwuzqmQSXrLr6
MD5:	56C2992414A067AAD5D5F1101DA6B39A
SHA1:	8B8C40F2DFF10822089767EBDB41E7333F3EF8DC
SHA-256:	7DC1E385D5AC480BDA37BCFF0A1FF480EAB5D5F2248957E5B10438D4537D3286
SHA-512:	FBC8B74E6587F903031D361B391EA38B322D4654898B2AD7D4E457DDAC45067B9558E6EA3D6917945A3514D7D4B4E551A61885DF81D6AA41C2C981FB1547179B
Malicious:	false
Preview:	PK.........v.St.Ji...........ModelEquivalents.txt.ZMs.6..{....d........Y.m.R.JH..M.1.[I..rb....E..$.......@).6../d..8....t.:.y~:.......D.[;.-q...sjj...l^.$..\|HbJ........cN..0i..ql.!.]...>.Q1.....}9u....@Mt.@PDs:.....<.+...30.V=.UOj.Z..V=.UOj.......d...^..j......rC.8......k.......4.H.Q....\|..EY<3..sW....enQ..en.............a..Km...YK.[`P=Km.......!.,......I..c..q....E.P..PA..v..<..!.G.=$.(.........?.<..........="..."df.f....BLlnT......Gr..Vw..j..w.q3...dC..\|..r.... ...}.S.E....1K"...drD.[q.l.I1^.W...)....g,!.Oh>..t...S.~.....C05...^.X..U...j..I.....d..R~......i.`...[......=.~.y.s.=_w.m.&...fM.y..#~.....[.d.S..6r~v........%.b...x.....W..dL..&!....2.<.Xq=..w...j/..Z....o....&..kR.......q.}..;u..}....1.......>....~{..X.h...-.....j.4[{..A...Om..Fm.......Y@wB.......P.f....o..4T...vn.....9.\I.W....u.'L.o.o..0.`.nQ....e.9.A.~S>>...E........zS7...'r.+..zS=...j....,dS.'....D.R..odG:N.$.&..~_......+.Q....%........_....b'........B.B%.C..D.

C:\TEC_DRV\DriverWizard.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3103448
Entropy (8bit):	6.4586329506306965
Encrypted:	false
SSDEEP:	49152:al8QmrGWHiDiYXYSo2dqfbnsF03cL6WWVkXnzr5frY0fZmPwOAHO+krRkTjZehMZ:alXmTmBhEDn+03cOW3Xn35fM0fZaPAHb
MD5:	72F18029B6AC00294BEFE777570E0243
SHA1:	AE6768EF4FD139A1BB31530C348662785465F3BB
SHA-256:	9A31DAF79FF6F6C004529D9055D4858C214D2530738D4DB1AEDC154B83B00E8A
SHA-512:	9560F40F755EDB46C5EBE2D17E21DDA0227A77DD594440B9C4475B122E8430662889FB2B6D620738411B49B527D056B6D95B553791B8980A543C9C8315364D32
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......T.........................5.........................B......B......B.............?......7...........[....g...................Rich....................PE..L....!.a..................#..........3........#...@.........................../......x/.......@...............................,.\|....p-.P............./..<.......... .(.T.....................(......o'.@.............#.....$.+.@....................text...J.#.......#................. ..`.rdata..6N....#..P....#.............@..@.data....+...@,......,,.............@....rsrc...P....p-.......-.............@..@........................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\DriverWizard.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	71
Entropy (8bit):	4.407990036085695
Encrypted:	false
SSDEEP:	3:zp+wJsEMMXFyzByXSRhTjFdMlWF3:zxzYtyXYxph
MD5:	7E0131F56CD5C6A408FDCF38A80CAB97
SHA1:	4E11DCBDF94CB14ED61E9FAE01EA2BCDC91D64BF
SHA-256:	3CCD19B2AAEB9EFCE250073BA5DCC31E3159F41D2D38041602A9C6F06DE6E01A
SHA-512:	ECA67198E92C4E10D74174DBC189FE12B196FD8F678A507748B243E7E679703CE0AE2E8D4FCC1A93F2A47024AD581B7244583A707202ADC5C20DA3BD7B4A6D0D
Malicious:	false
Preview:	[OEM]..WizardTitle=TEC Driver Wizard..DriversName=TEC Printer Drivers..

C:\TEC_DRV\Ins9277.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5816
Entropy (8bit):	4.93507304125191
Encrypted:	false
SSDEEP:	96:wf9yIGb/Ho+qk+Jo5c1JoX+9yNePoA2LAy8ENIlUeD5RFEsCP9BOQbkDpLHoq:wf987IXk+6G16IJPoHL8UO7FuP3ORLHP
MD5:	3295ED4E182D0A9AD7D8C550DA8AF92F
SHA1:	C849C2CF0C21D9043E3E2F93FAAF66A0C44F7EC8
SHA-256:	AD1004EE23C5C77A7E615F663F3F524EF4E97FDE72C2BF877F341158D7F42F6A
SHA-512:	AB11D344A73F8D18DCF5CEBAD47A5D2F4714C65A93C2505F5744FC92827C223043A0A09A5750C161EE37DD9AF3E084DC18AE101DF6DA84515CADDFCBD4345650
Malicious:	false
Preview:	<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<title>Installing Windows Printer Drivers</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />..<style type="text/css">..a:link { color: black; font-weight:bold; text-decoration:underline; text-underline:single; }..a:visited { color:black; font-weight:bold; text-decoration:underline; text-underline:single; }..a:hover { color:#009999; font-weight:bold; text-decoration:underline; text-underline:single; }..body { font-size:10.0pt; font-family:"Arial"; }..h1 { margin-top:12.0pt; margin-right:0in; margin-bottom:6.0pt; margin-left:0in; font-size:18.0pt; font-family:"Tahoma,Arial"; color:#009999; }..h2 { margin-top:18.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; font-size:12.0pt; font-family:"Arial"; }..p { font-size:10.0pt; font-family:"Arial"; }..p.contents { margin-top:8.0pt; margin-right:0in; margin-bottom:0pt; margin-left:.5in; }..li { margin-bottom:8.0pt; }..p.i1 { margin-left:.5in; }..

C:\TEC_DRV\Installation_Instructions.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5816
Entropy (8bit):	4.93507304125191
Encrypted:	false
SSDEEP:	96:wf9yIGb/Ho+qk+Jo5c1JoX+9yNePoA2LAy8ENIlUeD5RFEsCP9BOQbkDpLHoq:wf987IXk+6G16IJPoHL8UO7FuP3ORLHP
MD5:	3295ED4E182D0A9AD7D8C550DA8AF92F
SHA1:	C849C2CF0C21D9043E3E2F93FAAF66A0C44F7EC8
SHA-256:	AD1004EE23C5C77A7E615F663F3F524EF4E97FDE72C2BF877F341158D7F42F6A
SHA-512:	AB11D344A73F8D18DCF5CEBAD47A5D2F4714C65A93C2505F5744FC92827C223043A0A09A5750C161EE37DD9AF3E084DC18AE101DF6DA84515CADDFCBD4345650
Malicious:	false
Preview:	<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<title>Installing Windows Printer Drivers</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />..<style type="text/css">..a:link { color: black; font-weight:bold; text-decoration:underline; text-underline:single; }..a:visited { color:black; font-weight:bold; text-decoration:underline; text-underline:single; }..a:hover { color:#009999; font-weight:bold; text-decoration:underline; text-underline:single; }..body { font-size:10.0pt; font-family:"Arial"; }..h1 { margin-top:12.0pt; margin-right:0in; margin-bottom:6.0pt; margin-left:0in; font-size:18.0pt; font-family:"Tahoma,Arial"; color:#009999; }..h2 { margin-top:18.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; font-size:12.0pt; font-family:"Arial"; }..p { font-size:10.0pt; font-family:"Arial"; }..p.contents { margin-top:8.0pt; margin-right:0in; margin-bottom:0pt; margin-left:.5in; }..li { margin-bottom:8.0pt; }..p.i1 { margin-left:.5in; }..

C:\TEC_DRV\Por9288.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	255704
Entropy (8bit):	6.3515781462026535
Encrypted:	false
SSDEEP:	6144:yeyHqIMC6aBFmiAOjioW6IfohPq64K164pv:yeaqIh6WUi1j3IfouL4N
MD5:	96B8E20B31B39182FB5876DC1784AA9B
SHA1:	25388F1A57313E398D948DBEE1BC0CFC0C9E15E2
SHA-256:	9B574DC4A371FB5F51FDE08DDBACA855ECC9882673DB8D089457CB0B7F35C079
SHA-512:	8AFA085003A88E52B0B6BA6F859B68D0420227BC9C02A68DE73B117DDE2D7FC6158F04A0FD42BBEE5A5EE1D8D73F796868AA6B9E94187C6C874650476F191C72
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.k.xv..xv..xv..l...sv..l....v.....hv.....rv.....5v..l...lv..xv...v..l...sv......qv......yv..xv..yv......yv..Richxv..........................PE..d....".a.........."......6.....................@..........................................`.................................................Ti..x................ .......<..........D/..p............................/..8............P..(............................text....4.......6.................. ..`.rdata..f$...P...&...:..............@..@.data...P...........`..............@....pdata... ......."...r..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\TEC_DRV\PortHelperWow64.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	255704
Entropy (8bit):	6.3515781462026535
Encrypted:	false
SSDEEP:	6144:yeyHqIMC6aBFmiAOjioW6IfohPq64K164pv:yeaqIh6WUi1j3IfouL4N
MD5:	96B8E20B31B39182FB5876DC1784AA9B
SHA1:	25388F1A57313E398D948DBEE1BC0CFC0C9E15E2
SHA-256:	9B574DC4A371FB5F51FDE08DDBACA855ECC9882673DB8D089457CB0B7F35C079
SHA-512:	8AFA085003A88E52B0B6BA6F859B68D0420227BC9C02A68DE73B117DDE2D7FC6158F04A0FD42BBEE5A5EE1D8D73F796868AA6B9E94187C6C874650476F191C72
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.k.xv..xv..xv..l...sv..l....v.....hv.....rv.....5v..l...lv..xv...v..l...sv......qv......yv..xv..yv......yv..Richxv..........................PE..d....".a.........."......6.....................@..........................................`.................................................Ti..x................ .......<..........D/..p............................/..8............P..(............................text....4.......6.................. ..`.rdata..f$...P...&...:..............@..@.data...P...........`..............@....pdata... ......."...r..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\TEC_DRV\Sea9298.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1784
Entropy (8bit):	7.449624938933393
Encrypted:	false
SSDEEP:	48:fgQd7sV23LLqt1rimPsFssFipwwVdsFd6vaOA8dLHcBw:psV23LLM1GmUbxJ/Ual8d4a
MD5:	FC56104DE32A1C6ECD3CE1CBA7024152
SHA1:	0ECA937423F01F974CA582BCFC417550BE20B95E
SHA-256:	AF2B976EF0BAFFEA42886240CE807F97AC1C3BB5A27B132B24363A021576BABB
SHA-512:	FEA01925120DF6E9A879D2AD059601B408134354E4721DD47B2683952F4232B3EC30CC31C95FBE65A8078BACFC08E97840690047E943AE0D30A196D03C0A2B21
Malicious:	false
Preview:	0...0.............ziV..l.....0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10...210727000000Z..240802235959Z0y1.0...U....US1.0...U....Washington1.0...U....Bellevue1 0...U....Seagull Scientific Inc.1 0...U....Seagull Scientific Inc.0...0....H.............0.........b.5..\.d.....,.........d.c....7.q...j..A3.o..5,..V...o...I.....pPz.RWn....q.$..`....?w.....@\N]ut7....x>. p...bV.....3..db.W......Tm..j.....U..%.1Fw.\..m.o......_.......>Mw.(.6<R..WN.A=G.2Z..P..n....J!.$S..0..Clz.@.l.KR.....V.0#.Lw..eQ.\........7...>u..y...n.N...I.....E.P..^5....S!..e]...t.hK.....T.>a..XdRJ.......d.......j..e.E..`v.....!..o...{..7..e..... ..........0...0...U.#..0...h7..;._....a{..e.NB0...U...............B.^5..E...0...U...........0...U.%..0...+.......0....U.....0..0S.Q.O.Mhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S.Q.O.Mhttp://crl4.digicert.com/DigiCertTrustedG4CodeSigningR

C:\TEC_DRV\SeagullPublisher.cer (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1784
Entropy (8bit):	7.449624938933393
Encrypted:	false
SSDEEP:	48:fgQd7sV23LLqt1rimPsFssFipwwVdsFd6vaOA8dLHcBw:psV23LLM1GmUbxJ/Ual8d4a
MD5:	FC56104DE32A1C6ECD3CE1CBA7024152
SHA1:	0ECA937423F01F974CA582BCFC417550BE20B95E
SHA-256:	AF2B976EF0BAFFEA42886240CE807F97AC1C3BB5A27B132B24363A021576BABB
SHA-512:	FEA01925120DF6E9A879D2AD059601B408134354E4721DD47B2683952F4232B3EC30CC31C95FBE65A8078BACFC08E97840690047E943AE0D30A196D03C0A2B21
Malicious:	false
Preview:	0...0.............ziV..l.....0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10...210727000000Z..240802235959Z0y1.0...U....US1.0...U....Washington1.0...U....Bellevue1 0...U....Seagull Scientific Inc.1 0...U....Seagull Scientific Inc.0...0....H.............0.........b.5..\.d.....,.........d.c....7.q...j..A3.o..5,..V...o...I.....pPz.RWn....q.$..`....?w.....@\N]ut7....x>. p...bV.....3..db.W......Tm..j.....U..%.1Fw.\..m.o......_.......>Mw.(.6<R..WN.A=G.2Z..P..n....J!.$S..0..Clz.@.l.KR.....V.0#.Lw..eQ.\........7...>u..y...n.N...I.....E.P..^5....S!..e]...t.hK.....T.>a..XdRJ.......d.......j..e.E..`v.....!..o...{..7..e..... ..........0...0...U.#..0...h7..;._....a{..e.NB0...U...............B.^5..E...0...U...........0...U.%..0...+.......0....U.....0..0S.Q.O.Mhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S.Q.O.Mhttp://crl4.digicert.com/DigiCertTrustedG4CodeSigningR

C:\TEC_DRV\TEC8717.tmp (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192512
Entropy (8bit):	6.214286999068648
Encrypted:	false
SSDEEP:	3072:6CWO7XfitpaAnSUazG7v+r61G5yOaXTQxc71tPq8aR0s:DzLYpaASUazGeU6y50MqPn
MD5:	A2D3A064D147ABD9A7234974824FFE91
SHA1:	7272971F8E5211A72F2842F0A9173B4069A16127
SHA-256:	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
SHA-512:	EE3085081E40FF8D3077095CAC074A1363BC97BE0C08C5C77E97A554AC367EAA4DB0342226C90BEEC94E9A61A37CC7BD2870E7947B61CB624974E5C711BA96CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........gP.4P.4P.4...4W.4w..4I.4w..4..4...4G.4P.4..4w..4..4w..4Q.4w..4Q.4RichP.4........................PE..L.....L..........................................@..........................0...............................................r..........<5...........................................................E..@....................r..@....................text...E........................... ..`.rdata...w..........................@..@.data...TZ....... ..................@....rsrc...<5.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\TEC8718.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192512
Entropy (8bit):	6.214286999068648
Encrypted:	false
SSDEEP:	3072:6CWO7XfitpaAnSUazG7v+r61G5yOaXTQxc71tPq8aR0s:DzLYpaASUazGeU6y50MqPn
MD5:	A2D3A064D147ABD9A7234974824FFE91
SHA1:	7272971F8E5211A72F2842F0A9173B4069A16127
SHA-256:	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
SHA-512:	EE3085081E40FF8D3077095CAC074A1363BC97BE0C08C5C77E97A554AC367EAA4DB0342226C90BEEC94E9A61A37CC7BD2870E7947B61CB624974E5C711BA96CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........gP.4P.4P.4...4W.4w..4I.4w..4..4...4G.4P.4..4w..4..4w..4Q.4w..4Q.4RichP.4........................PE..L.....L..........................................@..........................0...............................................r..........<5...........................................................E..@....................r..@....................text...E........................... ..`.rdata...w..........................@..@.data...TZ....... ..................@....rsrc...<5.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\TEC8729.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192512
Entropy (8bit):	6.214286999068648
Encrypted:	false
SSDEEP:	3072:6CWO7XfitpaAnSUazG7v+r61G5yOaXTQxc71tPq8aR0s:DzLYpaASUazGeU6y50MqPn
MD5:	A2D3A064D147ABD9A7234974824FFE91
SHA1:	7272971F8E5211A72F2842F0A9173B4069A16127
SHA-256:	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
SHA-512:	EE3085081E40FF8D3077095CAC074A1363BC97BE0C08C5C77E97A554AC367EAA4DB0342226C90BEEC94E9A61A37CC7BD2870E7947B61CB624974E5C711BA96CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........gP.4P.4P.4...4W.4w..4I.4w..4..4...4G.4P.4..4w..4..4w..4Q.4w..4Q.4RichP.4........................PE..L.....L..........................................@..........................0...............................................r..........<5...........................................................E..@....................r..@....................text...E........................... ..`.rdata...w..........................@..@.data...TZ....... ..................@....rsrc...<5.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\TECDRVIn.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192512
Entropy (8bit):	6.214286999068648
Encrypted:	false
SSDEEP:	3072:6CWO7XfitpaAnSUazG7v+r61G5yOaXTQxc71tPq8aR0s:DzLYpaASUazGeU6y50MqPn
MD5:	A2D3A064D147ABD9A7234974824FFE91
SHA1:	7272971F8E5211A72F2842F0A9173B4069A16127
SHA-256:	DE8EA1FF6251C5BD6FAF0760B0F713AE548D79CF5ACBB1B7B168727E4E1562B9
SHA-512:	EE3085081E40FF8D3077095CAC074A1363BC97BE0C08C5C77E97A554AC367EAA4DB0342226C90BEEC94E9A61A37CC7BD2870E7947B61CB624974E5C711BA96CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........gP.4P.4P.4...4W.4w..4I.4w..4..4...4G.4P.4..4w..4..4w..4Q.4w..4Q.4RichP.4........................PE..L.....L..........................................@..........................0...............................................r..........<5...........................................................E..@....................r..@....................text...E........................... ..`.rdata...w..........................@..@.data...TZ....... ..................@....rsrc...<5.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\TEC_DRV\TOS92AA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\TEC_DRV\TOSHIBATEC.inf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\TEC_DRV\Win32\Sea93E9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	304856
Entropy (8bit):	6.645795726250497
Encrypted:	false
SSDEEP:	6144:IywxjX6oyWpgvOZy0eNQTBeWwYaPssAOR8cS4Xh95:7O6oyggvYy0eN0BFEjhXh9
MD5:	BD9F1E06CCD3C288755B7F7023539E3C
SHA1:	F3E315577109F20C9F3F16F4C5BC5675A6A52412
SHA-256:	BC5F3BD109E7EBEBD263DA55D0E726587D0A6583BE1D283A43B960E1CFB8D30E
SHA-512:	19A91FDE5C81465D8DD5761469DD94D8F54C9670D5465B991E2A281C1F25B75B212FF0ED98BC10607C0C2DAC9E6056AC04AC0F7BD1A095AB2BDFFA637A9A83FB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<\|K.R/K.R/K.R/..Q.F.R/..W...R/..V.\.R/..W...R/..V.D.R/..Q.\.R/K.S/..R/..S.F.R/..W.O.R/..[.Y.R/..R.J.R/.../J.R/K../J.R/..P.J.R/RichK.R/................PE..L.....Ua...........!.........x......N;....................................................@.............................d.......x....`...............j...<...p..8..`...p...............................@............................................text............................... ..`.rdata..L...........................@..@.data... )...0......................@....rsrc........`.......6..............@..@.reloc..8...p...,...>..............@..B................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\Sea9418.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	309976
Entropy (8bit):	6.6399465268446916
Encrypted:	false
SSDEEP:	6144:h56ND1RD4Lgaq2aRj3jiTdXoNQmmAOaSs3rmqqCD:h+D1RD4LgaPaRj3WTdf0SsaqqG
MD5:	33FF361BE4E3B8DCA92F26533FF9A841
SHA1:	51F56219DCFFB04954361058A2C161E24DCD535D
SHA-256:	0DEF002E4B8F5EBB7BF919708CBEE1A8C34CFE9457FD39D705A45CD03F70CD12
SHA-512:	A03755FA898857A34F07D88AA04066CAE6D1AFB7A4D5B2D276C3BC37DF5AD8F2A532E5680986357B3263B556C92728B0CA21ECEE77C0F341BB443AAB6E743801
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e...6...6...6...7...6...7 ..6...7...6...7...6...7...6...7..6...7...6...6...6...7...6...7...6...7...6../6...6..G6...6...7...6Rich...6........PE..L.....Ua...........!.........x.......I.......0............................................@..........................<..\|....<..d....................~...<.......+..P...p...............................@............0...............................text............................... ..`.rdata.......0......................@..@.data...4+...P......................@....rsrc................J..............@..@.reloc...+.......,...R..............@..B........................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\Sea9439.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112344
Entropy (8bit):	6.533196434379069
Encrypted:	false
SSDEEP:	3072:BC8jv+Ua5Vkknigx3N77Brn9mZWzOlv3o3z:BC8zFNkiXMOlvOz
MD5:	C29E9C33F6A07D6349E255311087D4AC
SHA1:	2CA38280E26F89F56AC0B4896037B7BC17A4D2F3
SHA-256:	BCEB10130FF61A4B7B1620856C85DD95B0329E67D7A89A4FDD4696D95892123C
SHA-512:	B53320F990F0F057EBE3CDA75F1C2C39B815024003C8353E407ED0B47DDC814AFC650BF66D06E516DCC540FCC633E80DAF0750DE1925E1AAF4E227B6A4A1B716
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[X>$.9Pw.9Pw.9PwDQSv.9PwDQUv.9PwDQTv.9PwDQQv.9Pw.9Qwm9PwMLUv:9PwMLTv.9PwMLSv.9Pw.LYv.9Pw.LPv.9Pw.L.w.9Pw.9.w.9Pw.LRv.9PwRich.9Pw........................PE..L.....Ua...........!................YX...............................................}...............................[...... \..<....................z...<......T....I..p...........................@J..@...............(............................text............................... ..`.rdata...r.......t..................@..@.data........p.......T..............@....rsrc................`..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\Seagull_V3_ConfigDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	304856
Entropy (8bit):	6.645795726250497
Encrypted:	false
SSDEEP:	6144:IywxjX6oyWpgvOZy0eNQTBeWwYaPssAOR8cS4Xh95:7O6oyggvYy0eN0BFEjhXh9
MD5:	BD9F1E06CCD3C288755B7F7023539E3C
SHA1:	F3E315577109F20C9F3F16F4C5BC5675A6A52412
SHA-256:	BC5F3BD109E7EBEBD263DA55D0E726587D0A6583BE1D283A43B960E1CFB8D30E
SHA-512:	19A91FDE5C81465D8DD5761469DD94D8F54C9670D5465B991E2A281C1F25B75B212FF0ED98BC10607C0C2DAC9E6056AC04AC0F7BD1A095AB2BDFFA637A9A83FB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<\|K.R/K.R/K.R/..Q.F.R/..W...R/..V.\.R/..W...R/..V.D.R/..Q.\.R/K.S/..R/..S.F.R/..W.O.R/..[.Y.R/..R.J.R/.../J.R/K../J.R/..P.J.R/RichK.R/................PE..L.....Ua...........!.........x......N;....................................................@.............................d.......x....`...............j...<...p..8..`...p...............................@............................................text............................... ..`.rdata..L...........................@..@.data... )...0......................@....rsrc........`.......6..............@..@.reloc..8...p...,...>..............@..B................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\Seagull_V3_NetMonDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	309976
Entropy (8bit):	6.6399465268446916
Encrypted:	false
SSDEEP:	6144:h56ND1RD4Lgaq2aRj3jiTdXoNQmmAOaSs3rmqqCD:h+D1RD4LgaPaRj3WTdf0SsaqqG
MD5:	33FF361BE4E3B8DCA92F26533FF9A841
SHA1:	51F56219DCFFB04954361058A2C161E24DCD535D
SHA-256:	0DEF002E4B8F5EBB7BF919708CBEE1A8C34CFE9457FD39D705A45CD03F70CD12
SHA-512:	A03755FA898857A34F07D88AA04066CAE6D1AFB7A4D5B2D276C3BC37DF5AD8F2A532E5680986357B3263B556C92728B0CA21ECEE77C0F341BB443AAB6E743801
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e...6...6...6...7...6...7 ..6...7...6...7...6...7...6...7..6...7...6...6...6...7...6...7...6...7...6../6...6..G6...6...7...6Rich...6........PE..L.....Ua...........!.........x.......I.......0............................................@..........................<..\|....<..d....................~...<.......+..P...p...............................@............0...............................text............................... ..`.rdata.......0......................@..@.data...4+...P......................@....rsrc................J..............@..@.reloc...+.......,...R..............@..B........................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\Seagull_V3_PrintDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112344
Entropy (8bit):	6.533196434379069
Encrypted:	false
SSDEEP:	3072:BC8jv+Ua5Vkknigx3N77Brn9mZWzOlv3o3z:BC8zFNkiXMOlvOz
MD5:	C29E9C33F6A07D6349E255311087D4AC
SHA1:	2CA38280E26F89F56AC0B4896037B7BC17A4D2F3
SHA-256:	BCEB10130FF61A4B7B1620856C85DD95B0329E67D7A89A4FDD4696D95892123C
SHA-512:	B53320F990F0F057EBE3CDA75F1C2C39B815024003C8353E407ED0B47DDC814AFC650BF66D06E516DCC540FCC633E80DAF0750DE1925E1AAF4E227B6A4A1B716
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[X>$.9Pw.9Pw.9PwDQSv.9PwDQUv.9PwDQTv.9PwDQQv.9Pw.9Qwm9PwMLUv:9PwMLTv.9PwMLSv.9Pw.LYv.9Pw.LPv.9Pw.L.w.9Pw.9.w.9Pw.LRv.9PwRich.9Pw........................PE..L.....Ua...........!................YX...............................................}...............................[...... \..<....................z...<......T....I..p...........................@J..@...............(............................text............................... ..`.rdata...r.......t..................@..@.data........p.......T..............@....rsrc................`..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................................................................................

C:\TEC_DRV\Win32\tt#92CC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 5511341 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 387 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	5511341
Entropy (8bit):	7.996512811738657
Encrypted:	true
SSDEEP:	98304:rt5c5qPed72/02ruqHVKOZCTebCygkp0rrQUjuA7otWpMrKrBPIBBwMHO0NqVbVP:Z5WNd7282Kq1Xsxyvp0A+uA7egMEBqBS
MD5:	C4AA8151D769CEEF3B3C5545B87E1E4C
SHA1:	BA4DA227B5033E5E77166115AD6D682182EBDF9F
SHA-256:	6CEB6FFDAC191977A6303ACA1D3D06E64EADAB86F35EE16301F3800D5F2465C6
SHA-512:	B5AB8788759CF367FFB4EFB381CAE2B12E79D4A2162A0A939E3DC66B5379AD4F0A526F8AFE3D4FE24254AEEF75AC6A70AF7081D4FC7B044C69BA210068A78D54
Malicious:	false
Preview:	MSCF......T.....,.............................,........S.x .Seagull_DriverCore.dll...1...,....S.x .Seagull_ConfigBase.dll..^....^....S.x .Seagull_PrintBase.dll..n....i....Siw .Seagull_V3_Config.dll..^..`.j....Smw .Seagull_V3_Print.dll.....8.l....S-w .Seagull_V3_Status.dll.......n....S.v .DriverAutomationLibrary.dll..@........S@w .ssdal.exe..T........S.v!.Microsoft.UCRT.cab............S.v!.Microsoft.VC142.CRT.cab.."...2.....S.v .DriverEnvironmentSetup.exe..0...T.....S8w .Seagull_V3_NetMon.dll...........S.v .Seagull_V3_NetMonDispatcher.dll......@.....S.v .Seagull_XPMLServer.dll..M..cM.....S.v .Seagull_DriverStartup.exe..4..s......S.v .Seagull_Driver_Status.exe.....s......S.v!.Seagull_EventMessages.dll.O@..s......S.v!.Seagull_PrintTicketResources.ddz....aU2..CK.Z}PTW....<.....66.I._aBv...n.u.Ik.....hH..?.G..1.......3.?.Z3...T6C..g.......l..v..0..M..h..{....h.3..o).~..;.{.9..\{XH..A... 4.....#..!{.o...c>,h.=.a.j..;-.vl}n..-.7l..cy.Y......[,KV....u.s..2.q.U......].~..\...2..>

C:\TEC_DRV\Win32\tt#9389.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 54849 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 4 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	54849
Entropy (8bit):	7.994528376936864
Encrypted:	true
SSDEEP:	768:iLpake4SDMh9IhTh1p/AGdQMIv5Qz5TJ3kI6zbam9bQsDrzvhnySFz/lZruV4vrK:b4SDzLoGho5QbP63aO0GzZnyGS8cym
MD5:	B9185349EA9A3EC412E073BC71B9ECE7
SHA1:	6887FB50CAC95A64AECA650E23894BBE1BF83639
SHA-256:	E221801BF8702AEE5A369CD82C1578FAEDE4B89AE63F1BFFEBC14177E779D8E2
SHA-512:	5B1126261FDDFAFEEBBEEEF7A92710F9947B274567AF3A63C4DFFE8A7AA33F7DDA4BE0716DE183F112200833ABFBBB776147E720A4B514DE12F79CC92C135EF6
Malicious:	false
Preview:	MSCF....A.......,............................<.........S.x .Seagull_ConfigModule_T2S.dll.....<.....S.x .Seagull_PrintModule_T2S.dll.....,6..CK.:mp.Wro....J..lN...c........QY>V.....+..!@.E....8A..j....A.l....ERNN.6......,..9....\|5wR\|..P".L........K..~....~.13...$.....t.....nr..$.......;9.=.!....5....v...M;..lz....[.v..+..\..Ue.;vVo...;~..c..../.......A...S.. .....=...{.../.:6....^..../...p.nvmet..B.K.n...(..v....k.y.Y!d..x..&s..d<>A.Lj.x...R..9..Nv.AH.1..B.mjb..h.Mr.)../G...H...c.....wY W..@ ..g...f...)..=.......;.....B5.3.~..T..U.).;..%c../.L.r.38.)..ug.n....][p.s...x..&..][kw.!......A.d...._..R7.8.5-..........\NH.....W!./...!>._K...r..8..`.h........T....c.f,..{...s]j".[.I.N...k...$.....:....]I..pF$......L.^..381 *...u.C.@..L..M..\|?.9.y.U..8.C...:+7.q.=.\..(j.....!R.....8[wgD..r........L.x.V\...~+....:.V.[`.Z.y.[..(3.P0tw.@E.$.4.$.V[.. ....z.....P.s...0."..l.P.D.a....%.-.(Q..$.......r...Q.$9.X..YbA(gi.....rJ..-n...tr?X...}....(..v.....

C:\TEC_DRV\Win32\tt#93C8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 169505 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	169505
Entropy (8bit):	7.996758006085387
Encrypted:	true
SSDEEP:	3072:HVeWjRCRdH/GdyJBARhxzdJPo/ujVAXDIC168svcpw0iXubun+VRU7j:1eINdOBAFJ8ujVA/OE+0dbu+Mj
MD5:	3A327AEDA1E73774C9036C38290791EE
SHA1:	4CFDF2A5B5A7CC35485DC2D0D844BE151567DC45
SHA-256:	81BA1A75E49D1180F03FEA3630FC3295EB9CD835A5ADF44F2C00289444E5D38E
SHA-512:	7E061EB35B807F9CFC0D02B775103DB69F8DCA122961D9937ECC20F18368D3A6127E259657A33EC7086F0F0E981FE25C8385DB4A28DDEE243DFAD14F0985B456
Malicious:	false
Preview:	MSCF....!.......,............................D.........S.x .Seagull_ConfigModule_TEC.dll..@...D.....S.x .Seagull_PrintModule_TEC.dll......5..CK.:mp.U..3.d..3...5,a....H0h....pe...I@!6S..pF..M.$L..!..s..}.R..]..K..X0H$Q.f.%q7...F..9Q..W.~...=.3....7U'..=...{.=...8.m`......a....gn.Kc.f.w'2M..OofW......t.....g.Olz...d..>.............[.&'..Tu\.M..'...h..}..h....=..=i..:J.?...}.W.C......c....o....H{..Y..........D..l}...F...c..l..t.MZ_.c.>..8..l`..,..I2.6@..h#8.....2.&...LHf.....6......n72......t..ML."4..t..;...Q\|t..Q..;{..?..Y...<....j...`..swn..9....@....`.....I.....i.h..c..sw>...\.qt...x.8\..-..#...qA..a\|..............u..bO..6..i.M.k.e.Z,g....'.D.=H......n...`.\|..".!s.h...)qW6..}....rC......v.3.......;.d...+..dd..T...}..?..R.fq@..@P,4.[.,...`.T..)..&...+.[.x&......A(LT.......u....,c=.(..W...9.......V...\|.....f.%.3.V>\.J..\|.Y._..bO..e.z...*8G]...Z....bq.Ep\.?Q..p......O_.).4.].wQ(.V)...<.R..z.+^`....?....f.6.....r....V..T.`........[.&n.Z.:

C:\TEC_DRV\Win32\tt#base_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 5511341 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 387 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	5511341
Entropy (8bit):	7.996512811738657
Encrypted:	true
SSDEEP:	98304:rt5c5qPed72/02ruqHVKOZCTebCygkp0rrQUjuA7otWpMrKrBPIBBwMHO0NqVbVP:Z5WNd7282Kq1Xsxyvp0A+uA7egMEBqBS
MD5:	C4AA8151D769CEEF3B3C5545B87E1E4C
SHA1:	BA4DA227B5033E5E77166115AD6D682182EBDF9F
SHA-256:	6CEB6FFDAC191977A6303ACA1D3D06E64EADAB86F35EE16301F3800D5F2465C6
SHA-512:	B5AB8788759CF367FFB4EFB381CAE2B12E79D4A2162A0A939E3DC66B5379AD4F0A526F8AFE3D4FE24254AEEF75AC6A70AF7081D4FC7B044C69BA210068A78D54
Malicious:	false
Preview:	MSCF......T.....,.............................,........S.x .Seagull_DriverCore.dll...1...,....S.x .Seagull_ConfigBase.dll..^....^....S.x .Seagull_PrintBase.dll..n....i....Siw .Seagull_V3_Config.dll..^..`.j....Smw .Seagull_V3_Print.dll.....8.l....S-w .Seagull_V3_Status.dll.......n....S.v .DriverAutomationLibrary.dll..@........S@w .ssdal.exe..T........S.v!.Microsoft.UCRT.cab............S.v!.Microsoft.VC142.CRT.cab.."...2.....S.v .DriverEnvironmentSetup.exe..0...T.....S8w .Seagull_V3_NetMon.dll...........S.v .Seagull_V3_NetMonDispatcher.dll......@.....S.v .Seagull_XPMLServer.dll..M..cM.....S.v .Seagull_DriverStartup.exe..4..s......S.v .Seagull_Driver_Status.exe.....s......S.v!.Seagull_EventMessages.dll.O@..s......S.v!.Seagull_PrintTicketResources.ddz....aU2..CK.Z}PTW....<.....66.I._aBv...n.u.Ik.....hH..?.G..1.......3.?.Z3...T6C..g.......l..v..0..M..h..{....h.3..o).~..;.{.9..\{XH..A... 4.....#..!{.o...c>,h.=.a.j..;-.vl}n..-.7l..cy.Y......[,KV....u.s..2.q.U......].~..\...2..>

C:\TEC_DRV\Win32\tt#t2s_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 54849 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 4 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	54849
Entropy (8bit):	7.994528376936864
Encrypted:	true
SSDEEP:	768:iLpake4SDMh9IhTh1p/AGdQMIv5Qz5TJ3kI6zbam9bQsDrzvhnySFz/lZruV4vrK:b4SDzLoGho5QbP63aO0GzZnyGS8cym
MD5:	B9185349EA9A3EC412E073BC71B9ECE7
SHA1:	6887FB50CAC95A64AECA650E23894BBE1BF83639
SHA-256:	E221801BF8702AEE5A369CD82C1578FAEDE4B89AE63F1BFFEBC14177E779D8E2
SHA-512:	5B1126261FDDFAFEEBBEEEF7A92710F9947B274567AF3A63C4DFFE8A7AA33F7DDA4BE0716DE183F112200833ABFBBB776147E720A4B514DE12F79CC92C135EF6
Malicious:	false
Preview:	MSCF....A.......,............................<.........S.x .Seagull_ConfigModule_T2S.dll.....<.....S.x .Seagull_PrintModule_T2S.dll.....,6..CK.:mp.Wro....J..lN...c........QY>V.....+..!@.E....8A..j....A.l....ERNN.6......,..9....\|5wR\|..P".L........K..~....~.13...$.....t.....nr..$.......;9.=.!....5....v...M;..lz....[.v..+..\..Ue.;vVo...;~..c..../.......A...S.. .....=...{.../.:6....^..../...p.nvmet..B.K.n...(..v....k.y.Y!d..x..&s..d<>A.Lj.x...R..9..Nv.AH.1..B.mjb..h.Mr.)../G...H...c.....wY W..@ ..g...f...)..=.......;.....B5.3.~..T..U.).;..%c../.L.r.38.)..ug.n....][p.s...x..&..][kw.!......A.d...._..R7.8.5-..........\NH.....W!./...!>._K...r..8..`.h........T....c.f,..{...s]j".[.I.N...k...$.....:....]I..pF$......L.^..381 *...u.C.@..L..M..\|?.9.y.U..8.C...:+7.q.=.\..(j.....!R.....8[wgD..r........L.x.V\...~+....:.V.[`.Z.y.[..(3.P0tw.@E.$.4.$.V[.. ....z.....P.s...0."..l.P.D.a....%.-.(Q..$.......r...Q.$9.X..YbA(gi.....rJ..-n...tr?X...}....(..v.....

C:\TEC_DRV\Win32\tt#tec_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 169505 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	169505
Entropy (8bit):	7.996758006085387
Encrypted:	true
SSDEEP:	3072:HVeWjRCRdH/GdyJBARhxzdJPo/ujVAXDIC168svcpw0iXubun+VRU7j:1eINdOBAFJ8ujVA/OE+0dbu+Mj
MD5:	3A327AEDA1E73774C9036C38290791EE
SHA1:	4CFDF2A5B5A7CC35485DC2D0D844BE151567DC45
SHA-256:	81BA1A75E49D1180F03FEA3630FC3295EB9CD835A5ADF44F2C00289444E5D38E
SHA-512:	7E061EB35B807F9CFC0D02B775103DB69F8DCA122961D9937ECC20F18368D3A6127E259657A33EC7086F0F0E981FE25C8385DB4A28DDEE243DFAD14F0985B456
Malicious:	false
Preview:	MSCF....!.......,............................D.........S.x .Seagull_ConfigModule_TEC.dll..@...D.....S.x .Seagull_PrintModule_TEC.dll......5..CK.:mp.U..3.d..3...5,a....H0h....pe...I@!6S..pF..M.$L..!..s..}.R..]..K..X0H$Q.f.%q7...F..9Q..W.~...=.3....7U'..=...{.=...8.m`......a....gn.Kc.f.w'2M..OofW......t.....g.Olz...d..>.............[.&'..Tu\.M..'...h..}..h....=..=i..:J.?...}.W.C......c....o....H{..Y..........D..l}...F...c..l..t.MZ_.c.>..8..l`..,..I2.6@..h#8.....2.&...LHf.....6......n72......t..ML."4..t..;...Q\|t..Q..;{..?..Y...<....j...`..swn..9....@....`.....I.....i.h..c..sw>...\.qt...x.8\..-..#...qA..a\|..............u..bO..6..i.M.k.e.Z,g....'.D.=H......n...`.\|..".!s.h...)qW6..}....rC......v.3.......;.d...+..dd..T...}..?..R.fq@..@P,4.[.,...`.T..)..&...+.[.x&......A(LT.......u....,c=.(..W...9.......V...\|.....f.%.3.V>\.J..\|.Y._..bO..e.z...*8G]...Z....bq.Ep\.?Q..p......O_.).4.].wQ(.V)...<.R..z.+^`....?....f.6.....r....V..T.`........[.&n.Z.:

C:\TEC_DRV\lic92AB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252
Category:	dropped
Size (bytes):	5065
Entropy (8bit):	5.0451010147868365
Encrypted:	false
SSDEEP:	96:MnuPfFvAHA80YNs98BJF9iAEU/t8orQ92OCUeSEH/wTvWv/qFk92:eQfCHA80YNsGFM0aoEsfFH/wi3qFk92
MD5:	D79ED09013D9B1B95282A47FE0FE118F
SHA1:	AFEC8C4B7125FAD1F5DEE4A13509E55AC6FFA153
SHA-256:	ABE35F1AADE97C74640EBC7D9829061F70A6627945E69C679CD9384B0A4F921C
SHA-512:	994280F7A87A966C19A9F2039196BDC653225C3CD02481DBC3B4DACC40C9B187BB5A1B40DD0B32FBC0CEE127D4981662B4ED1921811F20183CFFBE932BAC3141
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}}..{\colortbl ;\red0\green0\blue0;}..\viewkind4\uc1\pard\qc\cf1\lang1033\b\f0\fs28 WINDOWS PRINTER DRIVER\fs24\par..\fs18 LICENSE AND LIMITED WARRANTY\cf0\b0\fs20\par..\pard\par..\cf1\fs16 Seagull Scientific, Inc. ("Seagull") grants you a non-exclusive license to use the accompanying Windows Printer Driver(s) and related documentation ("Seagull Software"), subject to the following provisions. You assume full responsibility for the selection of the Seagull Software to achieve your intended results, and for the installation, use, and results obtained from the Seagull Software.\par..\par..Both the software and the related material are Copyrighted and are protected by law. Title to and all rights and interests in the Seagull Software, wherever resident and on whatever media, are and shall remain the property of Seagull. Furthermore, by using the accompanying driver(s), you agree to accept all terms of this license.

C:\TEC_DRV\licTTenu.rtf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252
Category:	dropped
Size (bytes):	5065
Entropy (8bit):	5.0451010147868365
Encrypted:	false
SSDEEP:	96:MnuPfFvAHA80YNs98BJF9iAEU/t8orQ92OCUeSEH/wTvWv/qFk92:eQfCHA80YNsGFM0aoEsfFH/wi3qFk92
MD5:	D79ED09013D9B1B95282A47FE0FE118F
SHA1:	AFEC8C4B7125FAD1F5DEE4A13509E55AC6FFA153
SHA-256:	ABE35F1AADE97C74640EBC7D9829061F70A6627945E69C679CD9384B0A4F921C
SHA-512:	994280F7A87A966C19A9F2039196BDC653225C3CD02481DBC3B4DACC40C9B187BB5A1B40DD0B32FBC0CEE127D4981662B4ED1921811F20183CFFBE932BAC3141
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}}..{\colortbl ;\red0\green0\blue0;}..\viewkind4\uc1\pard\qc\cf1\lang1033\b\f0\fs28 WINDOWS PRINTER DRIVER\fs24\par..\fs18 LICENSE AND LIMITED WARRANTY\cf0\b0\fs20\par..\pard\par..\cf1\fs16 Seagull Scientific, Inc. ("Seagull") grants you a non-exclusive license to use the accompanying Windows Printer Driver(s) and related documentation ("Seagull Software"), subject to the following provisions. You assume full responsibility for the selection of the Seagull Software to achieve your intended results, and for the installation, use, and results obtained from the Seagull Software.\par..\par..Both the software and the related material are Copyrighted and are protected by law. Title to and all rights and interests in the Seagull Software, wherever resident and on whatever media, are and shall remain the property of Seagull. Furthermore, by using the accompanying driver(s), you agree to accept all terms of this license.

C:\TEC_DRV\tos92BC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\TEC_DRV\toshibatec.cat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\TEC_DRV\x64\Sea970B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\TEC_DRV\x64\Sea97A9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	modified
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\TEC_DRV\x64\Sea97D9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\TEC_DRV\x64\Seagull_V3_ConfigDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\TEC_DRV\x64\Seagull_V3_NetMonDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\TEC_DRV\x64\Seagull_V3_PrintDispatcher.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\TEC_DRV\x64\tt#9469.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\TEC_DRV\x64\tt#95B2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\TEC_DRV\x64\tt#95F1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\TEC_DRV\x64\tt#base_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\TEC_DRV\x64\tt#t2s_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\TEC_DRV\x64\tt#tec_2021.3.0.0.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\Users\user\AppData\Local\Temp\7F7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	204800
Entropy (8bit):	2.818856053143072
Encrypted:	false
SSDEEP:	3072:RvkFaU3JJGACQ0alHQD5lbQ8ckY2qhLYZRLaopc0pIVYcQtQzQfCQlpU7xxCQ0C3:
MD5:	8D79A0F3E8BEB1F8184CE64D05E895AA
SHA1:	02C630CB94889D4164EC7B744C6FBBD6A270F16F
SHA-256:	894D6E0F70806D8B26015CAD8C8303DB932FED06DD1E7A1E866397CCAB28DD2D
SHA-512:	E3CC4B3C6F21621F6106FA0960BCB5C420E4F6CC937AEF8359D9C2D476ACDD60BF5CE95FBF383F0DC461DF9757CD3568FA2E6EFABBD33FE6047244946C1E9819
Malicious:	false
Preview:	......................>.......................................................u.......................................................................................................................................................................................................................................................................................................................................................................................................................................................!..............................................................................................................."... ...)...^...#...$...%...&...'...(...6...7...+...,...-......./...0...1...2...3...4...5.......8...T...9...:...;...<...=...>...?...@...A...\...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...U...[...V...W...X...Y...Z...n...]..._...`.......m...a...t...c...d...e...f...g...h...i...j...k...l.......s...o...p...q...r...................w...x...y...z...

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\Defaults[TT]_2021.3.0.0.sds (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9AB2.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9AF1.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B02.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B22.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B33.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9B53.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9BD1.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\SET9BE2.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\t2sTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\t2sTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tecTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tecTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#base_2021.3.0.0.ddz (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#t2s_2021.3.0.0.ddz (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\Common\tt#tec_2021.3.0.0.ddz (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DCD.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\SET9DED.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.cat (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C31.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C70.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9C91.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9CB1.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D6D.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\SET9D9D.tmp

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\Seagull_V3_PrintDispatcher.dll (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#base_2021.3.0.0.cab (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#t2s_2021.3.0.0.cab (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\x64\tt#tec_2021.3.0.0.cab (copy)

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISB87C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	182008
Entropy (8bit):	5.745001134941054
Encrypted:	false
SSDEEP:	3072:CIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYVdeZ2bgA/qrXo:2Un0mT8Sc/T4F1bnxg85
MD5:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
SHA1:	49199A62DE0EDA485B5287BAD469F92AD8EBD407
SHA-256:	4104FDE5404BFB3C5347B8ECDAEC89A2E746B1162DC75186BC79738805818C0A
SHA-512:	1393BD6C06C30DF7414494E5B06242445EB8AFDF5467C6A5E875F2C63506B0B581322B6444C6D8F06B39AA5B04D1C55A631CCF932DC6D5043296DD3ED3CD9FC8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...6.yY.........."......X...v.................@..........................................`..................................................J..................$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc................v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	182008
Entropy (8bit):	5.745001134941054
Encrypted:	false
SSDEEP:	3072:CIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYVdeZ2bgA/qrXo:2Un0mT8Sc/T4F1bnxg85
MD5:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
SHA1:	49199A62DE0EDA485B5287BAD469F92AD8EBD407
SHA-256:	4104FDE5404BFB3C5347B8ECDAEC89A2E746B1162DC75186BC79738805818C0A
SHA-512:	1393BD6C06C30DF7414494E5B06242445EB8AFDF5467C6A5E875F2C63506B0B581322B6444C6D8F06B39AA5B04D1C55A631CCF932DC6D5043296DD3ED3CD9FC8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...6.yY.........."......X...v.................@..........................................`..................................................J..................$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc................v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\cor84A.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	65503
Entropy (8bit):	3.783333450686201
Encrypted:	false
SSDEEP:	1536:biZVg/LPnypGccYM3MFe/Xvv+JcvpqLm416lt91FHWEi7I8qQdeVH3+HF2FnlP5r:gW/LPni+3MFe/XycRj4slt9HHWEi7I8M
MD5:	09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:	01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:	8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:	false
Preview:	; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\corecomp.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	65503
Entropy (8bit):	3.783333450686201
Encrypted:	false
SSDEEP:	1536:biZVg/LPnypGccYM3MFe/Xvv+JcvpqLm416lt91FHWEi7I8qQdeVH3+HF2FnlP5r:gW/LPni+3MFe/XycRj4slt9HHWEi7I8M
MD5:	09D38CECA6A012F4CE5B54F03DB9B21A
SHA1:	01FCB72F22205E406FF9A48C5B98D7B7457D7D98
SHA-256:	F6D7BC8CA6550662166F34407968C7D3669613E50E98A4E40BEC1589E74FF5D1
SHA-512:	8C73CA3AF53A9BAF1B9801F87A8FF759DA9B40637A86567C6CC10AB491ACCB446B40C8966807BD06D52EB57384E2D6A4886510DE338019CFD7EF966B45315BA9
Malicious:	false
Preview:	; Corecomp.ini..;..; This file stores information about files that InstallShield..; will install to the Windows\System folder, such as Windows..; 95 and NT 4.0 core components and DAO, ODBC, and ActiveX files...; ..; The entries have the following format, without a space before ..; or after the equal sign:..;..; <file name>=<properties>..; ..; Currently, following properties are supported:..; 0x00000000 No registry entry is created for this file. It is..; not logged for uninstallation, and is therefore ..; never removed...;..; Inappropriate modification to this file can prevent an..; application from getting Windows 95/Windows NT logo...;..; Last Updated: 2/27/2002; rs....[Win32]....12500852.cpx=0x00000000 ..12510866.cpx=0x00000000 ..12520437.cpx=0x00000000..12520850.cpx=0x00000000..12520860.cpx=0x00000000..12520861.cpx=0x00000000 ..12520863.cpx=0x00000000 ..12520865.cpx=0x00000000..6to4svc.dll=0x00000000..82557ndi.dll=0x00000000..8514a.dll=0x000

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23816
Entropy (8bit):	4.157035386837471
Encrypted:	false
SSDEEP:	192:YEm805ZvWFXfXDuQkC2+Z4nYe+PjPrSBO3SwVEnujexYi:q8SZvWFSQzHOnYPLWhjei
MD5:	A6CBAC7CEF4B03FCB1A9D65A5337B46C
SHA1:	DEC659C2ADEEA0B8E6C40DB8290F5855D652D7F4
SHA-256:	46AD0972344B2C71B560DAEB90075FDC5BD80F5D3AF33F1FD8B4C2D3A09FF978
SHA-512:	E8EBB5150274882E53AE7CC2BA21B01F2A7270D0FF7E979C8163EBB7600A8245D7ADEC5AAABE705EF03B5F16987649B21D6ABEBCB438935919D7403F8B25D05A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....yY..................... .......... ...@....... ....................................@....................................K....@..x............@.......`....................................................... ............... ..H............text........ ...................... ..`.rsrc...x....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dot86C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.677494553177857
Encrypted:	false
SSDEEP:	3:cTIMOoIRuQVK/FNURAmIRMNHNQAolFNURAmIRMNHjKbo5KWREBAW4QIMOn:8IffVKNC7VNQAofC7V2bopuAW4QIT
MD5:	DB722945AB9C024CE55E469644393824
SHA1:	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56
SHA-256:	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
SHA-512:	40503C28296CEB68428E327AC79326579C067511638263A477534B8E33341F24E2944077ACCDABB947981980F91604B71B6715A1488181B9C48515AB81271ED8
Malicious:	false
Preview:	<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23816
Entropy (8bit):	4.157035386837471
Encrypted:	false
SSDEEP:	192:YEm805ZvWFXfXDuQkC2+Z4nYe+PjPrSBO3SwVEnujexYi:q8SZvWFSQzHOnYPLWhjei
MD5:	A6CBAC7CEF4B03FCB1A9D65A5337B46C
SHA1:	DEC659C2ADEEA0B8E6C40DB8290F5855D652D7F4
SHA-256:	46AD0972344B2C71B560DAEB90075FDC5BD80F5D3AF33F1FD8B4C2D3A09FF978
SHA-512:	E8EBB5150274882E53AE7CC2BA21B01F2A7270D0FF7E979C8163EBB7600A8245D7ADEC5AAABE705EF03B5F16987649B21D6ABEBCB438935919D7403F8B25D05A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....yY..................... .......... ...@....... ....................................@....................................K....@..x............@.......`....................................................... ............... ..H............text........ ...................... ..`.rsrc...x....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\dotnetinstaller.exe.config (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.677494553177857
Encrypted:	false
SSDEEP:	3:cTIMOoIRuQVK/FNURAmIRMNHNQAolFNURAmIRMNHjKbo5KWREBAW4QIMOn:8IffVKNC7VNQAofC7V2bopuAW4QIT
MD5:	DB722945AB9C024CE55E469644393824
SHA1:	191782B3B4C7BD21FABB3D5B655B7F2DEC2F4F56
SHA-256:	C7E5BDC4B79F7F8C68C5F09C0C055E97FB8C62FE1B5D469B3527AB6B767C8DF2
SHA-512:	40503C28296CEB68428E327AC79326579C067511638263A477534B8E33341F24E2944077ACCDABB947981980F91604B71B6715A1488181B9C48515AB81271ED8
Malicious:	false
Preview:	<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\DIF849.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	84
Entropy (8bit):	4.638552692098388
Encrypted:	false
SSDEEP:	3:m1eAsIdWVVVWhs6E2QVVK2Whsyor3Vg2Wn:mdv0am2QVVgQ3Van
MD5:	1EB6253DEE328C2063CA12CF657BE560
SHA1:	46E01BCBB287873CF59C57B616189505D2BB1607
SHA-256:	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
SHA-512:	7C573896ABC86D899AFBCE720690454C06DBFAFA97B69BC49B8E0DDEC5590CE16F3CC1A30408314DB7C4206AA95F5C684A6587EA2DA033AECC4F70720FC6189E
Malicious:	false
Preview:	[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No..

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\DIFxData.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	84
Entropy (8bit):	4.638552692098388
Encrypted:	false
SSDEEP:	3:m1eAsIdWVVVWhs6E2QVVK2Whsyor3Vg2Wn:mdv0am2QVVgQ3Van
MD5:	1EB6253DEE328C2063CA12CF657BE560
SHA1:	46E01BCBB287873CF59C57B616189505D2BB1607
SHA-256:	6BC8B890884278599E4C0CA4095CEFDF0F5394C5796012D169CC0933E03267A1
SHA-512:	7C573896ABC86D899AFBCE720690454C06DBFAFA97B69BC49B8E0DDEC5590CE16F3CC1A30408314DB7C4206AA95F5C684A6587EA2DA033AECC4F70720FC6189E
Malicious:	false
Preview:	[<Properties>]..DIFx32Supported=No..DIFxIntel64Supported=No..DIFxAMD64Supported=No..

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Fon839.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	38
Entropy (8bit):	4.168465671110589
Encrypted:	false
SSDEEP:	3:m1eAsCMWRXBQY8A3:mdjXIY8A3
MD5:	D1BDA1CBB8E18BC2977C5C29BAC13891
SHA1:	418093A89C55C38E6014E7A4B1300C40314DE04F
SHA-256:	4586A347528185485758D2EA2D49E9893D6DC3DF26AFD70A611E1EEB31E303FC
SHA-512:	80B578A2B27E10CA89612164AA1B48BBF343EB2C59B267AAEB4415D04680496E33A8988B09D0F0D02F0BB745B4E2B204F20ABDEC43AEFCC72F19E14E9154C366
Malicious:	false
Preview:	[<Properties>]..FontRegistration=Yes..

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\FontData.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	38
Entropy (8bit):	4.168465671110589
Encrypted:	false
SSDEEP:	3:m1eAsCMWRXBQY8A3:mdjXIY8A3
MD5:	D1BDA1CBB8E18BC2977C5C29BAC13891
SHA1:	418093A89C55C38E6014E7A4B1300C40314DE04F
SHA-256:	4586A347528185485758D2EA2D49E9893D6DC3DF26AFD70A611E1EEB31E303FC
SHA-512:	80B578A2B27E10CA89612164AA1B48BBF343EB2C59B267AAEB4415D04680496E33A8988B09D0F0D02F0BB745B4E2B204F20ABDEC43AEFCC72F19E14E9154C366
Malicious:	false
Preview:	[<Properties>]..FontRegistration=Yes..

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Lic838.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	2460
Entropy (8bit):	5.054956122864903
Encrypted:	false
SSDEEP:	48:M5U0fUGDhtDeR7S7cTci4DfAQLWLryyA6gPi2rmx8uF0bpJYukh0t9DTT2:M5Tf1byMgLWArB5QFPk432
MD5:	E0B897E5971285262887688167924298
SHA1:	DBBF1E0EE9323F77B8B8B92ED0D71FFB28F18F2B
SHA-256:	0D37B537E1BB3BA4F3848262C10F2ECE651B07169B1317090D758E34F6680131
SHA-512:	C3470E2BBD1E1C8C8B901D1007A20B7B6ACF7C7765AC1D8361E99A1A3FDA5D78C10987E8A4D36104817C7866B419E1000BD74066CA80A2771E343C5DBFED98F4
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset0 Arial;}}..{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\nowidctlpar\f0\fs16 1. You may use this Software on a single TOSHIBA TEC bar-code printer acquainted from affiliated company, dealer or distributor of TOSHIBA TEC. \par..\par..2. You shall not grant a sub-license, distribute, transfer, lend or otherwise dispose of this Software, in whole or in part, for the use of any third party other than you except as otherwise expressly provided herein. \par..\par..3. You shall not, nor cause or permit any third party to, modify, adapt, merge, translate, reverse engineering, reverse compile or disassemble this Software, in whole or in part, except as otherwise expressly provided herein. \par..\par..4. You shall not copy or make a duplicate (or backup copy) of this Software, in whole or in part, except as otherwise expressly provided herein. \par..\par..5. A

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\License.rtf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	2460
Entropy (8bit):	5.054956122864903
Encrypted:	false
SSDEEP:	48:M5U0fUGDhtDeR7S7cTci4DfAQLWLryyA6gPi2rmx8uF0bpJYukh0t9DTT2:M5Tf1byMgLWArB5QFPk432
MD5:	E0B897E5971285262887688167924298
SHA1:	DBBF1E0EE9323F77B8B8B92ED0D71FFB28F18F2B
SHA-256:	0D37B537E1BB3BA4F3848262C10F2ECE651B07169B1317090D758E34F6680131
SHA-512:	C3470E2BBD1E1C8C8B901D1007A20B7B6ACF7C7765AC1D8361E99A1A3FDA5D78C10987E8A4D36104817C7866B419E1000BD74066CA80A2771E343C5DBFED98F4
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset0 Arial;}}..{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\nowidctlpar\f0\fs16 1. You may use this Software on a single TOSHIBA TEC bar-code printer acquainted from affiliated company, dealer or distributor of TOSHIBA TEC. \par..\par..2. You shall not grant a sub-license, distribute, transfer, lend or otherwise dispose of this Software, in whole or in part, for the use of any third party other than you except as otherwise expressly provided herein. \par..\par..3. You shall not, nor cause or permit any third party to, modify, adapt, merge, translate, reverse engineering, reverse compile or disassemble this Software, in whole or in part, except as otherwise expressly provided herein. \par..\par..4. You shall not copy or make a duplicate (or backup copy) of this Software, in whole or in part, except as otherwise expressly provided herein. \par..\par..5. A

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\Str89D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2696
Entropy (8bit):	3.710868068210423
Encrypted:	false
SSDEEP:	48:rscCQ8l9Ci8l9QQGQcLAxOKGM1SqDABdv3TcaMfQyWvcK6Mf9ja1jiKWfaYOJ4iv:rscISQHQmyrUeAL3TcnQcKH9ja1jiKWQ
MD5:	89B9FFF50A2AFC35A2796DDE5B273329
SHA1:	F8D49D15D11AB67B1CCE905726BCE96CA95814C6
SHA-256:	4B7F9354CE0BD9D301C1463874EF3AD66E437E5ABC67D9F37AD3996D1B40A43F
SHA-512:	AC531B6BDAEFE7FCFB2CDF79A0939C5DAD680A4B2F28E3D128F1610FA73BB67F9F6B0E5FB1323B87577AD0FA146764FAD604A151C522C4423FD70CBC25D9EF5F
Malicious:	false
Preview:	..[.S.t.r.i.n.g.T.a.b.l.e.:.D.a.t.a.:.0.4.0.9.].....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E._.D.E.S.C.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M.=.C.u.s.t.o.m.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M._.D.E.S.C._.P.R.O.=.C.u.s.t.o.m.....I.D.S._.E.R.R.O.R._.2.7.5.3.0.=.U.n.k.n.o.w.n. .e.r.r.o.r. .r.e.t.u.r.n.e.d. .f.r.o.m. .N.e.t.A.P.I... .S.y.s.t.e.m. .e.r.r.o.r.:. .[.2.].....I.D.S._.P.R.E.R.E.Q.U.I.S.I.T.E._.S.E.T.U.P._.B.R.O.W.S.E.=.O.p.e.n. .[.P.r.o.d.u.c.t.N.a.m.e.].'.s. .o.r.i.g.i.n.a.l. .[.S.E.T.U.P.E.X.E.N.A.M.E.].....I.D.S._.P.R.E.R.E.Q.U.I.S.I.T.E._.S.E.T.U.P._.I.N.V.A.L.I.D.=.T.h.i.s. .e.x.e.c.u.t.a.b.l.e. .f.i.l.e. .d.o.e.s. .n.o.t. .a.p.p.e.a.r. .t.o. .b.e. .t.h.e. .o.r.i.g.i.n.a.l. .e.x.e.c.u.t.a.b.l.e. .f.i.l.e. .f.o.r. .[.P.r.o.d.u.c.t.N.a.m.e.]... .W.i.t.h.o.u.t. .u.s.i.n.g. .t.h.e. .o.r.i.g.i.n.a.l. .[.S.E.T.U.P.E.X.E.N.A.M.E.]. .t.o. .i.n.s.t.a.l.l. .a.d.

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\StringTable_0x0409.ips (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2696
Entropy (8bit):	3.710868068210423
Encrypted:	false
SSDEEP:	48:rscCQ8l9Ci8l9QQGQcLAxOKGM1SqDABdv3TcaMfQyWvcK6Mf9ja1jiKWfaYOJ4iv:rscISQHQmyrUeAL3TcnQcKH9ja1jiKWQ
MD5:	89B9FFF50A2AFC35A2796DDE5B273329
SHA1:	F8D49D15D11AB67B1CCE905726BCE96CA95814C6
SHA-256:	4B7F9354CE0BD9D301C1463874EF3AD66E437E5ABC67D9F37AD3996D1B40A43F
SHA-512:	AC531B6BDAEFE7FCFB2CDF79A0939C5DAD680A4B2F28E3D128F1610FA73BB67F9F6B0E5FB1323B87577AD0FA146764FAD604A151C522C4423FD70CBC25D9EF5F
Malicious:	false
Preview:	..[.S.t.r.i.n.g.T.a.b.l.e.:.D.a.t.a.:.0.4.0.9.].....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.O.M.P.L.E.T.E._.D.E.S.C.=.C.o.m.p.l.e.t.e.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M.=.C.u.s.t.o.m.....I.D.P.R.O.P._.S.E.T.U.P.T.Y.P.E._.C.U.S.T.O.M._.D.E.S.C._.P.R.O.=.C.u.s.t.o.m.....I.D.S._.E.R.R.O.R._.2.7.5.3.0.=.U.n.k.n.o.w.n. .e.r.r.o.r. .r.e.t.u.r.n.e.d. .f.r.o.m. .N.e.t.A.P.I... .S.y.s.t.e.m. .e.r.r.o.r.:. .[.2.].....I.D.S._.P.R.E.R.E.Q.U.I.S.I.T.E._.S.E.T.U.P._.B.R.O.W.S.E.=.O.p.e.n. .[.P.r.o.d.u.c.t.N.a.m.e.].'.s. .o.r.i.g.i.n.a.l. .[.S.E.T.U.P.E.X.E.N.A.M.E.].....I.D.S._.P.R.E.R.E.Q.U.I.S.I.T.E._.S.E.T.U.P._.I.N.V.A.L.I.D.=.T.h.i.s. .e.x.e.c.u.t.a.b.l.e. .f.i.l.e. .d.o.e.s. .n.o.t. .a.p.p.e.a.r. .t.o. .b.e. .t.h.e. .o.r.i.g.i.n.a.l. .e.x.e.c.u.t.a.b.l.e. .f.i.l.e. .f.o.r. .[.P.r.o.d.u.c.t.N.a.m.e.]... .W.i.t.h.o.u.t. .u.s.i.n.g. .t.h.e. .o.r.i.g.i.n.a.l. .[.S.E.T.U.P.E.X.E.N.A.M.E.]. .t.o. .i.n.s.t.a.l.l. .a.d.

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_is9C8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1863024
Entropy (8bit):	5.6880358236693995
Encrypted:	false
SSDEEP:	12288:es4d9dfaOdWUIhpJCPtjvntnSb8COevQonCLPub+7iqV:ghrWVhDCPtjvntnSb8COevQonCfrV
MD5:	A05838872C391E729B414D2B15083983
SHA1:	027038259B7C4BFE0066B6F5635E416EFBD84157
SHA-256:	A7C7DB8CE84441DF150EE880E5BDE9C17BC7C85DC87A61B1760738ECEB61AD52
SHA-512:	0B13D56945A381DCFD453E9D21D62B030007D24B89FA6F7EAF75D62CA80F7C7FE1842A44D9DEB25E286AC8FB1FE7C3567666C1E116C96DFD641B56E99262125A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...[.yY...........!.........................................................p...............................................@..(....P..V...........pP.......@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...V....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\_isres_0x0409.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1863024
Entropy (8bit):	5.6880358236693995
Encrypted:	false
SSDEEP:	12288:es4d9dfaOdWUIhpJCPtjvntnSb8COevQonCLPub+7iqV:ghrWVhDCPtjvntnSb8COevQonCfrV
MD5:	A05838872C391E729B414D2B15083983
SHA1:	027038259B7C4BFE0066B6F5635E416EFBD84157
SHA-256:	A7C7DB8CE84441DF150EE880E5BDE9C17BC7C85DC87A61B1760738ECEB61AD52
SHA-512:	0B13D56945A381DCFD453E9D21D62B030007D24B89FA6F7EAF75D62CA80F7C7FE1842A44D9DEB25E286AC8FB1FE7C3567666C1E116C96DFD641B56E99262125A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...[.yY...........!.........................................................p...............................................@..(....P..V...........pP.......@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...V....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\def9C7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:	dropped
Size (bytes):	1168
Entropy (8bit):	2.551387347019812
Encrypted:	false
SSDEEP:	12:b126a96IlDkYTYcspSuB0MRG763GDwFGrZYOFBz3WI7KEpw3f6QL7nhem:Ax96Il9T3ISMg76KJrZtT2b5X
MD5:	0ABAFE3F69D053494405061DE2629C82
SHA1:	E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:	63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:	false
Preview:	RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\default.pal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Category:	dropped
Size (bytes):	1168
Entropy (8bit):	2.551387347019812
Encrypted:	false
SSDEEP:	12:b126a96IlDkYTYcspSuB0MRG763GDwFGrZYOFBz3WI7KEpw3f6QL7nhem:Ax96Il9T3ISMg76KJrZtT2b5X
MD5:	0ABAFE3F69D053494405061DE2629C82
SHA1:	E414B6F1E9EB416B9895012D24110B844F9F56D1
SHA-256:	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
SHA-512:	63448F2BEF338EA44F3BF9EF35E594EF94B4259F3B2595D77A836E872129B879CEF912E23CF48421BABF1208275E21DA1FABFDC494958BCFCD391C78308EAA27
Malicious:	false
Preview:	RIFF....PAL data..........................................................f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3...............f...3..................f...3...............f..3.....f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3...................f...3..................f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3................f...3.....f...f...f...f.f.f.3.f...f...f...f..f.f.f.3.f...f...f...f...f.i.f.3.f...ff..ff..ff..fff.ff3.ff..f3..f3..f3..f3f.f33.f3..f...f...f...f.f.f.3.f...3...3...3...3.f.3.3.3...3...3...3..3.f.3.3.3...3...3...3...3.f.3.3.3...3f..3f..3f..3ff.3f3.3f..33..33..33..33f.333.33..3...3...3...3.f.3.3.3.............f...3..............f...3...................f...3......f...f...f...ff..f3..f...3...3...3...3f..33..3............f...3.........................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isr8CC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	432880
Entropy (8bit):	7.972245581674079
Encrypted:	false
SSDEEP:	12288:bQaI0sMvcMcl2xwNKASn+T3BKrJ1qhfcL1B:bK0s6cMcXAAQ+1w1qAn
MD5:	67B3328F3CC34596EC941DDA8574F606
SHA1:	219A67104A18F71C0CCB7B9D73F435D76E44F584
SHA-256:	CB80BFDD8263BB9AFF04BDC7D6BE71AD09800895B616223D8F97048AA0A506F7
SHA-512:	5E81FAC5A4E48353BDD0A60E8882B4B51A79298124D9FE8235940643BF2E4BFB13A881841A69DC479E1658CD42C6772C76A761CC2BE8342122E53460357C5091
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..{'T.{'T.{'T...T.{'Tr..T.{'T!..T.{'Tr..T.{'Tr..T.{'T...T.{'T...T.{'T.{&Twz'T...T.{'T!..T.{'T!..T.{'T!..T.{'T.{.T.{'T!..T.{'TRich.{'T................PE..L.....yY...........!.....b...6............................................... .......C..................................S...T........................~..................8....................................................=..@....................text............D......PEC2MO...... ....rsrc....@.......4...H.............. ....reloc...............\|..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\isrt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	432880
Entropy (8bit):	7.972245581674079
Encrypted:	false
SSDEEP:	12288:bQaI0sMvcMcl2xwNKASn+T3BKrJ1qhfcL1B:bK0s6cMcXAAQ+1w1qAn
MD5:	67B3328F3CC34596EC941DDA8574F606
SHA1:	219A67104A18F71C0CCB7B9D73F435D76E44F584
SHA-256:	CB80BFDD8263BB9AFF04BDC7D6BE71AD09800895B616223D8F97048AA0A506F7
SHA-512:	5E81FAC5A4E48353BDD0A60E8882B4B51A79298124D9FE8235940643BF2E4BFB13A881841A69DC479E1658CD42C6772C76A761CC2BE8342122E53460357C5091
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..{'T.{'T.{'T...T.{'Tr..T.{'T!..T.{'Tr..T.{'Tr..T.{'T...T.{'T...T.{'T.{&Twz'T...T.{'T!..T.{'T!..T.{'T!..T.{'T.{.T.{'T!..T.{'TRich.{'T................PE..L.....yY...........!.....b...6............................................... .......C..................................S...T........................~..................8....................................................=..@....................text............D......PEC2MO...... ....rsrc....@.......4...H.............. ....reloc...............\|..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\set818.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	242887
Entropy (8bit):	7.371973942786583
Encrypted:	false
SSDEEP:	3072:jj8c5YXVaNPsBAthNjLFCWGHGfc0qOCSExyUNSj6x/EL+0gx8hMFFMg/tFsnIiQt:jj8/la5R/Ga6S0/AgO6/aaW+6i9J
MD5:	3318F6FEA6DBB00C6F81A852C61FEAA9
SHA1:	6CA7D50C2947C849F666300640D2E46537627684
SHA-256:	535E4139060BDEACAD3FA63C9E940E228EFAD4502D6C63C6740BA9854A315457
SHA-512:	AFB253FA9B661642367A733BE612A23436E798D11616BD58C09B5C0771946BF72826223525D499527A2182D52F21EB4601B12A9A347EE48DAE16C0FD38D8E442
Malicious:	false
Preview:	t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}a.=mQ.Y]A..M1.j)!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-...............................]......a..(..H....YQQEY.0.o=55.={.gC[..W.....O.So##` ......,..x8........X......]..H.........5MM.5s..gW.CKgCC.....;..TDh..8P@........8.....p.e..Q...\| h......%]1II.1....S[wSS.[.G.W.o....L.`H ..D.. ........t....L......ayyIa......s..w!99.!....Gs[K[............T,.0,,......\|(.....l...P...yyy!a...........w.o.....W.;o?g..+O.....4.,$\.@....<......l......}uuI}.4..@....!99.!..s.w..3{.SGk.......0.D4\.... H.............4...Ye}!e. ..D....c.w......w3.;#.#C.[.THl....(.<,4p,.$.......a..t...8..L..YQQ=Y...w.{o..`.--..S.w3.7+kk .....$..H8@.X,0...y...........x...H...1miMQ.c4....{%9-%%.-c.sO.....'7?..... @\D.....H...................iuUaaUi...MEE%M..gk........?.7wK.....@.\|$d8......$.<................e}}Qe...I]1II.1.W.[.c_.;[s.....g..W..L<l...

C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.inx (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	242887
Entropy (8bit):	7.371973942786583
Encrypted:	false
SSDEEP:	3072:jj8c5YXVaNPsBAthNjLFCWGHGfc0qOCSExyUNSj6x/EL+0gx8hMFFMg/tFsnIiQt:jj8/la5R/Ga6S0/AgO6/aaW+6i9J
MD5:	3318F6FEA6DBB00C6F81A852C61FEAA9
SHA1:	6CA7D50C2947C849F666300640D2E46537627684
SHA-256:	535E4139060BDEACAD3FA63C9E940E228EFAD4502D6C63C6740BA9854A315457
SHA-512:	AFB253FA9B661642367A733BE612A23436E798D11616BD58C09B5C0771946BF72826223525D499527A2182D52F21EB4601B12A9A347EE48DAE16C0FD38D8E442
Malicious:	false
Preview:	t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}a.=mQ.Y]A..M1.j)!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-...............................]......a..(..H....YQQEY.0.o=55.={.gC[..W.....O.So##` ......,..x8........X......]..H.........5MM.5s..gW.CKgCC.....;..TDh..8P@........8.....p.e..Q...\| h......%]1II.1....S[wSS.[.G.W.o....L.`H ..D.. ........t....L......ayyIa......s..w!99.!....Gs[K[............T,.0,,......\|(.....l...P...yyy!a...........w.o.....W.;o?g..+O.....4.,$\.@....<......l......}uuI}.4..@....!99.!..s.w..3{.SGk.......0.D4\.... H.............4...Ye}!e. ..D....c.w......w3.;#.#C.[.THl....(.<,4p,.$.......a..t...8..L..YQQ=Y...w.{o..`.--..S.w3.7+kk .....$..H8@.X,0...y...........x...H...1miMQ.c4....{%9-%%.-c.sO.....'7?..... @\D.....H...................iuUaaUi...MEE%M..gk........?.7wK.....@.\|$d8......$.<................e}}Qe...I]1II.1.W.[.c_.;[s.....g..W..L<l...

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\0x0409.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	22490
Entropy (8bit):	3.484827950705229
Encrypted:	false
SSDEEP:	384:CTmyuV//BiTbh/Y4AwC2WrP2DBWa/Oa0Mhs+XVgv:CT6V//BiXh/N/lWr0aa0Mhs+XVgv
MD5:	8586214463BD73E1C2716113E5BD3E13
SHA1:	F02E3A76FD177964A846D4AA0A23F738178DB2BE
SHA-256:	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
SHA-512:	309200F38D0E29C9AAA99BB6D95F4347F8A8C320EB65742E7C539246AD9B759608BD5151D1C5D1D05888979DAA38F2B6C3BF492588B212B583B8ADBE81FA161B
Malicious:	false
Preview:	..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\0x0409.ini

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
Category:	dropped
Size (bytes):	22490
Entropy (8bit):	3.484827950705229
Encrypted:	false
SSDEEP:	384:CTmyuV//BiTbh/Y4AwC2WrP2DBWa/Oa0Mhs+XVgv:CT6V//BiXh/N/lWr0aa0Mhs+XVgv
MD5:	8586214463BD73E1C2716113E5BD3E13
SHA1:	F02E3A76FD177964A846D4AA0A23F738178DB2BE
SHA-256:	089D3068E42958DD2C0AEC668E5B7E57B7584ACA5C77132B1BCBE3A1DA33EF54
SHA-512:	309200F38D0E29C9AAA99BB6D95F4347F8A8C320EB65742E7C539246AD9B759608BD5151D1C5D1D05888979DAA38F2B6C3BF492588B212B583B8ADBE81FA161B
Malicious:	false
Preview:	..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\ISSetup.dll

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	800256
Entropy (8bit):	7.772746681961582
Encrypted:	false
SSDEEP:	12288:mIGz7ovgUHjhKtYCdP2q4/8mnL2YCTdSxZa65jcttUO+UC1nHZ:mIGz8IUDP0OqGL2YCsxZa6RuUO+UCd5
MD5:	40FEFC3D907D44A9ADC84475AB073A6E
SHA1:	4CBEA84B4784ACB795E3891B5ED60B25809DB762
SHA-256:	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
SHA-512:	F6D64FDF76EA8E5725451B50A2A49042A3DBB66A68BA787BA742EB202345E298317257740E11C8C8BA0E217059DE991A10FF0DC95F83B8F820BB248AF71E9229
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l.j.(...(...(......).....1...........c......./.......)...(...4}......=......#....../......S......)......)...(...)......)...Rich(...................PE..L.....yY...........!.....(...*......E.%......P................................%......C..............................8.%.G.....%.......#.0.....................%.....`X..8....................................................k.......................text.....#......"......PEC2MO...... ....rsrc.........#......&.............. ....reloc........%......4..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\data1.cab

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	1053024
Entropy (8bit):	7.997195031164146
Encrypted:	true
SSDEEP:	24576:a/vZ2TnNs5PskNM7bp5x+3C1aiKkqqch+9kxdfp:a52Ta55OxmHiKkqqcZp
MD5:	1D930AFA1372F6A1862DB4C516329EDF
SHA1:	B164D4583F03DFD1A643271149266982F3EC321E
SHA-256:	966F4ED5C3E37A58E4E1391B3B7377F9A48FDD0CA2D1AA25A11A2D6751662476
SHA-512:	E8A53CB090D2702424A442C49D464EAE6D5956547ABA8803C22FFCE61C1C7CBF2895712A07AF379AFD34E8835898ED6B7128443C0CF11BAAD67B03E2BFF76006
Malicious:	false
Preview:	ISc(..........................................................................................................................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................jn\..\..}/...-............,...+^..S.N-2..5L.:u.._..3..a..5.X.#.0B.3.X...G,Zt........b...y.O.+...9..z=..^.m.k...M:..rh..<5,....}w{...~E...48.fE...t......q.....na.l!......Jj=.TT............[...RJ.G.D=}.&q{'.....3.e.g..h..G._.\|.'..a..P.......W..]\..l,..-)...c.....R.96&j.H..:;.9.a....4fNXLX.a...I....g..!..w..K..G.....*J......a....w.g.........D...11..duJ....44..4W..\.v..q.qt4....mc........(.h1...2.>..U!t.n.L.....iv......)Y.))...7.x...Rk^..yI..=.2.>..$.].FD.l,.gv....

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\data1.hdr

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	InstallShield CAB
Category:	dropped
Size (bytes):	17982
Entropy (8bit):	3.4084002807671
Encrypted:	false
SSDEEP:	384:QJabkkxkkYRkpkkJakikkJDkukkekkkkkSkkkkkgUkGkksNkbkk+kkkkk1Wk/kkC:SabkkxkkYRkpkkJakikkJDkukkekkkkN
MD5:	86CCA99B2DC07DAB3FE3042137D4E916
SHA1:	700B822ADCE467535FA386450D9697C9F824F15C
SHA-256:	F67BEB770C0A3F361CEBF05756D78B25AEE46397C0DD7BDCDFE37DFFE197F2E7
SHA-512:	F13E6F2EEAAE0746299E3BBA3AF8331640BFD1B9CED7CCF32EDC95BA83781FCEFF999DA259102B1E19972D953E774E3844C301D90D0A38343F4B013321FA45A6
Malicious:	false
Preview:	ISc(............O..>F..........................................................................B~..........................................................................................................................................................................................................................................................................................m!.z..A..22....................?.RUd.[N.Y..,rw....}.i.O.5T..^..v.oE..J.........................................................%!..........O..........................9.............................................................................%.......=...................................I.......U.......a...............m...................y...................................................................................................................................................................................................................................!...........................................-.

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\layout.bin

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	1.8239459738478505
Encrypted:	false
SSDEEP:	3:A1aaRt/flIlXlft//149llbtlz/NllV/7777777j2J4klM/plylL4klyDlX/BSlF:A51GKN2COl8JDWLNglETl127W7Jtn
MD5:	092F4FB630B5CE79DF6C2CD9571E8B22
SHA1:	7FF9766F04A025745AF675F0ABAA52A4C0144823
SHA-256:	0AEBF512565C3109C919D68D5BB0BD30E563F6682F1151F70EA6F368D5A4477D
SHA-512:	A8B2C4C0CC9312245DA047AA2E2029701A6DA13FADC86FA20402B612CC13F64E5F8DFB190203890340F504EE04D510C109CAD2AE6A67931F49B41C3E8D37C4DA
Malicious:	false
Preview:	c..S.@...................................................................................................................................................................................................................................................................... ...@...............`...v...........................t...t...t...t...t...t...t...t...s.e.t.u.p...i.n.i.....I.S.S.e.t.u.p...d.l.l...0.x.0.4.0.9...i.n.i...d.a.t.a.1...h.d.r...d.a.t.a.1...c.a.b...d.a.t.a.2...c.a.b...l.a.y.o.u.t...b.i.n...s.e.t.u.p...e.x.e...

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1193984
Entropy (8bit):	6.68437219706928
Encrypted:	false
SSDEEP:	24576:eGjk6PMUtgtIKIch5+915zApy/MrllllVrGifVOCW6A:fjk6PMUtgtJphMDw3llllVrGSVsn
MD5:	97F32563F6B0D290E09DB98FBFC10AAE
SHA1:	AD0DCCFC34E240D526149A87F732978ECCFB833E
SHA-256:	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
SHA-512:	FF32AEE7DB16AAE15481A037118DA151439045842EEDDD60ACE58ED383B3265ED115F6AB776A45A8900BE4235EBD7FEC5B380C7CBCBB2948062FCA3CA30C2C56
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^y....s...s...s.....s......s.....s.....s....Z.s..o....s...r...s..o....s...7.s.....s.......s.....s.Rich..s.........................PE..L...d.yY.....................p....................@..........................................................................B..........t...............................8...........................x4..@...............t...H:.. ....................text............................... ..`.rdata..............................@..@.data...$L...p...&...N..............@....rsrc...t............t..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.ini

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2450
Entropy (8bit):	3.6947003089346673
Encrypted:	false
SSDEEP:	48:rsAMkozUM9dmcPTmscu/+S8gvn6CJkkY09TzcqYtxkYOvl5ZAMXvrcOyb0pn:rsAMkGUPcrmqrvnp6kY05w7tCYOvlnAM
MD5:	3E08FD47356199164BFCA62C0F4E1CC8
SHA1:	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5
SHA-256:	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
SHA-512:	23C582D4B6EE8FF41FDA19A382E28A2258838393BBD33044CED4B2E74AAFD7CC19E0A294C01619F2459E7A1BCE9408C05020049A911E7B107AD2BD0274ACD6E7
Malicious:	false
Preview:	..[.S.t.a.r.t.u.p.].....P.r.o.d.u.c.t.=.T.P.C.L. .P.R.I.N.T.E.R. .D.R.I.V.E.R. .Q.M.2.0.2.1._.3._.M.0.....P.r.o.d.u.c.t.G.U.I.D.=.0.6.2.1.6.D.8.D.-.0.2.7.A.-.4.1.1.6.-.B.2.E.6.-.3.2.3.2.8.F.A.6.8.8.B.C.....C.o.m.p.a.n.y.N.a.m.e.=.T.o.s.h.i.b.a. .T.e.c.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...t.o.s.h.i.b.a.t.e.c...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.4.0.9.....S.u.p.p.o.r.t.e.d.=.0.x.0.4.0.9.....R.e.q.u.i.r.e.E.x.a.c.t.L.a.n.g.M.a.t.c.h.=.0.x.0.4.0.4.,.0.x.0.8.0.4.....R.T.L.L.a.n.g.s.=.0.x.0.4.0.1.,.0.x.0.4.0.d.........[.

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\ISSetup.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Category:	dropped
Size (bytes):	800256
Entropy (8bit):	7.772746681961582
Encrypted:	false
SSDEEP:	12288:mIGz7ovgUHjhKtYCdP2q4/8mnL2YCTdSxZa65jcttUO+UC1nHZ:mIGz8IUDP0OqGL2YCsxZa6RuUO+UCd5
MD5:	40FEFC3D907D44A9ADC84475AB073A6E
SHA1:	4CBEA84B4784ACB795E3891B5ED60B25809DB762
SHA-256:	C51699CBF0B433C4F7B687C8520192AD5EA519214BFDE6732453FF194BC2FFD9
SHA-512:	F6D64FDF76EA8E5725451B50A2A49042A3DBB66A68BA787BA742EB202345E298317257740E11C8C8BA0E217059DE991A10FF0DC95F83B8F820BB248AF71E9229
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l.j.(...(...(......).....1...........c......./.......)...(...4}......=......#....../......S......)......)...(...)......)...Rich(...................PE..L.....yY...........!.....(...*......E.%......P................................%......C..............................8.%.G.....%.......#.0.....................%.....`X..8....................................................k.......................text.....#......"......PEC2MO...... ....rsrc.........#......&.............. ....reloc........%......4..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1193984
Entropy (8bit):	6.68437219706928
Encrypted:	false
SSDEEP:	24576:eGjk6PMUtgtIKIch5+915zApy/MrllllVrGifVOCW6A:fjk6PMUtgtJphMDw3llllVrGSVsn
MD5:	97F32563F6B0D290E09DB98FBFC10AAE
SHA1:	AD0DCCFC34E240D526149A87F732978ECCFB833E
SHA-256:	9FA7CFBF1FD8E10BDF81232DF0FFA5D9C85CA47C5F2D4F9AC057F396710C5D81
SHA-512:	FF32AEE7DB16AAE15481A037118DA151439045842EEDDD60ACE58ED383B3265ED115F6AB776A45A8900BE4235EBD7FEC5B380C7CBCBB2948062FCA3CA30C2C56
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^y....s...s...s.....s......s.....s.....s....Z.s..o....s...r...s..o....s...7.s.....s.......s.....s.Rich..s.........................PE..L...d.yY.....................p....................@..........................................................................B..........t...............................8...........................x4..@...............t...H:.. ....................text............................... ..`.rdata..............................@..@.data...$L...p...&...N..............@....rsrc...t............t..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.ini

Download File

Process:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2450
Entropy (8bit):	3.6947003089346673
Encrypted:	false
SSDEEP:	48:rsAMkozUM9dmcPTmscu/+S8gvn6CJkkY09TzcqYtxkYOvl5ZAMXvrcOyb0pn:rsAMkGUPcrmqrvnp6kY05w7tCYOvlnAM
MD5:	3E08FD47356199164BFCA62C0F4E1CC8
SHA1:	1512B7F09C1902CF7B420AAEEED2934B60E3F9B5
SHA-256:	97B73202B60A8699C3DD873D2AB39BEF694279AFCCC0F4C44FDEDC436858CDB2
SHA-512:	23C582D4B6EE8FF41FDA19A382E28A2258838393BBD33044CED4B2E74AAFD7CC19E0A294C01619F2459E7A1BCE9408C05020049A911E7B107AD2BD0274ACD6E7
Malicious:	false
Preview:	..[.S.t.a.r.t.u.p.].....P.r.o.d.u.c.t.=.T.P.C.L. .P.R.I.N.T.E.R. .D.R.I.V.E.R. .Q.M.2.0.2.1._.3._.M.0.....P.r.o.d.u.c.t.G.U.I.D.=.0.6.2.1.6.D.8.D.-.0.2.7.A.-.4.1.1.6.-.B.2.E.6.-.3.2.3.2.8.F.A.6.8.8.B.C.....C.o.m.p.a.n.y.N.a.m.e.=.T.o.s.h.i.b.a. .T.e.c.....C.o.m.p.a.n.y.U.R.L.=.h.t.t.p.:././.w.w.w...t.o.s.h.i.b.a.t.e.c...c.o.m.....E.r.r.o.r.R.e.p.o.r.t.U.R.L.=.h.t.t.p.:././.w.w.w...i.n.s.t.a.l.l.s.h.i.e.l.d...c.o.m./.i.s.e.t.u.p./.P.r.o.E.r.r.o.r.C.e.n.t.r.a.l...a.s.p.?.E.r.r.o.r.C.o.d.e.=.%.d. .:. .0.x.%.x.&.E.r.r.o.r.I.n.f.o.=.%.s.....M.e.d.i.a.F.o.r.m.a.t.=.1.....L.o.g.M.o.d.e.=.1.....S.m.a.l.l.P.r.o.g.r.e.s.s.=.N.....S.p.l.a.s.h.T.i.m.e.=.....C.h.e.c.k.M.D.5.=.Y.....C.m.d.L.i.n.e.=.....S.h.o.w.P.a.s.s.w.o.r.d.D.i.a.l.o.g.=.N.....S.c.r.i.p.t.D.r.i.v.e.n.=.4.........[.L.a.n.g.u.a.g.e.s.].....D.e.f.a.u.l.t.=.0.x.0.4.0.9.....S.u.p.p.o.r.t.e.d.=.0.x.0.4.0.9.....R.e.q.u.i.r.e.E.x.a.c.t.L.a.n.g.M.a.t.c.h.=.0.x.0.4.0.4.,.0.x.0.8.0.4.....R.T.L.L.a.n.g.s.=.0.x.0.4.0.1.,.0.x.0.4.0.d.........[.

C:\Windows\INF\oem4.inf

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\Windows\INF\setupapi.dev.log

Download File

Process:	C:\TEC_DRV\TECDRVIn.exe
File Type:	Generic INItialization configuration [BeginLog]
Category:	dropped
Size (bytes):	59325
Entropy (8bit):	5.355892597938656
Encrypted:	false
SSDEEP:	384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwrP3UQGSE254B8COH2asbFS88Yi1:Own95cdyYloiwTyz256Spn
MD5:	8C10318B415F225B9854A72FE47F7E39
SHA1:	9003D26C8F50A9A0DB3EB7947574371829F2F452
SHA-256:	B0E42ED4B9E49E0AD403F8719C88BA69C6C6EC480E61874691A3A5C1CBB1AFB4
SHA-512:	5210265307891A341F4DD4C52AFE0DF57F0D84A8DC7940F93B08688B4792378A4F93EF8EA595DA0CD36FDC11ADB228A463D0C1C5F13584490E225A34A179AB86
Malicious:	false
Preview:	[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\Defaults[TT]_2021.3.0.0.sds (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA5CE.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA61D.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA63D.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA65D.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA70A.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA759.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA845.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Unicode text, UTF-8 text, with very long lines (361), with CRLF line terminators
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.72855187482951
Encrypted:	false
SSDEEP:	96:RW2PJWCJW0JWWJWoJWDJWFJWtMUJW0JWRJWwHJWHJWrJWkJW2WUJW5jJf6Ss3KQP:QrPBzFEGtMhBSwYY8xB5YvUw8Oa9Pi9n
MD5:	C40A8AB8A393FEDC51CB7E53F9C88934
SHA1:	A5D03161D2B4CE18D7854D5FAB53C38FC9AE1DCB
SHA-256:	083A433C35A7AE46171B3DC93E418F4A7352EE54C2914D9B555D27DBF6A55542
SHA-512:	BAB4FF21194229BF24E6E562674B59D5E0AF016163D2C97572A902093EA1ADD2CEC572855489F791250E8EFA6F41CAE3501A24080BE59958EAFB31C65E54516A
Malicious:	false
Preview:	<driver version='6.6'>....<stock>..Name=2 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJwrOMbA8KCHkeEbCwMYwwCQWQsAZpUFGQ==..</stock>....<stock>..Name=4 x 4..Protected=true..Data=WkxJQhwAAAAZAAAAeJx70MPI8ACIv7EwgDEMsDAw1gIAbNMFUQ==..</stock>....<stock>..Name=4 x 6..Protected=true..Data=WkxJQhwAAAAaAAAAeJx70MPIEBDMxPCNhQGMYYCFgakWAFpMBIo=..</stock>....<stock>..Name=185 x 85..Protected=true..Data=WkxJQhwAAAAWAAAAeJxbcYmJgcOHkQEdsDAy1wIAMRYCVw==..</stock>....<stock>..Name=200 x 85..Protected=true..Data=WkxJQhwAAAAVAAAAeJxz4GVm4PBhZEAHLIwstQARCwEs..</stock>....<stock>..Name=A4..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFm0OhgYUAHLIystQAfkAHD..</stock>....<stock>..Name=A5..Protected=true..Data=WkxJQhwAAAAVAAAAeJwLMGFmUHBiYkAHLIxstQAYXAF0..</stock>....<stock>..Name=A6..Protected=true..Data=WkxJQhwAAAAVAAAAeJxTcGJi0JjFyIAOWBjZawEdEAGx..</stock>....<stock>..Name=Form-A..Protected=true..Data=WkxJQhwAAAAVAAAAeJxzmMbIwOHAzIAOWBg4agEeZwGs..</stock>....<stock>..Name=Form-F..Protected=true..Data=WkxJQ

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\SETA901.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\t2sTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.988626809632402
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYj8nyvqzA8n1pyhM3z8n1pyhSYQ2Vr:AIMNMAYUw61Yb02ckkQSBL3Sgr
MD5:	E1E46332575EE0D2EE93C5E61D8E41F1
SHA1:	09FFD1A95415FE724B6D244E4491AB7EC37D70AD
SHA-256:	EB5ED45926BF72B5A26BB1030A99EDF3BDB53EB7203525B5A76FA19B89397298
SHA-512:	319A0E7B8FF51918FF4665BF08153C936FE406DFD38FBB9902EA45CA75BB0749E8355646EB88C0FB5B7934EB7DBE324873CA82D7AB6320CE1E874825CA1C1CD2
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#t2s_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#t2s_2021.3.0.0.ddz..DriverHelp=t2sTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\t2sTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	204712
Entropy (8bit):	7.949428764339238
Encrypted:	false
SSDEEP:	6144:uz8UC8ZK5W2F5Fy6i5x76HWiQ0kjANNeGTnQwlh:HUC8ZKnXyj5x76HWizkjAPe2Q0
MD5:	2C8D686A0FD03173FC3EC0F3E4D4F7C9
SHA1:	E6CBDB30B3A617308E025D0773F444F9F42A409A
SHA-256:	28A7AB11290B840429DE651970BD64CA71EE9EC8FCF169A1E192AC1121A35BFC
SHA-512:	AEF9C2F3DE059A9F3D6D3C3641F96F3575A77AC9A558A5E9C066A387C42275B85A8A0ABD25FD1580ABC31671FC34CE11015BBF301D2FF001EC1F0FCF4F7689B9
Malicious:	false
Preview:	ITSF....`.......`..z.......\|.{.......".....\|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...%.../#ITBITS..../#STRINGS...7. ./#SYSTEM..V.$./#TOPICS...%.p./#URLSTR......./#URLTBL.....t./#WINDOWS...{.D./$FIftiMain...R..S./$OBJINST...?.../base/..../base/Advanced.html.....g"/base/Advanced_Administration.html...s.O!/base/Advanced_DriverOptions.html...B..)/base/Advanced_PrinterSpecifications.html...R."./base/Automation.html...t.../base/BarCode_CheckDigit.html...z.Y./base/BarCode_Font_Edit.html...S..c./base/BarCode_XDimension.html...6.c./base/Cache_Contents.html.....M./base/Cache_Settings.html...f.L./base/ContactSmartCard.html...2.c./base/Downloaded_Fonts.html......./base/DriverHelp.css......./base/Duplex.html...4.1 /base/EditLoggingParameters.html...e.M./base/Encoding.html...2.R./base/EPCGen2_LockRange.html...j.x./base/EPCGen2Security.html.....f.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tecTT_2021.3.0.0.ini (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.998528200964492
Encrypted:	false
SSDEEP:	3:hWdJS38WMNMwSpEZYWF+1v2JKWjwA8nyvNYlVEyyvqzA8n1pyhM31VEy1pyhSY3s:AIMNMAYUw61YlVg02kV4k0EQSBL3Sgr
MD5:	792E0E29A4C3A993F9F12BF329A22390
SHA1:	560952AD978A6B0900B58D466B207A1A9F8B25AE
SHA-256:	B720B68F4FFF6CD35033CB39129AF9EDDC06F4060FBAAE78A0659D5D371B9AEA
SHA-512:	5336564A0AF3B46639F17EDC4E49FBF2125749E6CE98E128D458DBB70212CD22BBE2B5B4C746FE5F3A0A2B3C9EB194D3CE5440C191B7D9A2022FC458AFCF4E63
Malicious:	false
Preview:	[Version]..ShowBuildVersionTag=0..InstallFolder=Seagull\Printer Drivers\Packages\2021.3.0_TT..BaseCab=tt#base_2021.3.0.0.cab..DriverCab=tt#tec_2021.3.0.0.cab..BaseDdz=tt#base_2021.3.0.0.ddz..DriverDdz=tt#tec_2021.3.0.0.ddz..DriverHelp=tecTTenu_2021.3.0.0.chm..DriverSettings=Defaults[TT]_2021.3.0.0.sds....

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tecTTenu_2021.3.0.0.chm (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	213190
Entropy (8bit):	7.952595425410423
Encrypted:	false
SSDEEP:	3072:i47t/47B8D3U6p4qWczioVP6lAEmdTfVzq0D5jgTJ7MsSNtuE0pXGJON1Q7WpFKF:bvD3U6p4qHOou0IRB4J7AAs8J9
MD5:	706B1787512DA5FBF1D5974669CF7D44
SHA1:	D282CD965EA5DCB1FEF64E1ACC144AAF2EACB928
SHA-256:	4C0E54663D72A76894F3D193838F9B3994E88C22F37BE1D55E0881C4388E2DFA
SHA-512:	490CF931BD2A7F930D5B0D8E3048162803D28F50FF626DFE17181E51BE172C6CB8DB7A19C78740C645B76D14C84889BBC1A87DAE92DC0A5654F373B1DC3128D7
Malicious:	false
Preview:	ITSF....`.........v.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............@..............ITSP....T...........................................j..].!......."..T...............PMGL:................/..../#IDXHDR...d.../#ITBITS..../#STRINGS...'.~./#SYSTEM..^.$./#TOPICS...d. ./#URLSTR...\|.+./#URLTBL.....x./#WINDOWS...F.D./$FIftiMain......G./$OBJINST......./base/..../base/Advanced.html...E.g"/base/Advanced_Administration.html...,.O!/base/Advanced_DriverOptions.html...{..)/base/Advanced_PrinterSpecifications.html....."./base/Automation.html...-.../base/BarCode_CheckDigit.html...3.Y./base/BarCode_Font_Edit.html......c./base/BarCode_XDimension.html...o.c./base/Cache_Contents.html...R.M./base/Cache_Settings.html.....L./base/ContactSmartCard.html...k.c./base/Downloaded_Fonts.html...N.../base/DriverHelp.css...W.../base/Duplex.html...m.1 /base/EditLoggingParameters.html.....M./base/Encoding.html...k.R./base/EPCGen2_LockRange.html...#.x./base/EPCGen2Security.html...=.f.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#base_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3194827
Entropy (8bit):	7.985793128813213
Encrypted:	false
SSDEEP:	98304:b3A/7Phv+oK0lrCr09fzFIPXvOytCHpbu:SdKOfBIP/O9JS
MD5:	26AFEEE00E5A8E75063450D5E36FF5EC
SHA1:	77E4537365E034E6756DEFBAF18CECCB92560728
SHA-256:	471BE526695435FBF000ECD7E9D70A42594B35911E508B1929ABC66B3607B65C
SHA-512:	759BD5C6F2C6DF3AD2FD546169470E2EEE0886875F1F96C6F8E4D649D81195C5CE46C459E6B2ECFD30B60A9FCE54B93FB7FB931276BBD07D262D65A248E5B843
Malicious:	false
Preview:	PK........:y.S..w.R...........OEM.d.Mo.8......\|.P.m.K.. K...TKi........D......./..n7N.."t..<.MlF..O^...Q/zc!k.vz......,..KF....;a.QL....o.[.o..oo...~HOHW....Zz..D...}}...?..p._....3J.]U.....5.S...i.TD.>.?L...Y:...a...JvA.@...3S..Y....@.......%;..s........cJT'i.,.j.!k./.^}..V.}.w...8q.+AJZ>z..[...n.....-..!._.p..}e...). K.h.B.v.<n}&sI.s...pg..r).,..G........+E....d..d..rV.6.J......p...&WTr0...R.H....m.@.dq...M.d.P.T.d.........P.....)..<h..K...........s..h.L.}.y...\|#.}.n.......t..\AN..0D...a ....yS..9.V.&Xt.K.X..L./.;...8.0&mc7.X.W...l.@.i.N.....+$m!j'.P..N..ye5zQJD8.u..\......\(.us.).,$...z..)0.].k~2^..-"....aN...M.....y#.W.g4..H.F.Id.e..f..`1<J3.....O....Dg...e26..e...s.k...ck.-`B.w\|9%VM.\l......Zo..%..@mm"Jz.../..m.pz'.SI.@.vJa...e...H.&LY...."........./...f.sS..0.w..:....e{...1...A.f.#..v....x7.....Mv......**k.y~....3T2..7.>.8.S?...%.0...9.:.....F......1Y........Z...e"...3K`..g...da.0{...S..a.<..ln4.S.h...W......v.m..D..).5.k...#y..O.L..Ed9

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#t2s_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	38135
Entropy (8bit):	7.926399642326758
Encrypted:	false
SSDEEP:	768:kFYUqwnt/ZW7/chbUFseXFGwGHr/ARmb0PvVQdJ:oZgU44wozSmb03V+J
MD5:	4DBDA1311E4D8CE72CE8022046D07F6A
SHA1:	45FAA6E775D0D4DC79E925DDBFA27D8FA16BE512
SHA-256:	2612D1BA09608BCA54947DA27E4EFE02E8F84A74C21B8E81F5F7F5D37AFF5B67
SHA-512:	C93A65C189C8788B23891CE3BAF7EA7E5AC91D02919A6F386A5646F1BF45EE6A7D1FE437877904B65ADA43D27DDD8E2004ED9C1A0A0DE92CDB261D0C55BA4B28
Malicious:	false
Preview:	PK........By.S.@.....a.......BarCode.dm.MK.0...{.....Vm.~l.Cm.P.hw.. .f.Y..II.....D...Bf&..j...yT%a...p..G..J....;vd.h&E.%.Wa.N5..T....i..8...I...O..o.......l..V...(.\v.N.I.)..x.q..\-=.2W..Yb.....@@+v6.x....n.).8..6x...y3%..-.....).V.2.5..q.h....nwn....._..0n.z.G....<./...#....K[....+.9...PK........By.S'...4...........Drawing.dm.Mo.0...H...=...V.am.4..SA.a......................L.H..."X.\|o.$..%.....W()#..4/.Y8......`...[.Y......6"....3;4........[.....?....R.....X..k..P.8.t,...$...c]....E3...R.b..m..g..c.N]..A=..1u.h...........o{...w..&;.m.@b>.)...P.4.E.,....n.n8..l...}.0RT..c..hj..[2.....!w.W4.q`.."...{=..-....PK........By.S.+..s...........Driver.dSQp./.M,.Rp1..RQ.IL.I.r.2.R.@.....i..%..yV..z..\.!....N...N...&...\..y.i..%.E.E.....Wg.t~Jj.-...j..j...K.M.E3....PK........By.S!..yu...........Features.dM.=.. ...].?..H......-`3..W.......o.....;..\P,\G....+..G(..m.?..;..TW..9j...kD.O.Na...e..B1.._.Q.....\Y...aF.)k..PK........By.Sx..^...o.......Font.dSQ

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\Common\tt#tec_2021.3.0.0.ddz (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	227547
Entropy (8bit):	7.96484325142109
Encrypted:	false
SSDEEP:	6144:3Ihy5oaMEvTr+hDqG1qbY69I1hcjN2OO6:4PaMEvTBGYbY4OEh
MD5:	C8970ADBE608FC51529EBA430544BA92
SHA1:	661DAE1FB9B885183B11D580055F5601805A0B03
SHA-256:	7D50E97B912D81FC75CF53FBEE17B4591F40D9473014D98884430A4EE0EE4D46
SHA-512:	0C64606E61148269471648077DFACA0C673AE3A8156ECD73E7DE852B94735EE137336808D277612152D2727714C28A092BBF5C0E85F19FF51A8C5FFF9D447EA6
Malicious:	false
Preview:	PK........Ay.SA.cc............BarCode.d.Ms.........b.2.0...b..;.11..'5S.R.....1.g1.....%..?ex....4R.#...Q...C.6..o..._.....j.o.....N.....uaM..r..o....W..v...{......a[.3r.~....;...9Q.Csn$..(.sZr..W...."+..;..vzq!.j].t.M.....).C..k..k.s....>..av.M.1.....g..?.O....}w.ygM....Dt....R...........i........&.\..N.I...PJ.v...T.8.wj9....w...,.;.).M.)L.e)T\|r..GY.......KM..........\).k.......c....B.."_v..~...r.F+..`#{i....j.=g........-/...s.e..&..\|W...K..R..wK.....%i.\|RZ.p#WiZ%....^..SG..z..-?5...14\|.....j.~....[....t..D.-.Ipn.c.;.\G.....s).\..).?k..._..yG7.).....V.q+w...t%.;uz".i.0.~.i$./..q..G....;.8....O.h...g^.KWBj....M.Q..2W.2... ......l...\...-..../.ii..J;..........wU=JB.{..#.#.Z...I..;....m..We&. ...Jn..U./...S=i\|..._......4.e....&.VF..sm.+..)P.e...(&$W.....Yzr.b....d...c.(Si9.2.P.X.W#.r=....?..m._.....Z...-%3..0v.R......i.bc!?.=......G.q.qQ\......^8..9.......~...X..M..5....a..[..GB.\..P........w.:..yf.cvb.m.y.....<.h..i.)v.tt.\;A1nQT.O{f.N..y.+.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD6D.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\SETAD7E.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	33068
Entropy (8bit):	6.483164264047924
Encrypted:	false
SSDEEP:	768:4sWvckKwK2GC6tVIQvheYiLgyYiLS3h8au:6ve2GC6tVIQw7Lgy7LS3h8au
MD5:	7A3D20F599E997740DDDB77B1CC9C615
SHA1:	F55050493940DAF132EF81C301AF46C45249150E
SHA-256:	36340CB9B72E51040EBA405BE715D492611FE8723B42D4808DB9A9598D75C958
SHA-512:	2D1270D159ED7CAB92FA2825D9F5EF16EA97EEB574AC333997ABB7B5B12FA78E5685AC28239F1808EBEA8629260CDEB723AF36C1B544C069F0EF37557260B0E8
Malicious:	false
Preview:	0..(...H..........0......1.0...+......0.Ee..+.....7....EV0.ER0...+.....7.......Y^.s.L.#..!.6K..211214231219Z0...+.....7.....0..0....R0.5.B.C.F.F.F.4.D.6.E.B.F.C.0.1.B.D.0.F.2.8.A.9.E.4.4.B.8.3.8.9.E.5.6.7.2.F.C.0...1..y0M..+.....7...1?0=0...+.....7...0...........0!0...+..................(..K...g/.0`..+.....7...1R0P...F.i.l.e.......>s.e.a.g.u.l.l._.v.3._.p.r.i.n.t.d.i.s.p.a.t.c.h.e.r...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.F.F.D.1.A.9.5.4.1.5.F.E.7.2.4.B.6.D.2.4.4.E.4.4.9.1.A.B.7.E.C.3.7.D.7.0.A.D...1..]0E..+.....7...17050...+.....7.......0!0...+...........T..rKm$ND..~.}p.0L..+.....7...1>0<...F.i.l.e.......*t.2.s.t.t._.2.0.2.1...3...0...0...i.n.i...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	10155
Entropy (8bit):	5.517124824341079
Encrypted:	false
SSDEEP:	192:t4UVZrsjjoMATxCeman7AvUk1yAG73T6PQDX/xgzDFoaQx0t6Kif2vzMATxCemaB:aUVZrsjj07+yZ+9L7+yZ+M
MD5:	530E9F36C66472657270FDFAA0803D3E
SHA1:	D11025CFA551A2F31E3E730726CBEA583489BB17
SHA-256:	2F2D24CA40B04F2F305E703AC6CFDF02C5C1A3B90DF08F7853EC9D39E17FD31E
SHA-512:	2DFEA9B884E03DE42C9FD1B81EB28FFE692B1E282BADD24ABE68FA3811F2CD80003F7ED01F806DC3B3326A7523DD500D68401CCC58761F35C101FF0341177139
Malicious:	false
Preview:	[Version]..Signature="$Windows NT$"..Class=Printer..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Provider="Seagull"..DriverVer=12/14/2021,2021.3.0.0..CatalogFile=TOSHIBATEC.cat..DriverIsolation=0....[PrinterPackageInstallation.x86]..PackageAware=TRUE....[PrinterPackageInstallation.amd64]..PackageAware=TRUE....[SourceDisksNames]..1="Seagull Drivers Disk",,,\Common..2="Seagull Drivers Disk",,,\Common....[SourceDisksNames.amd64]..2="Seagull Drivers Disk",,,\x64....[SourceDisksNames.x86]..2="Seagull Drivers Disk",,,\Win32....[SourceDisksFiles]..Defaults[TT]_2021.3.0.0.sds=1..Seagull_V3_ConfigDispatcher.dll=2..Seagull_V3_NetMonDispatcher.dll=2..Seagull_V3_PrintDispatcher.dll=2..t2sTT_2021.3.0.0.ini=1..t2sTTenu_2021.3.0.0.chm=1..tecTT_2021.3.0.0.ini=1..tecTTenu_2021.3.0.0.chm=1..tt#base_2021.3.0.0.cab=2..tt#base_2021.3.0.0.ddz=1..tt#t2s_2021.3.0.0.cab=2..tt#t2s_2021.3.0.0.ddz=1..tt#tec_2021.3.0.0.cab=2..tt#tec_2021.3.0.0.ddz=1....[DestinationDirs]..DefaultDestDir=66000....[Manufacturer]

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETA960.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETA9FD.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA4C.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAA6C.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAB0A.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\SETAD2E.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_ConfigDispatcher.dll (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	376024
Entropy (8bit):	6.4119558485633465
Encrypted:	false
SSDEEP:	6144:b4osTyVAlqs3t2Z7z8ru7cJymohufpaa+CgkoJm/r:bIQAlX92QscJjoOb/
MD5:	22532CB8A21D85E7C87AE6F480DFEAB9
SHA1:	A6F2F5B8AE0F62C5BC11C7CFFD0C315190DA01B9
SHA-256:	3F977CB69733F8E6B1FA7A4AD7CE80D3FDE8D827662E4E18C457ADEC7A5A6A8D
SHA-512:	75EC60F25D7ADD1CE0165F653F79874AF6CEC1F292AADDEFDC4301EA2327EB4109741A7AD9DFCD6F06F8D293562D37D4B644150D20FC3CB74D6338EBC851E9C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i3..-R..-R..-R..v:..'R..v:...R..v:..9R...'..}R...'..#R...'..'R..-R...R..v:.. R...'..)R...'..?R...'..,R...'i.,R..-R..,R...'..,R..Rich-R..........PE..d....Ua.........." ......................................................................`.........................................P...d.......x............p...2.......<..........@...p.......................(.......8............................................text............................... ..`.rdata..X}.......~..................@..@.data....8...0... ..................@....pdata...2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_NetMonDispatcher.dll (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	382168
Entropy (8bit):	6.430304363924134
Encrypted:	false
SSDEEP:	6144:YD9fnnIesrpn+6L/1Y+wlgs+S4KGpoh7smKabxMirkL:YxfnuF+8al2S4KCoIEk
MD5:	08B03468B132E3D05647125E1CEB90CF
SHA1:	6F556CFF26E1EEB20409D513CC72FED01F2700EB
SHA-256:	31BC36138974A6B114EA98643B5EC3673306448D19F771056790A2B9CEA478DB
SHA-512:	BA4CE68819C9AC70E4C610015EA743441877ADF70766C3522B679F01276F23995B25E3F0C59E713AFA8E7D1B7129006F55521086BC1E6E61CE4BD18DFF704F80
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..)y..zy..zy..z"..{s..z"..{j..z"..{...z+..{w..z+..{s..z+..{(..z"..{r..zy..z...z..{}..z..{q..z..{x..z..zx..zy.nzx..z..{x..zRichy..z........PE..d.....Ua.........." ................8q....................................................`.........................................0+..\|....+..d................3.......<.............p.......................(...@...8............................................text............................... ..`.rdata..Tx.......z..................@..@.data...l<...@... ..................@....pdata...3.......4...N..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\Seagull_V3_PrintDispatcher.dll (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	143064
Entropy (8bit):	6.220517482018802
Encrypted:	false
SSDEEP:	3072:aPWMslewHwCV6bgyTyD/+hjzzyUkUNlU3zq35f3/:CCeLC8gR7+Ccn5/
MD5:	92D30094BFB552A51905E0DE2EEBA60E
SHA1:	9E9F6FA7B9180A4C48E601BC70A1674CDFE2BFBA
SHA-256:	A6FF940AD01695677F60C7D2194CBA0E590B05E4F61397E8C4AB25A0409F27AF
SHA-512:	CF7BD1DEABE4790316F28AED51DB77AC7F45E12B0C182E9B67F350B0FC41C02675F00DD6A60A423D153E606433DF9E48117E99132B590B504B08D04B5A87A0F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d...d...d.......d.......d......Qd.......d...d...d.......d.......d.......d..`....d..`....d..`.k..d...d...d..`....d..Rich.d..........................PE..d....Ua.........." .................t.......................................@......3..... .....................................................<.... ...................<...0..\......p...........................`...8............ ..h............................text...\|........................... ..`.rdata....... ......................@..@.data...L...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#base_2021.3.0.0.cab (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 6435532 bytes, 18 files, at 0x2c +A "Seagull_DriverCore.dll" +A "Seagull_ConfigBase.dll", number 1, 436 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	6435532
Entropy (8bit):	7.995711673503045
Encrypted:	true
SSDEEP:	196608:eVF/+uQx5qZrJ8bwxWxuxlItxGZOz1rE+:8GuQyZrulxXxGZq9j
MD5:	87C88C721C9CDE98408E1902D2FE4AFA
SHA1:	8AC81416E672D5956E34D8492FE3E124A268C9B6
SHA-256:	13CB84CB331196900E73C78D338FA0BBC0C7606E15732E6D1D35054DE1E2E45D
SHA-512:	75E0B38D6052A29968F8082BE8F5A24F04A389D5B8AB73972DCF38A4D30695FEF3AC6786FD682A6BA72CE39045B80673BF354942F801DCDFEFBE57CB80C3C06D
Malicious:	false
Preview:	MSCF.....2b.....,............................T8........S.x .Seagull_DriverCore.dll...2..T8....SWx .Seagull_ConfigBase.dll.....Mk....Six .Seagull_PrintBase.dll......u....S.x .Seagull_V3_Config.dll....`uw....S.x .Seagull_V3_Print.dll..<..8.z....Snx .Seagull_V3_Status.dll..>...I{....S/x .DriverAutomationLibrary.dll..6.......S.x .ssdal.exe............S.v!.Microsoft.UCRT.cab..D...p.....S.v!.Microsoft.VC142.CRT.cab............S&x .DriverEnvironmentSetup.exe..V.........S}x .Seagull_V3_NetMon.dll.....j......S.v .Seagull_V3_NetMonDispatcher.dll..0..B......S.v .Seagull_XPMLServer.dll..%.........S.v .Seagull_DriverStartup.exe..<..:.....S.x .Seagull_Driver_Status.exe.....v.....S.v!.Seagull_EventMessages.dll.O@..*......S.v!.Seagull_PrintTicketResources.ddz.p.zA<3..CK.\|.XT.......{@&GC..b./(j j...=9$yI..tL.R..t..`j........}Y.N..r.:e ..&f.x.L.l../.]l..]k.={..........qX....e.........g.&.~>...d.?+..?..a...........:..#...s..\|.=KW.....+.q.....b....Ys.+.c.....4...[Zon.}6V....{...nx...)...%.

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#t2s_2021.3.0.0.cab (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 56090 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_T2S.dll" +A "Seagull_PrintModule_T2S.dll", number 1, 5 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	56090
Entropy (8bit):	7.993027503833812
Encrypted:	true
SSDEEP:	1536:3jRf6DJ9uagbCLdltziHy3c8V1e3EpWcj7QpHMJNr9lo:3jIqrCESE6TEpHUNfo
MD5:	A4E7F2CFE1F3575C5E3B759DEE012D2B
SHA1:	818223124DD137B5E6C52224063BDA94AB24D553
SHA-256:	A8DA57D433DD773617AFD5DCFCC55692BB96B28DFFBED01DCE725D5742859886
SHA-512:	2DC9159A81816B92CCB7669E6EE812D3A8FFEBFCC13DB8A23F558FD015A33303951ED8C03CD66F5B82B88759C1008BA155DD09C742C9D31A22F829DE2BFD4900
Malicious:	false
Preview:	MSCF............,............................V.........S0y .Seagull_ConfigModule_T2S.dll.....V.....S9y .Seagull_PrintModule_T2S.dll...'..7..CK.}yxTE.ww.....@Z.... .......n....G..!..%B...1..I.....#...8.KT..(.!..}Q1...:c.....@..9.......>.....<..S.SU.N...k..R..E..E..u.U.?.3.u......vv8\|K..y....KW[.V.\.j.rK..+V.,..,..+,KWX.Y..\.7$&.c...v..WGG.xE.?. .J...v.....e0.[..no......%....N....C.Q....#\|.e..+c(..+".............-z..n@B...w^w..SD.^.....y..z,...9B.k.yT...I..>.C.E.fR...xL..Y _....s...N..z....I.k....u.C.Y[t...W.....b.A...N?.....%..Z.$..Z7d.......2uO...C..X....t-.1.^(..........Fh.....__..r.t...a..[K..l%$D.....7\.n..0....'y.%J^.S=....~=X.s.}.8...?Hl.<Q.;..8}_........[j.....s.LR.3!z.d..I...<d.Nw.V..C.......%yNB..b._+.[.a6I.L1.Wc..%>Ww[%v#.....2[R.6...l.."";(..Py.(...!_q..y...ii.@L...H..H.h'..D<..."...".<.\|.6..O%.w..p.$...R...:R...'.$...^..K..h.uVy.....(...x.].DZ/.c.Cuz..z/....^.....a=...a=ST.^..z..U......./.../^.=...e]..,...^.1.E...g.D..+H....t..

C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\x64\tt#tec_2021.3.0.0.cab (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Microsoft Cabinet archive data, many, 171484 bytes, 2 files, at 0x2c +A "Seagull_ConfigModule_TEC.dll" +A "Seagull_PrintModule_TEC.dll", number 1, 14 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	171484
Entropy (8bit):	7.994509922552603
Encrypted:	true
SSDEEP:	3072:ss8XJdIkofTvg2MJZHfv13vpka7twfEgvSM6IuIN1JLi1QXIsxdVj92Re:sLebg2Mvn1f2aZynWIpLJXFxzjIRe
MD5:	AD672B8D14487613B01657D2CC8CBFE7
SHA1:	41A0BE5CB752F3834A8475990B69B5FC63A225FF
SHA-256:	6B61F42E3C36A85D03493A387AEFB285D4C8FC139D6493DF9646D93789F4E125
SHA-512:	67553D0F9878B7A4D29520C2A3CDFDA2EE3D960DBF538FA1B60C3007D029DBDF80EF45546DBE456060A930A7FFE9927243F410D1F7FBAC634EFB479E885B8A88
Malicious:	false
Preview:	MSCF...........,.....................................S.y .Seagull_ConfigModule_TEC.dll..`........S.y .Seagull_PrintModule_TEC.dll..L.!.;..CK.}{\|.E...&+..g.,.PY$` <......da.6..@<D.H.QAH.8y$nB.7..D....<...E!...@.P... .<T....J.(.UU...n.z....>~.a..........3I.S..!.B$<..%....~._.I.n.Xz..~.JL...M.>.>k..Gf?..}.O<13...T..'..............n..e.Hx3v..]....G....!;G..o..B.-...#W.on..#W...QY.Q..~.H..t....k..;p.Dw.(..".=.L.......%7._v......n..4.x.0.,..M...5.V.s..0.n.<...IF.rEB..1i?...<.=BH.....P>"#..9.!.i..?D.....=RX.x.&.0.7.h..'...L...]..W..y.....u......^..~0.,..c&.)<....!t.C.^.L.....O..~...+.5..R...B,..h,o...S.&..m....UStS....h#...}.n..p....I...b{......t.....2c... .v..,..$\|..qz..oK....}'..k....g......j........f.R.);.t.. ....g..VI..qI .>...;.E6I>...&I.e..Ya"@R.Y..E.\..N....`../wk.US...=.$WKj.D.Ta./J.g.Y'.......b)1y..d.(n....z9...$r.X......W...X.?)...g.*A..S.+....PY..i...p....%Jr6.3.n.9..d....\.].`.$[..8B..;%.J.S..{.#...#7..fh.)...E=...T...Q......s..S...;.....

C:\Windows\System32\catroot2\dberr.txt

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	3475
Entropy (8bit):	5.365901796321752
Encrypted:	false
SSDEEP:	96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk3YpgpNs:QO00eO00erMwmkB1kA6
MD5:	7CAD3C2DAEAF36E2729D22DEB9203864
SHA1:	7EA5FE801967B0B3DB05FE6EE3889A0D67EE32CE
SHA-256:	5835C356D3EFB7790F1354C50D6188174F955703AAEADA19B6D482E6F02E72A7
SHA-512:	CA4290EDB0C8AD2852AB985BEFE7D2A6081CAEC812A92A94C569990780F54FDFE2DA6D215BEF9C19AEF712D482804B2C514A39F56F54510EDA1E1FF11610E42D
Malicious:	false
Preview:	CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.987497661787173
TrID:	Win32 Executable (generic) a (10002005/4) 95.94% DirectShow filter (201580/2) 1.93% Windows ActiveX control (116523/4) 1.12% Win32 EXE PECompact compressed (v2.x) (59071/9) 0.57% Win32 EXE PECompact compressed (generic) (41571/9) 0.40%
File name:	Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
File size:	50'479'449 bytes
MD5:	7714a5d364f8660817c487b2cb137381
SHA1:	2c94e7f2f817d36b43cf4c3dcd81af08dbbd3e50
SHA256:	f12cb718550f0f0b61b4564896366c476ae5080e487917195fada42cc9bcb08f
SHA512:	c7320f118ed382b8acf0e4b8ec6c7845d8edff9a2cebe92342bb1adf45aa5d1c67d52e3385ac55150c8d57c82a9c71cdf00e13b70bbe0d7d19a4aeaa611dde0c
SSDEEP:	1572864:ZkDAa9uIxIZeZSB0XSXoFe+FDLmBGMzPBStIf:ZkDAa9uWbZSB0XsoM+1LYBSWf
TLSH:	44B73313BA41907EE2A14231DD6F2E6099A87D774B2541A7B748FE1C2DF02C2B937B17
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^y....s...s...s.......s.......s.......s.......s.....Z.s..o....s...r...s..o....s.....7.s.......s.......s.......s.Rich..s........

File Icon


Icon Hash:	55497933cc61714d

Static PE Info

General

Entrypoint:	0x45e61f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5979D664 [Thu Jul 27 12:02:44 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	952608687d343553fa2ebbe1a801044c

Entrypoint Preview

Instruction
call 00007F00C516CD7Fh
jmp 00007F00C515F16Eh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+14h]
push esi
test eax, eax
je 00007F00C515F36Eh
cmp dword ptr [ebp+08h], 00000000h
jne 00007F00C515F345h
call 00007F00C515E1FCh
push 00000016h
pop esi
mov dword ptr [eax], esi
call 00007F00C5165DC2h
mov eax, esi
jmp 00007F00C515F357h
cmp dword ptr [ebp+10h], 00000000h
je 00007F00C515F319h
cmp dword ptr [ebp+0Ch], eax
jnc 00007F00C515F33Bh
call 00007F00C515E1DEh
push 00000022h
jmp 00007F00C515F312h
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+08h]
call 00007F00C515BC58h
add esp, 0Ch
xor eax, eax
pop esi
pop ebp
ret
push ebp
mov ebp, esp
xor edx, edx
mov eax, edx
cmp dword ptr [ebp+0Ch], eax
jbe 00007F00C515F343h
mov ecx, dword ptr [ebp+08h]
cmp word ptr [ecx], dx
je 00007F00C515F33Bh
inc eax
add ecx, 02h
cmp eax, dword ptr [ebp+0Ch]
jc 00007F00C515F324h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov ecx, dword ptr [esp+0Ch]
push edi
test ecx, ecx
je 00007F00C515F3C8h
push esi
push ebx
mov ebx, ecx
mov esi, dword ptr [esp+14h]
test esi, 00000003h
mov edi, dword ptr [esp+10h]
jne 00007F00C515F33Dh
shr ecx, 02h
jne 00007F00C515F3BBh
jmp 00007F00C515F359h
mov al, byte ptr [esi]
add esi, 01h
mov byte ptr [edi], al
add edi, 01h
sub ecx, 01h
je 00007F00C515F35Dh
test al, al
je 00007F00C515F361h
test esi, 00000003h
jne 00007F00C515F317h

Rich Headers

Programming Language:

[ C ] VS2012 UPD1 build 51106
[C++] VS2012 UPD1 build 51106
[RES] VS2012 UPD1 build 51106
[LNK] VS2012 UPD1 build 51106

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd420c	0xdc	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xdc000	0x4c374	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0xae700	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xc3478	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xae000	0x674	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xd3a48	0x120	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xac3bb	0xac400	386d4e83ddc03d283ce60ef8000a365d	False	0.47123321843251087	data	6.542037368452921	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xae000	0x2850e	0x28600	071ef44d162d59f09766d34c47d905ac	False	0.42459607198142413	data	5.194098502397867	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xd7000	0x4c24	0x2600	022a8788ffc1c09d3a398a6fdb88e32e	False	0.2922491776315789	PGP symmetric key encrypted data - Plaintext or unencrypted data	4.513958170455511	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xdc000	0x4c374	0x4c400	88b54caad18152cf43355c93ba95a174	False	0.35981365266393445	data	6.533574261371468	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
GIF	0xdced4	0x339f	GIF image data, version 89a, 350 x 624	English	United States	0.9129020052970109
PNG	0xe0274	0x39ed	PNG image data, 360 x 150, 8-bit/color RGBA, non-interlaced			0.9975723244992919
PNG	0xe3c64	0x2fc9	PNG image data, 240 x 227, 8-bit/color RGBA, non-interlaced			0.9968119022316685
RT_BITMAP	0xe6c30	0x14220	Device independent bitmap graphic, 220 x 370 x 8, image size 81400			0.34390764454792394
RT_BITMAP	0xfae50	0x1b5c	Device independent bitmap graphic, 180 x 75 x 4, image size 6900			0.18046830382638493
RT_BITMAP	0xfc9ac	0x38e4	Device independent bitmap graphic, 180 x 75 x 8, image size 13500			0.26689096402087337
RT_BITMAP	0x100290	0x1238	Device independent bitmap graphic, 60 x 60 x 8, image size 3600			0.23499142367066894
RT_BITMAP	0x1014c8	0x6588	Device independent bitmap graphic, 161 x 152 x 8, image size 24928, resolution 3796 x 3796 px/m, 256 important colors			0.3035934133579563
RT_BITMAP	0x107a50	0x11f88	Device independent bitmap graphic, 161 x 152 x 24, image size 73568, resolution 3780 x 3780 px/m			0.12790729268557766
RT_ICON	0x1199d8	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 0			0.21341463414634146
RT_ICON	0x11a040	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0			0.34139784946236557
RT_ICON	0x11a328	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0			0.5202702702702703
RT_ICON	0x11a450	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.47334754797441364
RT_ICON	0x11b2f8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.6101083032490975
RT_ICON	0x11bba0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.596820809248555
RT_ICON	0x11c108	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0			0.2932572614107884
RT_ICON	0x11e6b0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0			0.4343339587242026
RT_ICON	0x11f758	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0			0.7198581560283688
RT_ICON	0x11fbc0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640			0.35618279569892475
RT_ICON	0x11fea8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640			0.42473118279569894
RT_DIALOG	0x120190	0x1ce	data			0.48917748917748916
RT_DIALOG	0x120360	0x266	data			0.4527687296416938
RT_DIALOG	0x1205c8	0x2b0	data			0.438953488372093
RT_DIALOG	0x120878	0x54	data			0.6904761904761905
RT_DIALOG	0x1208cc	0x34	data			0.8846153846153846
RT_DIALOG	0x120900	0xd6	data			0.6495327102803738
RT_DIALOG	0x1209d8	0x114	data			0.5036231884057971
RT_DIALOG	0x120aec	0xd6	data			0.5841121495327103
RT_DIALOG	0x120bc4	0x246	data			0.4690721649484536
RT_DIALOG	0x120e0c	0x3c8	data			0.4194214876033058
RT_DIALOG	0x1211d4	0x14e	data			0.5359281437125748
RT_DIALOG	0x121324	0x1e8	data			0.49385245901639346
RT_DIALOG	0x12150c	0x1c6	data			0.5286343612334802
RT_DIALOG	0x1216d4	0x1ee	data			0.49190283400809715
RT_DIALOG	0x1218c4	0x7c	data			0.7580645161290323
RT_DIALOG	0x121940	0x3bc	data			0.4372384937238494
RT_DIALOG	0x121cfc	0x158	data			0.5581395348837209
RT_DIALOG	0x121e54	0x1da	data			0.5168776371308017
RT_DIALOG	0x122030	0x10a	data			0.6015037593984962
RT_DIALOG	0x12213c	0xde	data			0.6441441441441441
RT_DIALOG	0x12221c	0x1d4	data			0.5085470085470085
RT_DIALOG	0x1223f0	0x1dc	data			0.5210084033613446
RT_DIALOG	0x1225cc	0x294	data			0.48787878787878786
RT_STRING	0x122860	0x160	data	English	United States	0.5340909090909091
RT_STRING	0x1229c0	0x23e	data	English	United States	0.40418118466898956
RT_STRING	0x122c00	0x378	data	English	United States	0.4222972972972973
RT_STRING	0x122f78	0x252	data	English	United States	0.4393939393939394
RT_STRING	0x1231cc	0x1f4	data	English	United States	0.442
RT_STRING	0x1233c0	0x66a	data	English	United States	0.3617539585870889
RT_STRING	0x123a2c	0x366	data	English	United States	0.41379310344827586
RT_STRING	0x123d94	0x27e	data	English	United States	0.4561128526645768
RT_STRING	0x124014	0x518	data	English	United States	0.39800613496932513
RT_STRING	0x12452c	0x882	data	English	United States	0.3002754820936639
RT_STRING	0x124db0	0x23e	data	English	United States	0.45121951219512196
RT_STRING	0x124ff0	0x3ba	data	English	United States	0.3280922431865828
RT_STRING	0x1253ac	0x12c	data	English	United States	0.5266666666666666
RT_STRING	0x1254d8	0x4a	data	English	United States	0.6756756756756757
RT_STRING	0x125524	0xda	data	English	United States	0.6100917431192661
RT_STRING	0x125600	0x110	data	English	United States	0.5845588235294118
RT_STRING	0x125710	0x20a	data	English	United States	0.4521072796934866
RT_STRING	0x12591c	0xba	Matlab v4 mat-file (little endian) P, numeric, rows 0, columns 0	English	United States	0.5860215053763441
RT_STRING	0x1259d8	0xa8	data	English	United States	0.6607142857142857
RT_STRING	0x125a80	0x12a	data	English	United States	0.5201342281879194
RT_STRING	0x125bac	0x422	data	English	United States	0.2741020793950851
RT_STRING	0x125fd0	0x5c2	data	English	United States	0.37720488466757124
RT_STRING	0x126594	0x40	data	English	United States	0.671875
RT_STRING	0x1265d4	0xcaa	data	English	United States	0.2313386798272671
RT_STRING	0x127280	0x284	data	English	United States	0.4363354037267081
RT_GROUP_ICON	0x127504	0x84	data			0.6363636363636364
RT_GROUP_ICON	0x127588	0x14	data			1.25
RT_GROUP_ICON	0x12759c	0x14	data			1.25
RT_VERSION	0x1275b0	0x47c	data			0.4337979094076655
RT_MANIFEST	0x127a2c	0x622	XML 1.0 document, ASCII text, with CRLF line terminators			0.44522292993630574
RT_MANIFEST	0x128050	0x323	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (743), with CRLF line terminators	English	United States	0.5255292652552926

Imports

DLL	Import
COMCTL32.dll
KERNEL32.dll	IsBadReadPtr, CompareStringW, CompareStringA, GetSystemDefaultLangID, GetUserDefaultLangID, ExpandEnvironmentStringsW, GetCurrentDirectoryW, FileTimeToLocalFileTime, GetFileTime, SetFileAttributesW, HeapAlloc, HeapFree, GetProcessHeap, CopyFileW, GetWindowsDirectoryW, InterlockedDecrement, InterlockedIncrement, GetTempPathW, CreateFileW, LoadLibraryA, GetSystemDirectoryA, FindResourceW, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetPrivateProfileIntW, LockResource, LoadResource, MultiByteToWideChar, MoveFileExW, WriteProcessMemory, VirtualProtectEx, GetSystemDirectoryW, FlushInstructionCache, SetThreadContext, GetThreadContext, ResumeThread, TerminateProcess, ExitProcess, LoadLibraryW, lstrcatW, lstrcpynW, lstrcmpiW, LoadLibraryExW, FreeLibrary, FindResourceExW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, VirtualQuery, GetSystemInfo, GetSystemTimeAsFileTime, CreateEventW, CreateMutexW, ReleaseMutex, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, QueryPerformanceFrequency, SetErrorMode, RaiseException, FreeResource, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcatA, lstrcmpiA, MulDiv, FlushFileBuffers, WriteConsoleW, SetStdHandle, OutputDebugStringW, SetConsoleCtrlHandler, SetFilePointerEx, GetConsoleMode, WriteFile, SetFilePointer, GetFileSize, GetFileAttributesW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, FindFirstFileW, FindClose, CreateDirectoryW, VerLanguageNameW, IsValidLocale, GetLocaleInfoW, WideCharToMultiByte, lstrcpyA, GetTickCount, ExitThread, CreateThread, GetExitCodeProcess, ReadFile, GetCommandLineW, FormatMessageW, LocalFree, SizeofResource, GetVersionExW, GetCurrentProcess, WaitForSingleObject, SetLastError, GetLastError, DuplicateHandle, RemoveDirectoryW, DeleteFileW, SetCurrentDirectoryW, lstrlenW, lstrcpyW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, CreateProcessW, Sleep, CloseHandle, GetSystemDefaultUILanguage, ReadConsoleW, GetConsoleCP, EnumSystemLocalesW, GetUserDefaultLCID, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetFileType, HeapReAlloc, GetStdHandle, HeapSize, AreFileApisANSI, GetModuleHandleExW, GetStringTypeW, GetCurrentThreadId, GetCPInfo, GetOEMCP, IsValidCodePage, CreateSemaphoreW, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FatalAppExitA, GetACP, IsProcessorFeaturePresent, IsDebuggerPresent, RtlUnwind, lstrcpynA, LocalAlloc, FindNextFileW, WritePrivateProfileSectionW, GetPrivateProfileSectionW, lstrcmpW, GetShortPathNameW, GetCurrentThread, QueryPerformanceCounter, lstrcmpA, SystemTimeToFileTime, ResetEvent, SetEvent, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetDateFormatW, GetTimeFormatW, GetTempFileNameW, GetEnvironmentVariableW, CompareFileTime, InterlockedExchange, LoadLibraryExA, EnterCriticalSection, LeaveCriticalSection, EncodePointer, DecodePointer, LCMapStringW, GetVersion, GetCurrentProcessId, GetLocalTime, lstrlenA, GetProcessTimes, OpenProcess, SetFileTime
USER32.dll	DialogBoxIndirectParamW, MoveWindow, SendMessageW, CharUpperBuffW, WaitForInputIdle, wsprintfW, GetDlgItem, SetDlgItemTextW, SetActiveWindow, SetForegroundWindow, SetWindowTextW, GetWindowRect, MessageBoxW, GetWindowLongW, SetWindowLongW, LoadIconW, TranslateMessage, DispatchMessageW, PeekMessageW, EndDialog, SystemParametersInfoW, GetWindow, FillRect, GetSysColor, MapWindowPoints, RemovePropW, GetPropW, SetPropW, EndPaint, BeginPaint, EnableMenuItem, GetSystemMetrics, SetFocus, ExitWindowsEx, CharUpperW, wsprintfA, CallWindowProcW, CreateWindowExW, DrawIcon, DrawTextW, UpdateWindow, GetWindowDC, InvalidateRect, DrawFocusRect, CopyRect, InflateRect, EnumChildWindows, GetClassNameW, MapDialogRect, RegisterClassExW, GetDlgItemTextW, IntersectRect, MonitorFromPoint, DefWindowProcW, GetMessageW, LoadStringW, LoadImageW, ReleaseDC, GetDC, CreateDialogParamW, GetParent, GetWindowTextW, CharNextW, GetDesktopWindow, GetClientRect, IsWindowEnabled, CreateDialogIndirectParamW, IsWindowVisible, IsDialogMessageW, FindWindowExW, ScreenToClient, EnableWindow, MsgWaitForMultipleObjects, SendDlgItemMessageW, SetWindowPos, ShowWindow, DestroyWindow, IsWindow, PostMessageW
GDI32.dll	SetTextColor, SetBkMode, SetBkColor, SaveDC, RestoreDC, CreateSolidBrush, UnrealizeObject, CreateHalftonePalette, GetDIBColorTable, SelectPalette, SelectObject, RealizePalette, GetSystemPaletteEntries, GetDeviceCaps, DeleteDC, CreatePalette, CreateCompatibleDC, BitBlt, GetObjectW, TranslateCharsetInfo, DeleteObject, CreateFontIndirectW, CreateCompatibleBitmap, CreateDCW, CreatePatternBrush, GetStockObject, GetTextExtentPoint32W, DeleteMetaFile, CreateDIBitmap, CreateBitmap, CreateRectRgn, PatBlt, PlayMetaFile, SelectClipRgn, SetMapMode, SetMetaFileBitsEx, SetPixel, StretchBlt, SetStretchBltMode, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, TextOutW
ADVAPI32.dll	CryptSignHashW, RegEnumValueW, RegQueryValueExW, SetEntriesInAclW, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateWellKnownSid, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, OpenProcessToken, AdjustTokenPrivileges, AllocateAndInitializeSid, FreeSid, LookupPrivilegeValueW, RegOverridePredefKey, RegCreateKeyW, RegEnumKeyW, OpenThreadToken, GetTokenInformation, EqualSid, CryptAcquireContextW, CryptReleaseContext, CryptDeriveKey, CryptDestroyKey, CryptSetHashParam, CryptGetHashParam, CryptExportKey, CryptImportKey, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptVerifySignatureW
SHELL32.dll	SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHGetMalloc, ShellExecuteExW
ole32.dll	CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance, CoInitializeSecurity, ProgIDFromCLSID, CreateStreamOnHGlobal, CoInitializeEx, CoUninitialize, GetRunningObjectTable, CreateItemMoniker, CoLoadLibrary, CoCreateGuid, StringFromGUID2
OLEAUT32.dll	VariantChangeType, VarBstrCmp, CreateErrorInfo, SetErrorInfo, UnRegisterTypeLib, RegisterTypeLib, LoadTypeLib, VariantInit, VariantClear, VarUI4FromStr, SysAllocString, SysFreeString, SysStringLen, SysAllocStringLen, SysReAllocStringLen, GetErrorInfo, SysStringByteLen, VarBstrCat, SysAllocStringByteLen
RPCRT4.dll	UuidCreate, RpcStringFreeW, UuidFromStringW, UuidToStringW
gdiplus.dll	GdipFree, GdipDrawImageRectI, GdipSetInterpolationMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipCreateBitmapFromResource, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipGetImageWidth, GdipGetImageHeight, GdipAlloc

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	04:26:17
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe"
Imagebase:	0x400000
File size:	50'479'449 bytes
MD5 hash:	7714A5D364F8660817C487B2CB137381
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:26:17
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\setup.exe -package:"C:\Users\user\Desktop\Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\" -tempdisk1folder:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\" -IS_OriginalLauncher:"C:\Users\user\AppData\Local\Temp\{9F7BA959-F754-4698-9ED9-66FC40E61686}\Disk1\setup.exe"
Imagebase:	0x400000
File size:	1'193'984 bytes
MD5 hash:	97F32563F6B0D290E09DB98FBFC10AAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:26:20
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44B75239-B0AF-47DD-A0EA-BC7D4A0B17ED}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:26:20
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5425AD48-0ECD-4EE0-85CD-E51323D6FCF4}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:26:20
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F2901D81-EC67-4183-B0BC-B0228BC2084C}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:26:20
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{539B659B-A16F-4977-A999-3AA0E583BB3E}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:26:20
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E945D39-A59F-4496-9E17-EAE507F80961}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:26:24
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\{9C3AB17D-33C7-4582-ABDE-BAB8CE8D602E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCF05350-BA9A-4EF4-A170-B5E82B942E03}
Imagebase:	0x7ff62f220000
File size:	182'008 bytes
MD5 hash:	8A1E5A6B1C4E0C7D706EB2B36FA6C8EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:26:50
Start date:	25/11/2024
Path:	C:\Windows\System32\SrTasks.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Imagebase:	0x7ff61e2e0000
File size:	59'392 bytes
MD5 hash:	2694D2D28C368B921686FE567BD319EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:26:50
Start date:	25/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	04:26:55
Start date:	25/11/2024
Path:	C:\TEC_DRV\TECDRVIn.exe
Wow64 process (32bit):	true
Commandline:	C:\TEC_DRV\TECDRVIn.exe
Imagebase:	0x400000
File size:	192'512 bytes
MD5 hash:	A2D3A064D147ABD9A7234974824FFE91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	04:26:57
Start date:	25/11/2024
Path:	C:\Windows\System32\drvinst.exe
Wow64 process (32bit):	false
Commandline:	DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{17e7365f-2fcb-3241-b5ab-a872a4e2c26b}\TOSHIBATEC.inf" "9" "4b7447563" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "C:\TEC_DRV"
Imagebase:	0x7ff756be0000
File size:	337'920 bytes
MD5 hash:	294990C88B9D1FE0A54A1FA8BF4324D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:27:02
Start date:	25/11/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4b29340b-77a4-1642-8c1c-e9c6c398ae5b} Global\{95b0d15e-59ba-f945-a362-1292ebab1705} C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.inf C:\Windows\System32\DriverStore\Temp\{ad084959-69d4-2442-9d3d-6604520f436b}\TOSHIBATEC.cat
Imagebase:	0x7ff69ef50000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	35

Executed Functions

Function 00425659 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 537
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00425663

Part of subcall function 00424725: __EH_prolog3.LIBCMT ref: 0042472C
Part of subcall function 00424725: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000008,https://,00000000,00000000,00000007,http://,00000000,?), ref: 00424786

Part of subcall function 00425414: SetFilePointer.KERNELBASE(000000FF,?,000000FF,?), ref: 0042542F

FindFirstFileW.KERNELBASE(?,?,00000001,?,00000000), ref: 004256E9
lstrcpyW.KERNEL32(?,00000000), ref: 004257D4
lstrlenW.KERNEL32(?), ref: 004257E1
lstrcpyW.KERNEL32(?,00000000), ref: 00425813
lstrlenW.KERNEL32(?), ref: 00425820
lstrcpyW.KERNEL32(?,00000000), ref: 0042584F
lstrlenW.KERNEL32(?), ref: 00425859

Part of subcall function 0042382A: FindClose.KERNELBASE(?,00000000,00441FA5), ref: 0042383D

Strings

.cab, xrefs: 00425A9A
@/L, xrefs: 00425DC5
data, xrefs: 00425B2D
data1.cab, xrefs: 00425B40

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Filelstrcpylstrlen$Find$CloseCreateFirstH_prolog3H_prolog3_Pointer
String ID: .cab$@/L$data$data1.cab
API String ID: 2212002782-3499192638
Opcode ID: 395563e3d171c7b8bdf374e6a06ec517a95fbf48ca5f5f4eb4d342c5c46a9505
Instruction ID: fb7dcdbb61c0b39fab6b97eda141d987a6e2fe3132a9a7eded4b9dbfcae1609a
Opcode Fuzzy Hash: 395563e3d171c7b8bdf374e6a06ec517a95fbf48ca5f5f4eb4d342c5c46a9505
Instruction Fuzzy Hash: 3B326071A0026C9ADB20EBA1DC45FDEB778AF46304F4045EAE40AA3591DF785F84CF5A

Function 0043B52C Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 290
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0043B536

Part of subcall function 00448D7A: __EH_prolog3_GS.LIBCMT ref: 00448D81
Part of subcall function 00448D7A: RegQueryValueExW.KERNELBASE(?,?,00000000,00000008,00000000,@/L,0000005C,0041AB68,?,-80000001,?,?), ref: 00448DF6

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

GetCurrentProcessId.KERNEL32(bin,00000000), ref: 0043B683
_memset.LIBCMT ref: 0043B6C3
GetLocalTime.KERNEL32(?), ref: 0043B748

Part of subcall function 0043A837: __EH_prolog3_GS.LIBCMT ref: 0043A841
Part of subcall function 0043A837: _memset.LIBCMT ref: 0043A866
Part of subcall function 0043A837: SHGetSpecialFolderLocation.SHELL32(00000000,@/L,?,?,00000000,00000000), ref: 0043A884
Part of subcall function 0043A837: SHGetPathFromIDListW.SHELL32(?,?), ref: 0043A8A2
Part of subcall function 0043A837: SHGetMalloc.SHELL32(?), ref: 0043A8AF

GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,00000104), ref: 0043B800

Strings

(c) Copyright 2004 InstallShield Software Corporation (All Rights Reserved), xrefs: 0043B732
@/L, xrefs: 0043B7C9
bin, xrefs: 0043B67E
TraceStarted: %.2ld/%.2ld/%.2ld %.2ld:%.2ld:%.2ld, xrefs: 0043B789
FileNamePath, xrefs: 0043B5F5
SetupExe: %ls, xrefs: 0043B824
SetupExeVersion: %ld.%ld.%ld.%ld, xrefs: 0043B89C
ISlogit, xrefs: 0043B54B, 0043B550, 0043B59D, 0043B60F
TraceStd, xrefs: 0043B586
@/L, xrefs: 0043B75C
setuptrace, xrefs: 0043B68A
%s%s%d.%s, xrefs: 0043B690
d]K, xrefs: 0043B903
@/L, xrefs: 0043B8B7
TraceData:, xrefs: 0043B8D2
FormatVersion=00000112, xrefs: 0043B719
Category|SubCategory|Details, xrefs: 0043B8EB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$ErrorFreeLastString_memset$CurrentFileFolderFromListLocalLocationMallocModuleNamePathProcessQuerySpecialTimeValue
String ID: TraceData:$%s%s%d.%s$(c) Copyright 2004 InstallShield Software Corporation (All Rights Reserved)$@/L$@/L$@/L$Category|SubCategory|Details$FileNamePath$FormatVersion=00000112$ISlogit$SetupExe: %ls$SetupExeVersion: %ld.%ld.%ld.%ld$TraceStarted: %.2ld/%.2ld/%.2ld %.2ld:%.2ld:%.2ld$TraceStd$bin$d]K$setuptrace
API String ID: 2855092573-4001883202
Opcode ID: 6e20147ccf1913a1cb4a1be1fa65b1c62fcd0811777233c557fbeaff02ed19fd
Instruction ID: 3d2c0ecb5225ad2b930c800e3017c8f0c72d876dafc2baba95723155e1d2cc0b
Opcode Fuzzy Hash: 6e20147ccf1913a1cb4a1be1fa65b1c62fcd0811777233c557fbeaff02ed19fd
Instruction Fuzzy Hash: A0A195B1D00119ABDB10EB95CC46FEEBB7CAF05714F1001AFF905A7182EB785A44CBA9

Function 004448BB Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 239
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 004448C5
AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0000014C,004198D8,?), ref: 00444921
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0044495B
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000221,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0044497B
_memset.LIBCMT ref: 0044498B
SetEntriesInAclW.ADVAPI32 ref: 00444A24

Strings

@/L, xrefs: 00444B91
@/L, xrefs: 00444AC6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AllocateInitialize$EntriesH_prolog3__memset
String ID: @/L$@/L
API String ID: 2297503650-2149722323
Opcode ID: bbb9444116ea974b4cd9b9a1bc0f6415ce88f2415048083fd8fbf6292f817b1a
Instruction ID: 168844c671850aa8acec424d43c3e3616bec41bfd67e47923ee4d1d4a20378bf
Opcode Fuzzy Hash: bbb9444116ea974b4cd9b9a1bc0f6415ce88f2415048083fd8fbf6292f817b1a
Instruction Fuzzy Hash: 059124B0D002599EEB11DF95CC85FEEB7B8AF18704F4040EEE509B6191DBB85A848F69

Function 00450887 Relevance: 18.1, APIs: 12, Instructions: 138
threadmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 004508AB
OpenThreadToken.ADVAPI32(00000000,?,?,0045083B,00000001,00000001), ref: 004508B2
GetLastError.KERNEL32(?,?,0045083B,00000001,00000001), ref: 004508C2
GetCurrentProcess.KERNEL32(00000008,00000001,?,?,0045083B,00000001,00000001), ref: 004508D1
OpenProcessToken.ADVAPI32(00000000,?,?,0045083B,00000001,00000001), ref: 004508D8
GetLastError.KERNEL32(?,?,0045083B,00000001,00000001), ref: 004508DE
GetTokenInformation.KERNELBASE(00000001,00000002,00000000,00000000,?,?,?,?,0045083B,00000001,00000001), ref: 0045090F
GetLastError.KERNEL32(?,?,0045083B,00000001,00000001), ref: 00450924
GetTokenInformation.KERNELBASE(00000001,00000002,00000000,?,?,?,?,0045083B,00000001,00000001), ref: 00450943
AllocateAndInitializeSid.ADVAPI32(00000001,00000002,00000020,00000223,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0045083B,00000001,00000001), ref: 0045096D
EqualSid.ADVAPI32(00000004,?,?,?,0045083B,00000001,00000001), ref: 00450988
FreeSid.ADVAPI32(?,?,?,0045083B,00000001,00000001), ref: 004509B4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Token$ErrorLast$CurrentInformationOpenProcessThread$AllocateEqualFreeInitialize
String ID:
API String ID: 884311744-0
Opcode ID: f08a43c7aa91ad75079550437a9628e04504a1d5150f088b0dfa2ae68a001fee
Instruction ID: b3435590b7724b8fb763c90f05a53a234fe44bf457c41d70f53487cd3cfa1901
Opcode Fuzzy Hash: f08a43c7aa91ad75079550437a9628e04504a1d5150f088b0dfa2ae68a001fee
Instruction Fuzzy Hash: 2541F6B5904219AFEF109BA1DC85FBF7BBCEF05305F10442AF901A2193D6788D49CB69

Function 00425FCC Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000000), ref: 00425FF0
SetErrorMode.KERNELBASE(00000000), ref: 00425FF8
CoInitializeEx.COMBASE(00000000,00000002), ref: 00425FFE

Part of subcall function 004455D3: GetVersionExW.KERNEL32(?), ref: 004455F7

#17.COMCTL32 ref: 00426015
GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,00000104), ref: 00426062

Strings

EXEProcessBegin, xrefs: 004260A7
@/L, xrefs: 0042602E
ISSetupInit, xrefs: 004260BF
EXE=%s, xrefs: 00426094
@/L, xrefs: 00426109

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorMode$FileInitializeModuleNameVersion
String ID: @/L$@/L$EXE=%s$EXEProcessBegin$ISSetupInit
API String ID: 1856150884-1180914206
Opcode ID: 5c2d2fcb6a24af86f26b1d3932de021b03611207add90acee5b9ed6e17477719
Instruction ID: 49ee131d2c6c14ddb2ee0931906a32ff461b3aad57ecbfe64d40510d5b71d258
Opcode Fuzzy Hash: 5c2d2fcb6a24af86f26b1d3932de021b03611207add90acee5b9ed6e17477719
Instruction Fuzzy Hash: 513165B15002086BDB04EBA1DD46FEE77799F45704F4000AEF605AB1D2DFB85A44CBAA

Function 0041CF22 Relevance: 13.6, APIs: 9, Instructions: 144fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000), ref: 0041CF4B
CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000,?,00000000), ref: 0041CF74
GetSystemInfo.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,0041AD54,?,?,?), ref: 0041CF96
MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,?,?,00000000), ref: 0041CFA8
IsBadReadPtr.KERNEL32(?,000000F8), ref: 0041CFDF
UnmapViewOfFile.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,0041AD54,?,?,?), ref: 0041D000
MapViewOfFile.KERNEL32(?,00000004,00000000,00000000,?,?,00000000), ref: 0041D010
GetLastError.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,0041AD54,?,?,?,?), ref: 0041D094
IsBadReadPtr.KERNEL32(?,000000F8), ref: 0041D043

Part of subcall function 00405170: CloseHandle.KERNELBASE(?,?,0041781D), ref: 00405183

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$View$CreateRead$CloseErrorHandleInfoLastMappingSystemUnmap
String ID:
API String ID: 1839224775-0
Opcode ID: b361bc07e0d3ad07dce9cb873b320832fb538301f77cedf8724d4f0d5a86891d
Instruction ID: 1d51cd8d086f613c9da9948f2c1a6f690b32e3ce424fba7af812f89d14476e72
Opcode Fuzzy Hash: b361bc07e0d3ad07dce9cb873b320832fb538301f77cedf8724d4f0d5a86891d
Instruction Fuzzy Hash: FD5160B0E00219AFDB14DF65C885AAFBFB8FF09748F50406AE915A7290D7749E41CB58

Function 0041E830 Relevance: 42.6, APIs: 1, Strings: 23, Instructions: 572
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0041E83A

Part of subcall function 0044BDFA: __EH_prolog3.LIBCMT ref: 0044BE01

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044DA4D: __EH_prolog3_GS.LIBCMT ref: 0044DA57

Part of subcall function 0044E0D6: __EH_prolog3_GS.LIBCMT ref: 0044E0E0

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0044DFF7: __EH_prolog3_GS.LIBCMT ref: 0044DFFE

Part of subcall function 0041E108: __EH_prolog3_GS.LIBCMT ref: 0041E112

Part of subcall function 0040B2A8: __EH_prolog3_GS.LIBCMT ref: 0040B2AF

Strings

SmallProgress, xrefs: 0041EB57
Skin, xrefs: 0041ED57
LogMode, xrefs: 0041EA76
SplashTime, xrefs: 0041EABF
CheckMD5, xrefs: 0041EBE8
ErrorReportURL, xrefs: 0041EDDC
LauncherName, xrefs: 0041EEED
ScriptDriven, xrefs: 0041E8BF
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s, xrefs: 0041EDBE
cmdline, xrefs: 0041EF77
ProductCode, xrefs: 0041E9B2, 0041E9C3
ShowPasswordDialog, xrefs: 0041EB9F
CompanyName, xrefs: 0041EC4D
MediaFormat, xrefs: 0041EA2D
CompanyURL, xrefs: 0041ECD2
Startup, xrefs: 0041E8D7, 0041E8DC, 0041E945, 0041E9D7, 0041EA45, 0041EA8E, 0041EAD7, 0041EB2B, 0041EB6F, 0041EBB7, 0041EC00, 0041EC69, 0041ECEE, 0041ED73, 0041EDF8, 0041EE84, 0041EF09, 0041EF0E, 0041EF93
ProductGUID, xrefs: 0041E9B7
%, xrefs: 0041EFE1
InstallGUID, xrefs: 0041EE68
setup.exe, xrefs: 0041EECF
Product, xrefs: 0041E929
AllUsers, xrefs: 0041EB0F
@/L, xrefs: 0041EE47

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$ErrorLast$FreeH_prolog3String
String ID: %$@/L$AllUsers$CheckMD5$CompanyName$CompanyURL$ErrorReportURL$InstallGUID$LauncherName$LogMode$MediaFormat$Product$ProductCode$ProductGUID$ScriptDriven$ShowPasswordDialog$Skin$SmallProgress$SplashTime$Startup$cmdline$http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s$setup.exe
API String ID: 806320983-2088667960
Opcode ID: 8ad6d39c115e20be26f33371fdd62d119c78edf99329aba7a89b9d259fb3b18e
Instruction ID: d0b572ee2ee85a1741b3f3b92f37e59d9c28d760f179574b644976fe918189f3
Opcode Fuzzy Hash: 8ad6d39c115e20be26f33371fdd62d119c78edf99329aba7a89b9d259fb3b18e
Instruction Fuzzy Hash: 4522B731A01259BEEB04F7A5C956BEDBBB8AF05704F4000DEE504671C2DBB85F48CBA6

Function 00418E75 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 229
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00418E7F
_memmove.LIBCMT ref: 00418EA4

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,00000000), ref: 00418ED9
__setjmp3.LIBCMT ref: 00418EFA
_memmove.LIBCMT ref: 00419163

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00417EFF: __EH_prolog3.LIBCMT ref: 00417F06

Strings

setup.cpp, xrefs: 00418EB5
Success, xrefs: 00419102
CopyDisk1FileToTempBegin, xrefs: 00418F3F
Failure, xrefs: 00419093
SourceFile=%sTargetFile=%s, xrefs: 00418F24
@/L, xrefs: 0041904D
@/L, xrefs: 004190F9, 004190FC, 00419089, 0041908C, 00418F1C, 00418F1F, 00418F23, 00419090, 00419100
Result=%sError=0x%08lxCopied=%ldSourceFile=%sTargetFile=%s, xrefs: 00419098
CopyDisk1FileToTempEnd, xrefs: 004190B0, 0041911F
ISSetupDLLOp, xrefs: 00418F5C, 004190CD, 0041913C
Result=%sCopied=%ldSourceFile=%sTargetFile=%s, xrefs: 00419107

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3String_memmove$H_prolog3___setjmp3lstrcpy
String ID: @/L$@/L$CopyDisk1FileToTempBegin$CopyDisk1FileToTempEnd$Failure$ISSetupDLLOp$Result=%sError=0x%08lxCopied=%ldSourceFile=%sTargetFile=%s$Result=%sCopied=%ldSourceFile=%sTargetFile=%s$SourceFile=%sTargetFile=%s$Success$setup.cpp
API String ID: 720208508-1089413182
Opcode ID: 5d52db8a89a2bf7a67114318f8abe31add6400343fb26f9adb8d1c47cf510ef1
Instruction ID: 062987b381fab29ed39045fae4b0a3f623b42c973eb7f709b5c6a6387a1f3e91
Opcode Fuzzy Hash: 5d52db8a89a2bf7a67114318f8abe31add6400343fb26f9adb8d1c47cf510ef1
Instruction Fuzzy Hash: F091B1B1900218EBDB10EF55CC46FDE7BB8AF05708F50419FF909A7141DBB89A48CBA6

Function 0041BFB9 Relevance: 25.7, APIs: 17, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0041BFF9
_memset.LIBCMT ref: 0041C016
_memset.LIBCMT ref: 0041C030
_memset.LIBCMT ref: 0041C04A
_memset.LIBCMT ref: 0041C064
_memset.LIBCMT ref: 0041C07E
InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0041C08F
CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 0041C0C0
CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 0041C0DD
CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 0041C0FA
CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 0041C117
CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 0041C138

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memset$CreateKnownWell$DescriptorInitializeSecurity
String ID:
API String ID: 520831841-0
Opcode ID: 45b932497ae50f25b3d509d89c8eac2ed41aa6b69056bb56c1a86ce22cf307ac
Instruction ID: 09a9ff13bd7ead82815606be7f2904bc22e582a76c39c0dc913cfcecf0a334bb
Opcode Fuzzy Hash: 45b932497ae50f25b3d509d89c8eac2ed41aa6b69056bb56c1a86ce22cf307ac
Instruction Fuzzy Hash: B891DBB1D4122CAEDB20CFA5DCC4BDEBBBCBB08340F4045ABA51DE6241D7749A848F64

Function 00446326 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 256
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00446330
_memset.LIBCMT ref: 004463CA
CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000044,004D9A00,?,00000000), ref: 00446442
GetLastError.KERNEL32 ref: 0044645D
_memset.LIBCMT ref: 004464BD
ShellExecuteExW.SHELL32(0000003C), ref: 0044658C
WaitForInputIdle.USER32(?,000003E8), ref: 00446607
GetExitCodeProcess.KERNELBASE(?,004D99FC), ref: 0044662B
GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00446635

Part of subcall function 004248A5: __EH_prolog3_GS.LIBCMT ref: 004248AF

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0040B22B: __EH_prolog3_GS.LIBCMT ref: 0040B232

Part of subcall function 00413C81: __EH_prolog3_GS.LIBCMT ref: 00413C88

Strings

@/L, xrefs: 004463C2, 004463C9
D, xrefs: 004463E4
@/L, xrefs: 00446664
<, xrefs: 004464D8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$FreeProcessString_memset$CodeCreateExecuteExitIdleInputShellWait
String ID: <$@/L$@/L$D
API String ID: 3263116737-3077052391
Opcode ID: e4cf65b0328e59ba67a750380593ff4d5aca0cb86a2c70fa4ffd351757e26383
Instruction ID: 6ca43683aa3a212a707171b667779d572eef4d51c58aedf755840db3885de9f0
Opcode Fuzzy Hash: e4cf65b0328e59ba67a750380593ff4d5aca0cb86a2c70fa4ffd351757e26383
Instruction Fuzzy Hash: CDA1A871800148EEDB11EFA5CC45FDE7B78AF55304F10416FF816A7292EB785A48CBAA

Function 00409334 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 179
sleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0040933B
DeleteFileW.KERNELBASE(00000005), ref: 00409425
Sleep.KERNEL32(00000064), ref: 00409439
RemoveDirectoryW.KERNELBASE(?), ref: 00409523
Sleep.KERNEL32(00000064), ref: 00409537

Strings

File=%s, xrefs: 0040937A
Folder=%s, xrefs: 00409475
DeleterDeleteFile, xrefs: 004093AF
@/L, xrefs: 00409484
ISSetupDLLOp, xrefs: 004093C8, 004094C3
@/L, xrefs: 004094FE
DeleterDeleteFolder, xrefs: 004094AA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Sleep$DeleteDirectoryFileH_prolog3_Remove
String ID: @/L$@/L$DeleterDeleteFile$DeleterDeleteFolder$File=%s$Folder=%s$ISSetupDLLOp
API String ID: 3597207528-1788094262
Opcode ID: 61ba59540a5f27d06a7c9157e68fc6e96424a10d95630564105b0a35eb7962fa
Instruction ID: af3b64f140a85ca38516f2fc63b6e00b9358a94bc8629c28dcb65221a5758ee9
Opcode Fuzzy Hash: 61ba59540a5f27d06a7c9157e68fc6e96424a10d95630564105b0a35eb7962fa
Instruction Fuzzy Hash: E961ED75A04204EFDF00EFA5C946BADBB74AF15308F54406EE9107B1C2C7B89D4AC79A

Function 00421722 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0042172C

Part of subcall function 0040E057: __EH_prolog3_GS.LIBCMT ref: 0040E061

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00418E75: __EH_prolog3_GS.LIBCMT ref: 00418E7F
Part of subcall function 00418E75: _memmove.LIBCMT ref: 00418EA4
Part of subcall function 00418E75: lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,00000000), ref: 00418ED9
Part of subcall function 00418E75: __setjmp3.LIBCMT ref: 00418EFA

Strings

-media_path:", xrefs: 004218FF
@/L, xrefs: 00421AAD
" -tempdisk1folder:", xrefs: 00421927
open, xrefs: 00421A47
|-L, xrefs: 00421A81
-IS_OriginalLauncher:, xrefs: 00421968
@/L, xrefs: 00421A56
@/L, xrefs: 004217A9
&, xrefs: 00421AEA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$FreeString$H_prolog3__setjmp3_memmovelstrcpy
String ID: -IS_OriginalLauncher:$ -media_path:"$" -tempdisk1folder:"$&$@/L$@/L$@/L$open$|-L
API String ID: 2038878933-763899853
Opcode ID: 401af91ab55d168f6bfaae3e1c60e33b9589b406695226e4016db74f27438d31
Instruction ID: fb5689bc14f6d42f248b0329b192f7670a0179ba6e0a8268893ddccc92b58586
Opcode Fuzzy Hash: 401af91ab55d168f6bfaae3e1c60e33b9589b406695226e4016db74f27438d31
Instruction Fuzzy Hash: 2EC1A071910158AEDB15EBA5CC55BEEB7B8AF18344F0400EEF409A3192EB786F48CB65

Function 00441B01 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 40
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00441B08
GetModuleHandleW.KERNEL32(kernel32.dll,CreateDirectoryW,00000000,0044269D), ref: 00441B25
GetProcAddress.KERNEL32(00000000), ref: 00441B28
CreateDirectoryW.KERNELBASE(@/L,00000001), ref: 00441B3F
GetModuleHandleW.KERNEL32(kernel32.dll,CreateDirectoryA), ref: 00441B4D
GetProcAddress.KERNEL32(00000000), ref: 00441B50

Strings

CreateDirectoryW, xrefs: 00441B16
kernel32.dll, xrefs: 00441B1D, 00441B48
@/L, xrefs: 00441B36, 00441B39, 00441B3E
CreateDirectoryA, xrefs: 00441B43

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$CreateDirectoryH_prolog3
String ID: @/L$CreateDirectoryA$CreateDirectoryW$kernel32.dll
API String ID: 662308948-3360337979
Opcode ID: fdfb3521f710bff9fd83bdadc5a0edee52d24d1746d097b2a669540433ea7db8
Instruction ID: b1c665df828f0f440f157cb71fb04a9db391db4a6d36b46aabb71bb12b0827f4
Opcode Fuzzy Hash: fdfb3521f710bff9fd83bdadc5a0edee52d24d1746d097b2a669540433ea7db8
Instruction Fuzzy Hash: 1DF0AF30640314ABDF14AFB6CC95E9E7B78EF54B41B51402EB80597160DB7CEA45C7AC

Function 004437BF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 37
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 004437C6
GetModuleHandleW.KERNEL32(kernel32.dll,GetFileAttributesW,00000000,00441EB3,?,?,?,?,?,?,?,?,?,?,?,004097FA), ref: 004437E0
GetProcAddress.KERNEL32(00000000), ref: 004437E3
GetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,004097FA), ref: 004437F9
GetModuleHandleW.KERNEL32(kernel32.dll,GetFileAttributesA,?,?,?,?,?,?,?,?,?,?,?,004097FA), ref: 00443807
GetProcAddress.KERNEL32(00000000), ref: 0044380A

Strings

kernel32.dll, xrefs: 004437D8, 00443802
GetFileAttributesW, xrefs: 004437D1
GetFileAttributesA, xrefs: 004437FD

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$AttributesFileH_prolog3
String ID: GetFileAttributesA$GetFileAttributesW$kernel32.dll
API String ID: 3512441749-1399581607
Opcode ID: b85165ea86fdc975b851c57e26976d7a3fd7a01e57c2aac18914b16de7f7a04c
Instruction ID: 3088d5ed7bf6eec272a4b6ba293ed67cf6ec91cb0f4024647908f381bc384104
Opcode Fuzzy Hash: b85165ea86fdc975b851c57e26976d7a3fd7a01e57c2aac18914b16de7f7a04c
Instruction Fuzzy Hash: 76F0C231600304A7CF14BFB68C15E8EBAB4AF50B51B62452AF81197150DB7CD601CBEC

Function 00420EE5 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 192
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNEL32(00000000,00000000,-00000004), ref: 00421044
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00421069
_memmove.LIBCMT ref: 00421625

Strings

-no_selfdeleter -IS_temp, xrefs: 00420F8B, 00420F90, 00420F98
@/L, xrefs: 004210CF
@/L, xrefs: 0042162D
no_selfdeleter, xrefs: 00420F6F, 00420F74, 00420F7D
Another instance of this setup is already running. Please wait for the other instance to finish and then try again., xrefs: 004210A1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CreateMutexObjectSingleWait_memmove
String ID: -no_selfdeleter -IS_temp$@/L$@/L$Another instance of this setup is already running. Please wait for the other instance to finish and then try again.$no_selfdeleter
API String ID: 1945875148-1962316077
Opcode ID: 24b4a106680dabec5cbd6ec381c828d0317da8950d2d5fb1bbe2d762b84cef12
Instruction ID: c277b3e87b360ef03c0ab4619398d7b5221df4a92d7531dc1d6a20a18ea266ad
Opcode Fuzzy Hash: 24b4a106680dabec5cbd6ec381c828d0317da8950d2d5fb1bbe2d762b84cef12
Instruction Fuzzy Hash: 0C71F5B0A001149FCB15EB24C895BAD7BB5AF58354F5000EEF50AA7392CF789E48CF59

Function 00441E34 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00441E3E
GetLastError.KERNEL32 ref: 00441ED3
GetLastError.KERNEL32 ref: 00441F92
__CxxThrowException@8.LIBCMT ref: 00442002

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00442017: __EH_prolog3_catch_GS.LIBCMT ref: 00442021
Part of subcall function 00442017: __CxxThrowException@8.LIBCMT ref: 004420E0

Strings

dJ, xrefs: 00441FE3, 00441FE6
@/L, xrefs: 00441F23
lJ, xrefs: 00441FD4
, xrefs: 00441FBB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$Exception@8Throw$H_prolog3H_prolog3_H_prolog3_catch_
String ID: $@/L$dJ$lJ
API String ID: 3135901474-310088486
Opcode ID: 779fdcaceb45e3c521750aade0ee804767ae2095ea9d36de305792b69ee4ce9a
Instruction ID: 024aebdfad30573a76e4f50047cbbd5e19666ba93c77f482c8ad1b4a1462f21a
Opcode Fuzzy Hash: 779fdcaceb45e3c521750aade0ee804767ae2095ea9d36de305792b69ee4ce9a
Instruction Fuzzy Hash: AE51F870400208AAEB14FFA5C955BDE7BB46F01358F54419FFC49271E2EB7C4A8ACB99

Function 00426010 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041BFF9
Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041C016
Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041C030
Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041C04A
Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041C064
Part of subcall function 0041BFB9: _memset.LIBCMT ref: 0041C07E
Part of subcall function 0041BFB9: InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0041C08F

#17.COMCTL32 ref: 00426015

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,00000104), ref: 00426062

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Part of subcall function 0043B52C: __EH_prolog3_GS.LIBCMT ref: 0043B536
Part of subcall function 0043B52C: GetCurrentProcessId.KERNEL32(bin,00000000), ref: 0043B683

Part of subcall function 0040E057: __EH_prolog3_GS.LIBCMT ref: 0040E061

Part of subcall function 00417333: __EH_prolog3.LIBCMT ref: 0041733A
Part of subcall function 00417333: GetProcAddress.KERNEL32(?,RemoveEngineTypelib), ref: 00417406

Part of subcall function 00409334: __EH_prolog3_GS.LIBCMT ref: 0040933B
Part of subcall function 00409334: DeleteFileW.KERNELBASE(00000005), ref: 00409425
Part of subcall function 00409334: Sleep.KERNEL32(00000064), ref: 00409439

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

CoUninitialize.COMBASE ref: 00426153

Strings

EXEProcessBegin, xrefs: 004260A7
@/L, xrefs: 0042602E
ISSetupInit, xrefs: 004260BF
EXE=%s, xrefs: 00426094
@/L, xrefs: 00426109

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast_memset$H_prolog3_String$FileFree$AddressAllocCurrentDeleteDescriptorH_prolog3InitializeModuleNameProcProcessSecuritySleepUninitialize
String ID: @/L$@/L$EXE=%s$EXEProcessBegin$ISSetupInit
API String ID: 1577315302-1180914206
Opcode ID: 317e33e4f880d92e7e47d137a5bfaca5c2714160b5d9ad3311e059021581fa55
Instruction ID: ddca3c5136fd1a9baafb025972e1f55a76016417ff3bc3cd44e8b6ae246715ba
Opcode Fuzzy Hash: 317e33e4f880d92e7e47d137a5bfaca5c2714160b5d9ad3311e059021581fa55
Instruction Fuzzy Hash: 0F317271600108ABDB04FBA1DD57FED77799F44308F4004AEF605AA1D2DFB85A48CBAA

Function 004252EC Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004252F6
__CxxThrowException@8.LIBCMT ref: 0042535A
SetFilePointer.KERNELBASE(?,?,?,?,00000108,0042442C,00000000,00000000,00000000,00000000,00000000,00000010,004246AC), ref: 00425366
GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004253B9

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 0042533F, 00425342
dJ, xrefs: 004253E4, 004253E7
lJ, xrefs: 0042538A
lJ, xrefs: 004253D5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3$Exception@8FileH_prolog3_PointerThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2919269545-2563680426
Opcode ID: 9ba60fab15e5c86e60cef301e5b5441a0c87cd72608e0098740fc60d153335a8
Instruction ID: af51474dedc5b26f7e802cd600de06d5f3abcaf2f955c679b4fb138413ebcb4e
Opcode Fuzzy Hash: 9ba60fab15e5c86e60cef301e5b5441a0c87cd72608e0098740fc60d153335a8
Instruction Fuzzy Hash: 663161B6900218EBCB14EF91CC85FEEB778BF14304F10426FE915A3181DB749A45CB99

Function 00441B7A Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 51libraryloaderfileCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CreateFileW,?,00000000,?,0042469A,?,?,?,?,?,?,?,?,00000000,0044208C), ref: 00441B90
GetProcAddress.KERNEL32(00000000), ref: 00441B93
CreateFileW.KERNELBASE(?,?,?,?,?,?,?,?,00000000,?,0042469A,?,?,?,?,?), ref: 00441BBE
GetModuleHandleW.KERNEL32(kernel32.dll,CreateFileA,?,00000000,?,0042469A,?,?,?,?,?,?,?,?,00000000,0044208C), ref: 00441BC8
GetProcAddress.KERNEL32(00000000), ref: 00441BCB

Strings

kernel32.dll, xrefs: 00441B8A, 00441B8F, 00441BC7
CreateFileW, xrefs: 00441B85
CreateFileA, xrefs: 00441BC2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$CreateFile
String ID: CreateFileA$CreateFileW$kernel32.dll
API String ID: 2362759813-3217398002
Opcode ID: 02d42acd285fee06010f2fe6d359a1c1e867698318d47a66b01dc30a36c81fdf
Instruction ID: e6a1661a0682fcf3c0b1e3af4245b7ebd0ec74b0ed3e6b90110b66c31ac7ed74
Opcode Fuzzy Hash: 02d42acd285fee06010f2fe6d359a1c1e867698318d47a66b01dc30a36c81fdf
Instruction Fuzzy Hash: 12015E32500249BBDF025FA4DC44DEB3F3AFF09354B04451AFE2596161D67AD861EBA8

Function 0041B249 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 306COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041B253

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 00425659: __EH_prolog3_GS.LIBCMT ref: 00425663
Part of subcall function 00425659: FindFirstFileW.KERNELBASE(?,?,00000001,?,00000000), ref: 004256E9

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00441E34: __EH_prolog3_GS.LIBCMT ref: 00441E3E

Strings

-package:, xrefs: 0041B50C
Disk1, xrefs: 0041B543
@/L, xrefs: 0041B60C
@/L, xrefs: 0041B54E
setup.exe, xrefs: 0041B636
@/L, xrefs: 0041B647

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$String$FreeH_prolog3$AllocFileFindFirst
String ID: -package:$@/L$@/L$@/L$Disk1$setup.exe
API String ID: 2219161657-3779836210
Opcode ID: c473039a905fffc1c6d06f2968c3b8cf6492f7ba43b9f87997c1160f71c5c0d5
Instruction ID: 7a0dce279f9585ff640f97ca2f15a969e3a000043eae30be66b08e4e35946bd6
Opcode Fuzzy Hash: c473039a905fffc1c6d06f2968c3b8cf6492f7ba43b9f87997c1160f71c5c0d5
Instruction Fuzzy Hash: 51D16D70900258DFCB15EBA5CD55BDDBBB8AF59304F1040EEE40AA3292DB785B48CF65

Function 004425A8 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004425AF

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

GetLastError.KERNEL32 ref: 004426A4

Strings

@/L, xrefs: 004426CE, 00442626, 00442607, 0044262D
\, xrefs: 0044260F
@/L, xrefs: 004426E6
@/L, xrefs: 0044260C
@/L, xrefs: 004425ED

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3_
String ID: @/L$@/L$@/L$@/L$\
API String ID: 2549205776-2956137688
Opcode ID: 0f7d78fbaa59fecfeb31db69327da7a1f90944f8272326812af77072cc74bf9f
Instruction ID: e2230353d362fa85eb07b59c5b4e32cf780bde26922efe29a9011714be2845c6
Opcode Fuzzy Hash: 0f7d78fbaa59fecfeb31db69327da7a1f90944f8272326812af77072cc74bf9f
Instruction Fuzzy Hash: B941D6B1800118DFDB14EFE5C991AEE7B78BF14358F50012FF815A7292EBB85A09CB59

Function 00415549 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 67fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00415553
__CxxThrowException@8.LIBCMT ref: 004155C9
ReadFile.KERNELBASE(?,?,?,?,00000000,0000010C,004243E8,?,00000003,00000000,00000000,00000000,00000000,00000000,00000010,004246AC), ref: 004155DB

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

lJ, xrefs: 004155F4
dJ, xrefs: 004155EA
lJ, xrefs: 0041559D
dJ, xrefs: 004155AB, 004155AE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 5ea0c83c10e0d5e5ca63a62e423cf8e5e853447ca6b2fdffd30cfa118fc4354d
Instruction ID: 757f649c0f24d707cddd3cc6026ecbff9cc7938ff61cd9537476a12cee485af9
Opcode Fuzzy Hash: 5ea0c83c10e0d5e5ca63a62e423cf8e5e853447ca6b2fdffd30cfa118fc4354d
Instruction Fuzzy Hash: 5D212CB5900218EBCB14DF91CC81EEEB7BCBF54314F50855FE915A3141DB74AA89CB98

Function 0042AB1A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 67fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042AB24
__CxxThrowException@8.LIBCMT ref: 0042AB9A
ReadFile.KERNELBASE(?,?,?,?,00000000,0000010C,00434682,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042ABAC

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 0042AB7C, 0042AB7F
dJ, xrefs: 0042ABBB
lJ, xrefs: 0042ABC5
lJ, xrefs: 0042AB6E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 19f9ac9d706e84f5d46b405a4feb770c755ebe34e4231ff0f22edfdcf04ad7be
Instruction ID: 50163081e22a8741a6ef9c83be601ddddf0d375e3d6d594970b190840ee6b15b
Opcode Fuzzy Hash: 19f9ac9d706e84f5d46b405a4feb770c755ebe34e4231ff0f22edfdcf04ad7be
Instruction Fuzzy Hash: 85213BB5900218EBCB14DF91CC81EEEB77CBF44304F00859FFA15A3141DB74AA89CA59

Function 0041AA5A Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041AA64

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00448D7A: __EH_prolog3_GS.LIBCMT ref: 00448D81
Part of subcall function 00448D7A: RegQueryValueExW.KERNELBASE(?,?,00000000,00000008,00000000,@/L,0000005C,0041AB68,?,-80000001,?,?), ref: 00448DF6

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 004160F7: __EH_prolog3.LIBCMT ref: 004160FE

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 0041AE03: __EH_prolog3_GS.LIBCMT ref: 0041AE0D
Part of subcall function 0041AE03: SysStringLen.OLEAUT32(?), ref: 0041AF0D
Part of subcall function 0041AE03: SysFreeString.OLEAUT32(?), ref: 0041AF18

Strings

@/L, xrefs: 0041AA96
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 0041AB16
@/L, xrefs: 0041AB25
UninstallString, xrefs: 0041AB00
@/L, xrefs: 0041AB94

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$H_prolog3_$FreeH_prolog3$AllocQueryValue
String ID: @/L$@/L$@/L$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$UninstallString
API String ID: 582199494-1771472271
Opcode ID: df9a4248d1495f1c2f2abb696d0f4232e13e640dc00c91f9cafa900a93e24cc4
Instruction ID: 2133936ac230856c8cd993649dd183d126aef40e66d99f475f238cbc8be83664
Opcode Fuzzy Hash: df9a4248d1495f1c2f2abb696d0f4232e13e640dc00c91f9cafa900a93e24cc4
Instruction Fuzzy Hash: 62715071900258EEDB25EBA5CC91BEEB7B8AF14304F1440DEE44963192DBB85F88CF65

Function 0041A1F5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 128fileCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 0041A222

Part of subcall function 0041AFCF: CompareStringA.KERNELBASE(00000400,00000001,?,00000008,?,000000FF,?,00000000,?,?,0041A23E,.debug,?), ref: 0041AFF7

GetSystemInfo.KERNELBASE(?), ref: 0041A2D6
MapViewOfFile.KERNELBASE(?,00000004,00000000,?,?,?), ref: 0041A2F8

Strings

.debug, xrefs: 0041A231
.rdata, xrefs: 0041A263
.text, xrefs: 0041A276

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CompareFileInfoQueryStringSystemViewVirtual
String ID: .debug$.rdata$.text
API String ID: 2597005349-733372908
Opcode ID: 523184ae0b0de6f3e55d0c113f4fe987be42d1687d59bfc980439c151a559eab
Instruction ID: 46f27250027f57cc5518d663b895eec603ef4a01fc78586ed2f5d97e3ef76f8b
Opcode Fuzzy Hash: 523184ae0b0de6f3e55d0c113f4fe987be42d1687d59bfc980439c151a559eab
Instruction Fuzzy Hash: 7E41AF72A01209AFDB04CF55D884ADEB7B5FF84320B24812BEC1497341DB34E960CB55

Function 004018F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 0040192B
RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000), ref: 00401964
RegCloseKey.ADVAPI32(00000000), ref: 00401977

Strings

Advapi32.dll, xrefs: 0040190F
RegOpenKeyTransactedW, xrefs: 00401925

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressCloseHandleModuleOpenProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 823179699-3913318428
Opcode ID: 6ee1d71fa988bb30e016b90a3485b7a829df65091cdd77d6608e423e28bc6611
Instruction ID: 666d2447c34f23843a47037dd86c3aafb36c38135b32122c0204c92dcdb19132
Opcode Fuzzy Hash: 6ee1d71fa988bb30e016b90a3485b7a829df65091cdd77d6608e423e28bc6611
Instruction Fuzzy Hash: 181190B5200205EBEF248F56CC54FABBBA8EB55700F14403AF905B72A0D7B9DD40DB69

Function 00423878 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00423882
InterlockedDecrement.KERNEL32(00000000), ref: 00423892
CloseHandle.KERNELBASE(000000FF), ref: 004238BA
__CxxThrowException@8.LIBCMT ref: 00423900

Part of subcall function 0042393F: InterlockedDecrement.KERNEL32(004D9B10), ref: 00423964

Strings

lJ, xrefs: 004238D3
dJ, xrefs: 004238E5, 004238E8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: DecrementInterlocked$CloseException@8H_prolog3_HandleThrow
String ID: dJ$lJ
API String ID: 104201321-817211891
Opcode ID: 48d1e828990cfd613b80ca097ecd3cd2b51b63bd2aa8d613dee8ef8416eb8bc6
Instruction ID: 7255c558e0f31a824aed04fa6c2964e07d47cf900ee808a719c10db471b8f681
Opcode Fuzzy Hash: 48d1e828990cfd613b80ca097ecd3cd2b51b63bd2aa8d613dee8ef8416eb8bc6
Instruction Fuzzy Hash: 9E110C70500314DFCB20AF62DC09B6BB7B4BF01316F50851FE456925A1EBBCAA54CF48

Function 0044A2D3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32,GetNativeSystemInfo,?,00445F90,?), ref: 0044A2E0
GetProcAddress.KERNEL32(00000000), ref: 0044A2E7
GetSystemInfo.KERNEL32(00445F90,?,00445F90,?), ref: 0044A2F4
GetNativeSystemInfo.KERNELBASE(00445F90,?,00445F90,?), ref: 0044A2FC

Strings

GetNativeSystemInfo, xrefs: 0044A2D6
kernel32, xrefs: 0044A2DB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProc
String ID: GetNativeSystemInfo$kernel32
API String ID: 3433367815-3846845290
Opcode ID: 256408497a1f18058d8b92a3c99123d6efa964475f3e904f55bcd00cd31760d0
Instruction ID: eeda1bff8ae2d38d38734f80f42187ee96ac42355eff14b92fb034eb7986a4c9
Opcode Fuzzy Hash: 256408497a1f18058d8b92a3c99123d6efa964475f3e904f55bcd00cd31760d0
Instruction Fuzzy Hash: 50D0C932181209AB9F002BE2AC09AAA3F6CAA46B593500466F919C1120DBAA90915B6E

Function 0044160B Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00441615

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004470DB: __EH_prolog3.LIBCMT ref: 004470E2

GetLastError.KERNEL32 ref: 0044165A

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

Part of subcall function 004451AC: __EH_prolog3_GS.LIBCMT ref: 004451B6
Part of subcall function 004451AC: __CxxThrowException@8.LIBCMT ref: 00445218
Part of subcall function 004451AC: GetFileTime.KERNEL32(?,@/L,?,?,00000108,004417D5,?,?,?,004AFFB8,80000000,00000001,00000080,00000003,00000000,00000000), ref: 00445222

Strings

@/L, xrefs: 004418FE
@/L, xrefs: 004416C5, 004416C8, 004416CE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_H_prolog3_catch_ThrowTime
String ID: @/L$@/L
API String ID: 2981398202-2149722323
Opcode ID: 85e016719b8b33cfd0f09d823e5ec6da03f633cc15f46443cbfc85a2752781da
Instruction ID: d24d2329456ce2d65250a96b37950dba0df017dd7ff9d5dc863a5a96e2a9edb2
Opcode Fuzzy Hash: 85e016719b8b33cfd0f09d823e5ec6da03f633cc15f46443cbfc85a2752781da
Instruction Fuzzy Hash: C1B1D2B1801158EFEB10EB64CD41BEE7B78AB01318F50429FF82962291EB744F89CB65

Function 0044DA4D Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044DA57

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044D5E6: __EH_prolog3_GS.LIBCMT ref: 0044D5ED

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Strings

@/L, xrefs: 0044DAE7
@/L, xrefs: 0044DB17
@/L, xrefs: 0044DBB9
], xrefs: 0044DB87

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$H_prolog3
String ID: @/L$@/L$@/L$]
API String ID: 532146472-2667237272
Opcode ID: b71f619c33c29a8c8f49208b69c4804673f0f92c5a3190c09f29909a3fdeb4a0
Instruction ID: 70d7903d7185445953a6820a8f3bb1263b7c72cf5dde4c93e5d95424a7bf9854
Opcode Fuzzy Hash: b71f619c33c29a8c8f49208b69c4804673f0f92c5a3190c09f29909a3fdeb4a0
Instruction Fuzzy Hash: 7EA16E71C00118EEDB11EBA5C891BDDB7B8AF15304F5040EEE50AA3292EF74AB48CF65

Function 00448D7A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00448D81

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

RegQueryValueExW.KERNELBASE(?,?,00000000,00000008,00000000,@/L,0000005C,0041AB68,?,-80000001,?,?), ref: 00448DF6

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 0043F577: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,@/L,00448E3A,00000000,?,004C2F40,?,@/L), ref: 0043F598

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

@/L, xrefs: 00448E63
@/L, xrefs: 00448DA3
@/L, xrefs: 00448DE1, 00448E02, 00448DE4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_QueryStringValue$AllocCloseHandleModule
String ID: @/L$@/L$@/L
API String ID: 3053678408-1531812684
Opcode ID: 4c486697b45943db6790c2a3bad397bb15af9783075c9477767f6add4e3a0c16
Instruction ID: ac7b5066a87a6bc5963b6742557b43daf190e8c0cacba5cf6ef970dab64e48b7
Opcode Fuzzy Hash: 4c486697b45943db6790c2a3bad397bb15af9783075c9477767f6add4e3a0c16
Instruction Fuzzy Hash: 6D310671800259DFCB05EF96C9919DEBBB8FF14348F50406EE905A7291DB74AE09CBA4

Function 00424725 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69fileCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0042472C

Part of subcall function 00423917: CloseHandle.KERNELBASE(000000FF,?,0041772A,00000004,00417C5E), ref: 0042392F

Part of subcall function 00423728: SysFreeString.OLEAUT32(?), ref: 0042373F

CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000008,https://,00000000,00000000,00000007,http://,00000000,?), ref: 00424786

Strings

https://, xrefs: 0042475F
http://, xrefs: 0042474A
toys::file_lite, xrefs: 004247B6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseCreateFileFreeH_prolog3HandleString
String ID: http://$https://$toys::file_lite
API String ID: 2776890527-1216559337
Opcode ID: f02858795b7956b8c4d53060d4865e4b902a8d173abf471bdebfa51244a2374f
Instruction ID: ece361843483dfe05cf74526d90ecfbec4639c66712ea21b889fcf728ede2be3
Opcode Fuzzy Hash: f02858795b7956b8c4d53060d4865e4b902a8d173abf471bdebfa51244a2374f
Instruction Fuzzy Hash: 8411E7B0740318BEEB00AF61DC82FAE26A8DF51788F50452FB855671D1DBBC9E44865C

Function 004247F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57sleepfileCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004247F9

Part of subcall function 00423917: CloseHandle.KERNELBASE(000000FF,?,0041772A,00000004,00417C5E), ref: 0042392F

Part of subcall function 00423728: SysFreeString.OLEAUT32(?), ref: 0042373F

Sleep.KERNEL32(000001F4), ref: 00424856
CreateFileW.KERNELBASE(?,40000000,00000001,00000000,?,00000080,00000000,?,00000000,00000008,https://,00000000,00000000,00000007,http://,00000000), ref: 0042487E

Strings

https://, xrefs: 0042482E
http://, xrefs: 00424819

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseCreateFileFreeH_prolog3HandleSleepString
String ID: http://$https://
API String ID: 3362797072-1916535328
Opcode ID: d15c3b2e4cc9b1c3664176d60957613eb7b11e12d76b82f24c125ef1abf823a9
Instruction ID: 334e56836ecba030501e313b09b58f10a383e7a31440978c8db872e13c16adc2
Opcode Fuzzy Hash: d15c3b2e4cc9b1c3664176d60957613eb7b11e12d76b82f24c125ef1abf823a9
Instruction Fuzzy Hash: D61127B4240216BFDF10EF61DC82BAE3678EF44349F40462BB525671D1DBBC9A858748

Function 0043AF40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043AF4A
WriteFile.KERNELBASE(?,?,?,?,00000000,00000088,0048A746,?,00000000,004AFFB8,40000000,00000001,00000080,00000002,00000000,00000000), ref: 0043AF6E

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416910: __EH_prolog3.LIBCMT ref: 00416917

__CxxThrowException@8.LIBCMT ref: 0043AFB3

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Strings

dJ, xrefs: 0043AF80
lJ, xrefs: 0043AF87

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$ExceptionException@8FileH_prolog3_RaiseThrowWrite
String ID: dJ$lJ
API String ID: 3362004152-817211891
Opcode ID: 292b03e786742d12df5be763c2d7074ebfcda4d03bab2b24b027d1c949061d90
Instruction ID: 8fda84865bcee345883bac21e4513330d2e3b4510c507b3030c9d7ca402fde36
Opcode Fuzzy Hash: 292b03e786742d12df5be763c2d7074ebfcda4d03bab2b24b027d1c949061d90
Instruction Fuzzy Hash: 7B011AB1900218EFDB10EBA1CC81FAEB37CFB14314F10856EF959A6191DB74AE49CB58

Function 00421F5D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00421F67

Part of subcall function 0044880F: __EH_prolog3_GS.LIBCMT ref: 00448816
Part of subcall function 0044880F: RegEnumKeyW.ADVAPI32(?,00000000,00000000,00000105), ref: 004488A2

Strings

@/L, xrefs: 00422029
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 00421F9C, 00422016
ProductGuid, xrefs: 00422000

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$Enum
String ID: @/L$ProductGuid$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
API String ID: 1600297748-2925473471
Opcode ID: cafd581f61d6678046556c0699cbdfc97a9eb13c1823e74cfec9ae701baf5d19
Instruction ID: bf98871ca9daf05328db170f2a05c5691e57a03d0f2efade93cd812357568720
Opcode Fuzzy Hash: cafd581f61d6678046556c0699cbdfc97a9eb13c1823e74cfec9ae701baf5d19
Instruction Fuzzy Hash: B6411631A00259BEDB11EBB5C902BEEB7B8BF05304F44009FE544A3182DB785E58CBA6

Function 0044880F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00448816

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

RegEnumKeyW.ADVAPI32(?,00000000,00000000,00000105), ref: 004488A2

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

@/L, xrefs: 00448867
@/L, xrefs: 004488ED

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_String$AllocCloseEnumHandleModule
String ID: @/L$@/L
API String ID: 1559478826-2149722323
Opcode ID: 27df914eb52c517f2b5d23b4c404d9ce80e09d56837233ce453c89fb6ebefe69
Instruction ID: 0862246865320fa8c614a0330e91448f7e826122adb17bd63a28118c75009012
Opcode Fuzzy Hash: 27df914eb52c517f2b5d23b4c404d9ce80e09d56837233ce453c89fb6ebefe69
Instruction Fuzzy Hash: BC217C70D0035CDEDB01EF95C855BDDBBB4BF14308F50806EE801AB292DBB85A49DB59

Function 0041CE7E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0041CE85

Part of subcall function 00415F99: __EH_prolog3.LIBCMT ref: 00415FA0
Part of subcall function 00415F99: GetLastError.KERNEL32(00000004,004522CF,00000001,00000004,00452D7F,00000000,?), ref: 00415FC8
Part of subcall function 00415F99: SetLastError.KERNEL32(00000008), ref: 00415FED

SysStringLen.OLEAUT32(?), ref: 0041CEA9

Part of subcall function 00417173: GetLastError.KERNEL32 ref: 0041718A
Part of subcall function 00417173: SysFreeString.OLEAUT32(?), ref: 00417197
Part of subcall function 00417173: SetLastError.KERNEL32(?), ref: 004171B1
Part of subcall function 00417173: GetLastError.KERNEL32 ref: 004171C0
Part of subcall function 00417173: SysFreeString.OLEAUT32(?), ref: 004171DD
Part of subcall function 00417173: SetLastError.KERNEL32(?), ref: 004171ED

Part of subcall function 00424150: SysStringLen.OLEAUT32(?), ref: 00424162

CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,00000001,00000000,?,00000001,00000001), ref: 0041CEE9

Strings

\, xrefs: 0041CF01

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$FreeH_prolog3$CreateDirectory
String ID: \
API String ID: 3191628259-2967466578
Opcode ID: 0599958a989978f6a3c606978017d200c30cad898d6e6d56deb8c7206896d7a2
Instruction ID: 2e0b952217a3054a8dc745cb1fbad507815e893f9c24dfac76098aaeef5473f2
Opcode Fuzzy Hash: 0599958a989978f6a3c606978017d200c30cad898d6e6d56deb8c7206896d7a2
Instruction Fuzzy Hash: 59110A71800209AECB00EFE5C885DEEBB79EF18349F00841BF51166291DB785A49CFA8

Function 0045C169 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0045C181

Part of subcall function 0045D6BB: __FF_MSGBANNER.LIBCMT ref: 0045D6D2
Part of subcall function 0045D6BB: __NMSG_WRITE.LIBCMT ref: 0045D6D9
Part of subcall function 0045D6BB: RtlAllocateHeap.NTDLL(00540000,00000000,00000001,00000000,?,00000000,?,00469FAC,00000008,00000008,00000008,?,?,00463326,00000018,004D1140), ref: 0045D6FE

std::exception::exception.LIBCMT ref: 0045C19D
__CxxThrowException@8.LIBCMT ref: 0045C1B2

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Strings

M, xrefs: 0045C1C6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
String ID: M
API String ID: 3074076210-1509087228
Opcode ID: f370604034ebb9023af3bb48c00bab255d4b8208b9f1e33c9cc197d90bd6f1ca
Instruction ID: ab6835afcc36a44ea13adfcc277e871d0861d516d0f772babc60f854880cee70
Opcode Fuzzy Hash: f370604034ebb9023af3bb48c00bab255d4b8208b9f1e33c9cc197d90bd6f1ca
Instruction Fuzzy Hash: BDF08C3140020EBECF01AFA5CC42ADE7BAAAF04355F10401AFD0855192DB759629AAAA

Function 00408F6D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00408F74
GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Strings

|-L, xrefs: 00408FA7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3
String ID: |-L
API String ID: 3502553090-4259979122
Opcode ID: cfc2000ee13a5fea6fa1c3e4b53b8b5579969b4e49a6ef0b610d8f3ceed3100f
Instruction ID: 11c2ddc2d380f58d602622aad08fd9f85eeb82a680d69af7e01571d9ba459ec7
Opcode Fuzzy Hash: cfc2000ee13a5fea6fa1c3e4b53b8b5579969b4e49a6ef0b610d8f3ceed3100f
Instruction Fuzzy Hash: 450146B5500612EFCB019F19C944A59BBF4FF18705B01822EF8148BB51C7B8E960CFC8

Function 00401B80 Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
SysFreeString.OLEAUT32(00000000), ref: 00401BAB
SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction ID: 87582723e2ee77c9659d4f9fbdc80b87d3f6132b9e241a893794d654d51cb242
Opcode Fuzzy Hash: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction Fuzzy Hash: 1AF0F435400512EFD7009F1AE948A40FBB5FF49329B15826AE81893A31DB71F9B4CFC8

Function 0044D5E6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044D5ED

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00433F0A: __EH_prolog3_GS.LIBCMT ref: 00433F14

Strings

@/L, xrefs: 0044D612
@/L, xrefs: 0044D638

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$H_prolog3
String ID: @/L$@/L
API String ID: 532146472-2149722323
Opcode ID: 0c9864413f560e2181511a92a6b3e5d2c8110550a0e764e14a4b59285d49165d
Instruction ID: a7fdae8bbe90649986b60283a3b181dd8e8d809a7fbc7a59daf10507d4c4f308
Opcode Fuzzy Hash: 0c9864413f560e2181511a92a6b3e5d2c8110550a0e764e14a4b59285d49165d
Instruction Fuzzy Hash: 2531B171900108EADB14EFE5CC81EDEBB78AF55348F10402EF915A7282DB786D09CB65

Function 00424632 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00423878: __EH_prolog3_GS.LIBCMT ref: 00423882
Part of subcall function 00423878: InterlockedDecrement.KERNEL32(00000000), ref: 00423892
Part of subcall function 00423878: CloseHandle.KERNELBASE(000000FF), ref: 004238BA
Part of subcall function 00423878: __CxxThrowException@8.LIBCMT ref: 00423900

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

Part of subcall function 0045C169: std::exception::exception.LIBCMT ref: 0045C19D
Part of subcall function 0045C169: __CxxThrowException@8.LIBCMT ref: 0045C1B2

GetLastError.KERNEL32(000000FF,00000000,80400100,?,00000000,0044208C,004AFFB8,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000,0000013C), ref: 00424714

Strings

toys::file, xrefs: 004246D4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$CloseDecrementErrorH_prolog3H_prolog3_HandleInterlockedLast_mallocstd::exception::exception
String ID: toys::file
API String ID: 2011250969-314977804
Opcode ID: fc56c29554c70d287dd3ce6b52f1851ad24c07adff85fa0d527a3b2e31bbbece
Instruction ID: 7a66d1111341c666b0ff6e124b5620924924d1741a0c7ee76a3493a771a79ac9
Opcode Fuzzy Hash: fc56c29554c70d287dd3ce6b52f1851ad24c07adff85fa0d527a3b2e31bbbece
Instruction Fuzzy Hash: 30210270700315AFDF14AFA1A881A6E37A5EF86348F50402EF9569B292CB3DDC11CB29

Function 004081C0 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

SysAllocStringLen.OLEAUT32(00000000,?), ref: 00408209
_memmove.LIBCMT ref: 00408231
SysFreeString.OLEAUT32(004D9420), ref: 00408241

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$AllocFree_memmove
String ID:
API String ID: 439004091-0
Opcode ID: 5fb5e50e56c7e47b454bebe101ff4f5299ac69a5b3bcd84836b3907a48ba9055
Instruction ID: b43cf874c5bbdaf5efb746692ba2c0685d91bb06690e60d7722d971cbff4e6c2
Opcode Fuzzy Hash: 5fb5e50e56c7e47b454bebe101ff4f5299ac69a5b3bcd84836b3907a48ba9055
Instruction Fuzzy Hash: 1621E772A047049FC7249FA8D5C456AB7E9EF85310320463FE8D6C77A0DF70A845C7A5

Function 0044A186 Relevance: 4.5, APIs: 3, Instructions: 44synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,?,?,?,?,?,0044A10A,?,?,00000000), ref: 0044A1A1
GetExitCodeProcess.KERNELBASE(00000000,004D99FC), ref: 0044A1B3
WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,0044A10A,?), ref: 0044A1D7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ObjectSingleWait$CodeExitProcess
String ID:
API String ID: 2567322000-0
Opcode ID: 47b73a29251ffa315961e183f003a8199950903d43f8db58838632ae1c00efe7
Instruction ID: a6349c7bb0c2c702e4d9f5e9865588b5483bcf1a3169fa8815b693a4fbee9dfe
Opcode Fuzzy Hash: 47b73a29251ffa315961e183f003a8199950903d43f8db58838632ae1c00efe7
Instruction Fuzzy Hash: 7001F9326803729BE7215F54EC8476B77A8A701761F140237FC25B23D0C7BC8C62869B

Function 0043E467 Relevance: 4.5, APIs: 3, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043E471
GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0043E48C

Part of subcall function 0040B827: __EH_prolog3.LIBCMT ref: 0040B82E
Part of subcall function 0040B827: GetLastError.KERNEL32(00000004,00416939,00000008,004238F4,dJ,00000001,?,00000000), ref: 0040B847

__CxxThrowException@8.LIBCMT ref: 0043E4AD

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: DirectoryErrorExceptionException@8H_prolog3H_prolog3_LastRaiseThrowWindows
String ID:
API String ID: 1535131608-0
Opcode ID: 4e36fab37c8558f3a1367b1bf41999e975c68be5c531f330f225eb411af9588f
Instruction ID: ff958f4271649e0e5f62b980e0cb7d377c8529007872fdfa0d0fb5959f6f5921
Opcode Fuzzy Hash: 4e36fab37c8558f3a1367b1bf41999e975c68be5c531f330f225eb411af9588f
Instruction Fuzzy Hash: 06116171A002189ACB20FB52CC89BEDB378EF15705F5041EFE549B7191DB785A898F88

Function 004075B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0040766C

Strings

string too long, xrefs: 0040769F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove
String ID: string too long
API String ID: 4104443479-2556327735
Opcode ID: a3964fa2351588386413b2bdc4c5941275361ca6a40b6bd78fc80b441018d8d0
Instruction ID: 2aab97029b4e0d26d72d430128af5ee2a3aa4b9c941feaa72b39917c82615ea0
Opcode Fuzzy Hash: a3964fa2351588386413b2bdc4c5941275361ca6a40b6bd78fc80b441018d8d0
Instruction Fuzzy Hash: 8E31C832718A049BC6349E5CE89086AF3E9FF91721320093FE447D7690DB36FC5587AA

Function 0041E051 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041E058

Part of subcall function 0041E830: __EH_prolog3_GS.LIBCMT ref: 0041E83A

Part of subcall function 0041E108: __EH_prolog3_GS.LIBCMT ref: 0041E112

Part of subcall function 0040B2A8: __EH_prolog3_GS.LIBCMT ref: 0040B2AF

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0041E062, 0041E0F6, 0041E06D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$ErrorFreeLastString
String ID: @/L
API String ID: 2278686355-3803013380
Opcode ID: bc945ff16b6d0ed2995fb2ef97eae8a78a2a7d4e73a5dcd7c5328964f522f2f0
Instruction ID: d43dc1dfd1c1d366e0ea72215a4e762f3d586d334f07ae9165dfa1a365a6cae9
Opcode Fuzzy Hash: bc945ff16b6d0ed2995fb2ef97eae8a78a2a7d4e73a5dcd7c5328964f522f2f0
Instruction Fuzzy Hash: DC110871901214EACB01FBA68851ADD77B89F15748F00406FF956A7282EB3CAB0DC3D9

Function 004198B7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004198BE

Part of subcall function 004448BB: __EH_prolog3_GS.LIBCMT ref: 004448C5
Part of subcall function 004448BB: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0000014C,004198D8,?), ref: 00444921

Strings

|-L, xrefs: 004198E9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AllocateH_prolog3H_prolog3_Initialize
String ID: |-L
API String ID: 2231948254-4259979122
Opcode ID: df9c2ebbbd5aee6dc787c1d0fdeef885944cdeb5720d53540bd226ff44c2579a
Instruction ID: 2809e8d2b4c3faa5a8e81246fc108352b0dc2c1221e72939130a15a3242d449d
Opcode Fuzzy Hash: df9c2ebbbd5aee6dc787c1d0fdeef885944cdeb5720d53540bd226ff44c2579a
Instruction Fuzzy Hash: 72F0C271A002056BEB00BB65C903BDE7B689F11B15F10006AF9046A2D2C7794F4587CA

Function 0044A0B9 Relevance: 3.1, APIs: 2, Instructions: 79COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001FFFFF,00000001,00000000), ref: 0044A143
CloseHandle.KERNEL32(?), ref: 0044A163

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseHandleOpenProcess
String ID:
API String ID: 39102293-0
Opcode ID: 058ab2cadc50432d22addfb1e7a2b3727e989381a9dd5f2e60146ef8b3f8739f
Instruction ID: 303365f954ea690ef316d0ea2206777c33a968c41db78a4177581de524328a4c
Opcode Fuzzy Hash: 058ab2cadc50432d22addfb1e7a2b3727e989381a9dd5f2e60146ef8b3f8739f
Instruction Fuzzy Hash: 2421A571A81609BBFF125E65DD46BAB37A8AF00344F08402AFD10D6391E779CD7096AB

Function 004199FF Relevance: 3.1, APIs: 2, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a380af8c49e81da325641f793c3316773586ba9f4006d4935bfe4379c1f45da
Instruction ID: 58e0045d7d6f8f9b5b65513340df0367d2d4103165b97ae2735c2a79332c1d3b
Opcode Fuzzy Hash: 7a380af8c49e81da325641f793c3316773586ba9f4006d4935bfe4379c1f45da
Instruction Fuzzy Hash: 2311E739254391D5CF206BE694212EAF3B8AF92B84710040FED5293752D7B97C89C76E

Function 00469AED Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtCorExitProcess.LIBCMT ref: 00469AF3

Part of subcall function 00469ABB: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,MF,?,?,00469AF8,00000008,?,0045D6E8,000000FF,0000001E,00000000,?,00000000,?,00469FAC), ref: 00469ACA
Part of subcall function 00469ABB: GetProcAddress.KERNEL32(MF,CorExitProcess), ref: 00469ADC

ExitProcess.KERNEL32 ref: 00469AFC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: c5659f21324d10b2033b40b7ee3689cdf1ae860aaabf9acc87adb8bdf902fe97
Instruction ID: aa2cfe5421c62c74bc02cdffb4acc113a6f87016791dd0d9fb1beb9049ac7786
Opcode Fuzzy Hash: c5659f21324d10b2033b40b7ee3689cdf1ae860aaabf9acc87adb8bdf902fe97
Instruction Fuzzy Hash: 30B09231000108BBEB012F52DC0E8883F6DEB01790B008425F81508175EBB2AD929A89

Function 0042432C Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00424333

Part of subcall function 00425464: __EH_prolog3_GS.LIBCMT ref: 0042546E
Part of subcall function 00425464: __CxxThrowException@8.LIBCMT ref: 004254D3
Part of subcall function 00425464: GetFileSize.KERNEL32(?,?,00000108,00424345,00000000,00000010,004246AC,?,?,?,?,?,?,00000000), ref: 004254DC
Part of subcall function 00425464: GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004254E9

Part of subcall function 004252EC: __EH_prolog3_GS.LIBCMT ref: 004252F6
Part of subcall function 004252EC: __CxxThrowException@8.LIBCMT ref: 0042535A
Part of subcall function 004252EC: SetFilePointer.KERNELBASE(?,?,?,?,00000108,0042442C,00000000,00000000,00000000,00000000,00000000,00000010,004246AC), ref: 00425366
Part of subcall function 004252EC: GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004253B9

Part of subcall function 00415549: __EH_prolog3_GS.LIBCMT ref: 00415553
Part of subcall function 00415549: __CxxThrowException@8.LIBCMT ref: 004155C9
Part of subcall function 00415549: ReadFile.KERNELBASE(?,?,?,?,00000000,0000010C,004243E8,?,00000003,00000000,00000000,00000000,00000000,00000000,00000010,004246AC), ref: 004155DB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8FileH_prolog3_Throw$ErrorLast$H_prolog3_catchPointerReadSize
String ID:
API String ID: 2159634448-0
Opcode ID: 500855b1677724a8cc5570667c0c80bc56a84ea79e9f84727f41942d5ba3cddd
Instruction ID: 6f042c7f5be1895180e12ea151be4674697b2fd49855ba8023a2fcefa1d4d327
Opcode Fuzzy Hash: 500855b1677724a8cc5570667c0c80bc56a84ea79e9f84727f41942d5ba3cddd
Instruction Fuzzy Hash: E5213970B0076999DF30E7A954417BFAAB9AB91328F90024FE5A2922D2C77C4D41935E

Function 0041CC74 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041CC7E

Part of subcall function 00416831: __EH_prolog3.LIBCMT ref: 00416838

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00425464: __EH_prolog3_GS.LIBCMT ref: 0042546E
Part of subcall function 00425464: __CxxThrowException@8.LIBCMT ref: 004254D3
Part of subcall function 00425464: GetFileSize.KERNEL32(?,?,00000108,00424345,00000000,00000010,004246AC,?,?,?,?,?,?,00000000), ref: 004254DC
Part of subcall function 00425464: GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004254E9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3$FreeH_prolog3_String$Exception@8FileSizeThrow
String ID:
API String ID: 3623232617-0
Opcode ID: c7b2f82b0f4b9c531a8da231bdb127b1bb70e48dab3d39d7b2e8eb981d3cec6f
Instruction ID: 180204596517c0e9b6ac9009096acaf67d3b5e0577b6137ead57bd40ceddf8f6
Opcode Fuzzy Hash: c7b2f82b0f4b9c531a8da231bdb127b1bb70e48dab3d39d7b2e8eb981d3cec6f
Instruction Fuzzy Hash: 36215E31900218DEEB14EBA4CC55BDDB7B8BF10319F5041AEE445A7192EB38AE49CB55

Function 00433F0A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00433F14

Part of subcall function 00416831: __EH_prolog3.LIBCMT ref: 00416838

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3$FreeString$H_prolog3_
String ID:
API String ID: 1866482717-0
Opcode ID: 0c174d9e8a622111c3349750f0b1c3fc2fac5159bf5255620a50b2a261bc2a8f
Instruction ID: 5bcea37284075e25d5198c2aa56f72f07ba9248de4b731e2aa7ee767efa03dfb
Opcode Fuzzy Hash: 0c174d9e8a622111c3349750f0b1c3fc2fac5159bf5255620a50b2a261bc2a8f
Instruction Fuzzy Hash: 6C21A130801258DBDB21EF94C841BDDBB70BF14708F54809EF984A7282DB786F49CBA4

Function 00434698 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0043469F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: c315891d4d42ed6812b04c74ac90575924ca375c0f3912b782645ced92bc139b
Instruction ID: d0641d1f687521412102d89772f4c76c1110b4f3c346837fc0c295e9d452b566
Opcode Fuzzy Hash: c315891d4d42ed6812b04c74ac90575924ca375c0f3912b782645ced92bc139b
Instruction Fuzzy Hash: 36F0F6B2A000205BCB15BE658D434BEA1AAEBE8704F04283FF91197353DA3C6E40869C

Function 0041AFCF Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CompareStringA.KERNELBASE(00000400,00000001,?,00000008,?,000000FF,?,00000000,?,?,0041A23E,.debug,?), ref: 0041AFF7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: 20a314cae8d14066ab1c315db32f16a6f30b3824b53d335ad9eeebe919a7255f
Instruction ID: 530d9d599951c99dcc0185d0d228e63b42ac07b487ab74325c1618bcfae99184
Opcode Fuzzy Hash: 20a314cae8d14066ab1c315db32f16a6f30b3824b53d335ad9eeebe919a7255f
Instruction Fuzzy Hash: E9F0E53234412576DB114A965C81AE7FB59EB06770F518222FA38A6180D7B5ECC292E8

Function 0042508B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 004250A7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: d4ac50bccea01211118c50626b05f59935f398a5f128bbe2cdea3913c471716a
Instruction ID: 6ce1b97a90a1347bbbf41986e1d0e4c0939c7b018aad587f643f27bf801551af
Opcode Fuzzy Hash: d4ac50bccea01211118c50626b05f59935f398a5f128bbe2cdea3913c471716a
Instruction Fuzzy Hash: B5F0E532200118FFCF009F40CC40E99BB6DEF06755F108165BE145A0A1D332DE12EBD4

Function 004470DB Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004470E2

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 004425A8: __EH_prolog3_GS.LIBCMT ref: 004425AF
Part of subcall function 004425A8: GetLastError.KERNEL32 ref: 004426A4

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3_String$H_prolog3
String ID:
API String ID: 386487564-0
Opcode ID: bb416fd25fe376ab0b7eee05979aeb2bfe3b8989df880676763b4553eb18912c
Instruction ID: eeda302224e1e2d715bd7bc18639648045e25d061f8b8f5264039f371051b528
Opcode Fuzzy Hash: bb416fd25fe376ab0b7eee05979aeb2bfe3b8989df880676763b4553eb18912c
Instruction Fuzzy Hash: 81D0C2A49111007AEB0CBB26C8179AD37288F11354B40502FFC15473A2EA7C560C81ED

Function 00425414 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,?,000000FF,?), ref: 0042542F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 6180d160bf37eafee95e332dd2cfcb138bc450929d0c8947b1cf6e744e2f61e0
Instruction ID: 6c1d035aab9d24d55cc3c180fec6a0c56823e5c399f9d78deba1b07ba70a0e0b
Opcode Fuzzy Hash: 6180d160bf37eafee95e332dd2cfcb138bc450929d0c8947b1cf6e744e2f61e0
Instruction Fuzzy Hash: 30E0DF31100109FFCB00DF50D905E99BF78FF02329F208198F4194A2A0C336EA12EF95

Function 00425F8F Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00425FA2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 9bbfac0eb4c3612a7822d6e7e9d00e82deabb6554d21890c00abd8639293d43b
Instruction ID: 59e2199c77b72c2af7b3068cab168a224e5da579144f00fc689edbda4a8099af
Opcode Fuzzy Hash: 9bbfac0eb4c3612a7822d6e7e9d00e82deabb6554d21890c00abd8639293d43b
Instruction Fuzzy Hash: 4ED01736200108BBDB059B91CD06E997BACEB09360F108264BA26850A0D772DE109B50

Function 004018C0 Relevance: 1.5, APIs: 1, Instructions: 15registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,?,0040E90B), ref: 004018CA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 913714d106289af44a3233bedb904f0d2cfd092c40a8ecab6c1ddbfcccfbf739
Instruction ID: 35568107ca6a2d1c2ae5aa4ac90370f89ea05eb17667ed646162b5df9abaad68
Opcode Fuzzy Hash: 913714d106289af44a3233bedb904f0d2cfd092c40a8ecab6c1ddbfcccfbf739
Instruction Fuzzy Hash: 9ED0C9715097208BD7709F2DF9047837BE8AF04710F15886EE499D3644D7B8DC818B94

Function 004176D4 Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004176DB

Part of subcall function 00423878: __EH_prolog3_GS.LIBCMT ref: 00423882
Part of subcall function 00423878: InterlockedDecrement.KERNEL32(00000000), ref: 00423892
Part of subcall function 00423878: CloseHandle.KERNELBASE(000000FF), ref: 004238BA
Part of subcall function 00423878: __CxxThrowException@8.LIBCMT ref: 00423900

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString$CloseDecrementException@8H_prolog3H_prolog3_HandleInterlockedThrow
String ID:
API String ID: 1651332858-0
Opcode ID: 66c70106b11f875f12e948a588e9645b5f6bfb61fe69adafccc8b296f8bbef83
Instruction ID: c9b6578549235cf6f3dbc7e3a3525ac85d01a6b0fd05b1095f0ee83cd0c0895b
Opcode Fuzzy Hash: 66c70106b11f875f12e948a588e9645b5f6bfb61fe69adafccc8b296f8bbef83
Instruction Fuzzy Hash: 01D0A9B0D002109BDB04BF96800236C72F4EF1031AF80885FF6402B283DBBC0A08C79C

Function 0042382A Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?,00000000,00441FA5), ref: 0042383D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: b61493307950c84b608308377377f83a7f5e9d1cd166965de3d354f56a6fadc7
Instruction ID: ae8555a7cb1c572486ceaff3455ae899c07b9457a7eadcf2c98346052d023e21
Opcode Fuzzy Hash: b61493307950c84b608308377377f83a7f5e9d1cd166965de3d354f56a6fadc7
Instruction Fuzzy Hash: ACC012312181228AC6242E3DBC0054276E86B41731364076EA0F0862F0D7248D828654

Function 00469F07 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

_doexit.LIBCMT ref: 00469F11

Part of subcall function 00469DD8: __lock.LIBCMT ref: 00469DE6
Part of subcall function 00469DD8: DecodePointer.KERNEL32(004D1430,0000001C,00469CED,00000008,00000001,00000000,?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E25
Part of subcall function 00469DD8: DecodePointer.KERNEL32(?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E36
Part of subcall function 00469DD8: EncodePointer.KERNEL32(00000000,?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E4F
Part of subcall function 00469DD8: DecodePointer.KERNEL32(-00000004,?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E5F
Part of subcall function 00469DD8: EncodePointer.KERNEL32(00000000,?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E65
Part of subcall function 00469DD8: DecodePointer.KERNEL32(?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E7B
Part of subcall function 00469DD8: DecodePointer.KERNEL32(?,00469C2E,000000FF,?,00463260,00000011,00000000,?,00464E54,0000000D), ref: 00469E86
Part of subcall function 00469DD8: __initterm.LIBCMT ref: 00469EAE
Part of subcall function 00469DD8: __initterm.LIBCMT ref: 00469EBF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Pointer$Decode$Encode__initterm$__lock_doexit
String ID:
API String ID: 3712619029-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: bc0fb77ef77f582299fd8a9fb488f4d72d36d92bd49939974ab26cb3d1d48b7a
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: 57B0127158030C33ED122542EC03F493B0C4B40B64F140032FA0C1C1E1B5E3796441CE

Function 004419A9 Relevance: 1.3, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,?,00000000,00000000,?,00000000), ref: 00441ABD

Part of subcall function 0043AF40: __EH_prolog3_GS.LIBCMT ref: 0043AF4A
Part of subcall function 0043AF40: WriteFile.KERNELBASE(?,?,?,?,00000000,00000088,0048A746,?,00000000,004AFFB8,40000000,00000001,00000080,00000002,00000000,00000000), ref: 0043AF6E
Part of subcall function 0043AF40: __CxxThrowException@8.LIBCMT ref: 0043AFB3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorException@8FileH_prolog3_LastThrowWrite
String ID:
API String ID: 1173477686-0
Opcode ID: 1f1cc8dcd34b08df47049f9d3df47d7952c91edc305944d56ed32f94a009d5a6
Instruction ID: 13f94ecd3e47981fd75c93d59434eca1597e2681fdcdec4f1924a12ce66d6809
Opcode Fuzzy Hash: 1f1cc8dcd34b08df47049f9d3df47d7952c91edc305944d56ed32f94a009d5a6
Instruction Fuzzy Hash: C631EF718011599FEB249B28CC55BEE77B9AF40364F1442DBE869B32D1E6384FC8DA24

Function 00441985 Relevance: 1.3, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,?,00000000,00000000,?,00000000), ref: 00441ABD

Part of subcall function 004496EA: __EH_prolog3_GS.LIBCMT ref: 004496F4
Part of subcall function 004496EA: SetFileTime.KERNEL32(?,@/L,?,?,00000084,00441A50,?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0044970A
Part of subcall function 004496EA: __CxxThrowException@8.LIBCMT ref: 00449750

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorException@8FileH_prolog3_LastThrowTime
String ID:
API String ID: 771044839-0
Opcode ID: 41e3570a08039da4cca0372409a84b31a0cea3d4e2712f2275a5425814aa398a
Instruction ID: 97aa90bf4b3880dd50b6f32f2bc69d5296dc4364471f20868dcbdadc326496e2
Opcode Fuzzy Hash: 41e3570a08039da4cca0372409a84b31a0cea3d4e2712f2275a5425814aa398a
Instruction Fuzzy Hash: 6C2101318001599FEB259B24CC557EE77B89F00354F1441DBE866731D1EB385FC8DA14

Function 00441A58 Relevance: 1.3, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 004176D4: __EH_prolog3.LIBCMT ref: 004176DB

GetLastError.KERNEL32(?,?,00000000,?,00000000,00000000,?,00000000), ref: 00441ABD

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3
String ID:
API String ID: 746121330-0
Opcode ID: 0fab85515939a541992bde6cc7ca6a3f627c5c29de705d7875b80225d68caadf
Instruction ID: b3e71ce7daf4c3763fb0b0746dc7499d6c9bda4d109914e63ad3d47129289c2a
Opcode Fuzzy Hash: 0fab85515939a541992bde6cc7ca6a3f627c5c29de705d7875b80225d68caadf
Instruction Fuzzy Hash: A401D4314001159FEB15AB74C85A7EC7774AF14368F5145DEF826732D2EB385FC49A14

Function 00423917 Relevance: 1.3, APIs: 1, Instructions: 14COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(000000FF,?,0041772A,00000004,00417C5E), ref: 0042392F

Part of subcall function 0042393F: InterlockedDecrement.KERNEL32(004D9B10), ref: 00423964

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseDecrementHandleInterlocked
String ID:
API String ID: 2217748519-0
Opcode ID: 7e3afa3cab65c4c4bfcc074b3dc16802bff0ad01fb72513ec71fcb362ec066b1
Instruction ID: 1a04bbf9125ed3f6d2895db98d060ad1f499ef540b6d0e15ad137bed5879aa94
Opcode Fuzzy Hash: 7e3afa3cab65c4c4bfcc074b3dc16802bff0ad01fb72513ec71fcb362ec066b1
Instruction Fuzzy Hash: DBD05B70602B118BC7345F19F509753B6F45F06B32744471E90FB429F087B86841C608

Function 00405170 Relevance: 1.3, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,0041781D), ref: 00405183

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: a02228b7d65cdfe4733a7f04c3010a86aefe6b0324a7f5084bb205d60545f0bf
Instruction ID: ddf6ed067c745a12368ff6712c0ccd030511df265d9738625be335e2a2687e02
Opcode Fuzzy Hash: a02228b7d65cdfe4733a7f04c3010a86aefe6b0324a7f5084bb205d60545f0bf
Instruction Fuzzy Hash: CCC01230A096115ADB788F2AA850B6322D8AF48300B14093EAC91EB380CA78DC818B98

Function 004509E1 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000001,?,0045091E,00000001,00000000,?,?,0045083B,00000001,00000001), ref: 004509E7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 02bc53965f6046cd0c41efb203bf0ae1cdd8c2a0326ad8be3410e072c7548079
Instruction ID: 2d9258ea693c0498e80f38f83c37258ef96db77be6c8460a30c14699e006fea5
Opcode Fuzzy Hash: 02bc53965f6046cd0c41efb203bf0ae1cdd8c2a0326ad8be3410e072c7548079
Instruction Fuzzy Hash: 09B0123800414CBBCF011F62EC044D8BFACDA0A160B40C061FCAC0A223C732A5119F94

Non-executed Functions

Function 00490B40 Relevance: 176.5, APIs: 80, Strings: 20, Instructions: 1483stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000002,?,?,0048A841,?,00000000,00000103), ref: 00490876
Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000,?,?), ref: 004908BE

GetPrivateProfileIntA.KERNEL32(?,BUTTONS,00000000,00000000), ref: 00490C3A
_memset.LIBCMT ref: 00490C6A
_memset.LIBCMT ref: 00490C7B
_memset.LIBCMT ref: 00490C95
_memset.LIBCMT ref: 00490CAF
_memset.LIBCMT ref: 00490CC9
GetSysColor.USER32(00000008), ref: 00490CD9
GetSysColor.USER32(00000011), ref: 00490CDD
GetLastError.KERNEL32 ref: 00490D15
SetLastError.KERNEL32(004C2FA8), ref: 00490D62
GetLastError.KERNEL32 ref: 00490D78
SetLastError.KERNEL32(004C2FA8), ref: 00490DBF

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

lstrcpyA.KERNEL32(00000000,00000000,?,00000000,00000000,ALL,00000003,004B1A74,00000000,00000001), ref: 00490FE3
lstrcpyA.KERNEL32(00000000,00000000,00000000), ref: 00491013

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

lstrcpyA.KERNEL32(00000000,BUTTON,00000000), ref: 004910FB
__itow.LIBCMT ref: 0049110C
lstrcatA.KERNEL32(00000000,00000000), ref: 0049111C
GetLastError.KERNEL32 ref: 00491136
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 004911CA
GetPrivateProfileIntA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00491249
GetLastError.KERNEL32 ref: 00491266
SysFreeString.OLEAUT32(00000000), ref: 00491288
SysFreeString.OLEAUT32(?), ref: 00491299

Part of subcall function 00486570: GetLastError.KERNEL32(00000000,00492C07,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 00486581
Part of subcall function 00486570: SetLastError.KERNEL32(53746547,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865B1
Part of subcall function 00486570: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865C5
Part of subcall function 00486570: SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865F5

SetLastError.KERNEL32(004C2F50), ref: 004912C8
lstrcpyA.KERNEL32(00000000,00000000), ref: 004912D9
lstrcatA.KERNEL32(00000000,004BCD28), ref: 004912E8
GetLastError.KERNEL32(?,00000104), ref: 0049131E
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 004913BA
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,00000104,?), ref: 0049145A
GetLastError.KERNEL32 ref: 00491471
SysFreeString.OLEAUT32(00000000), ref: 00491493
SysFreeString.OLEAUT32(?), ref: 004914A4
SetLastError.KERNEL32(004C2F50), ref: 004914D3
GetLastError.KERNEL32(00000000,?,00000000), ref: 00491551
SysFreeString.OLEAUT32(00000000), ref: 0049156D
SysFreeString.OLEAUT32(?), ref: 0049157E
SetLastError.KERNEL32(004AE964), ref: 004915AD
lstrcpyA.KERNEL32(00000000,00000000), ref: 004915BE
lstrcatA.KERNEL32(00000000,DOWN), ref: 004915CD
GetLastError.KERNEL32(?,00000104), ref: 00491603
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 0049169A
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,00000104,?), ref: 0049173A
GetLastError.KERNEL32 ref: 00491751
SysFreeString.OLEAUT32(00000000), ref: 00491773
SysFreeString.OLEAUT32(?), ref: 00491784
SetLastError.KERNEL32(004C2F50), ref: 004917B3
GetLastError.KERNEL32(00000000,?,00000000), ref: 0049182D
SysFreeString.OLEAUT32(00000000), ref: 00491849
SysFreeString.OLEAUT32(?), ref: 0049185A
SetLastError.KERNEL32(004AE964), ref: 0049188F
lstrcpyA.KERNEL32(00000000,00000000), ref: 004918A4
lstrcatA.KERNEL32(00000000,POS), ref: 004918B3
GetLastError.KERNEL32 ref: 004918CD
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 0049196A
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 004919F1
GetLastError.KERNEL32 ref: 00491A0C
SysFreeString.OLEAUT32(00000000), ref: 00491A2E
SysFreeString.OLEAUT32(?), ref: 00491A3F
SetLastError.KERNEL32(004C2F50), ref: 00491A6E
lstrcmpA.KERNEL32(00000000,004C2BD0), ref: 00491A92
lstrcpyA.KERNEL32(00000000,00000000), ref: 00491AD5
lstrcatA.KERNEL32(00000000,OPT), ref: 00491AE4
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00491B9D
lstrcmpA.KERNEL32(00000000,004C2BD0), ref: 00491BBE

Part of subcall function 00485E90: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485EE4
Part of subcall function 00485E90: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485F1D

Part of subcall function 0048FE10: GetLastError.KERNEL32(004B16A4,00000001,00000001,?,?,7529E860,00000000,?,?,?,?,?,?,00000000,004AB660,000000FF), ref: 0048FF96
Part of subcall function 0048FE10: SysFreeString.OLEAUT32(004AB660), ref: 0048FFB2
Part of subcall function 0048FE10: SysFreeString.OLEAUT32(00000000), ref: 0048FFBD
Part of subcall function 0048FE10: SetLastError.KERNEL32(7529E860,?,?,?,7529E860,00000000), ref: 0048FFDD

lstrcpyA.KERNEL32(00000000,00000000,00000000,?,00000001), ref: 00491C0D
lstrcatA.KERNEL32(00000000,TRNSPRNTCLR,?,?,?,?,?,?,?,?,?,?,?,00000078), ref: 00491C1C
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00491CD5
lstrcmpA.KERNEL32(00000000,004C2BD0,?,?,?,?,?,?,?,?,?,?,?,?,?,00000078), ref: 00491CF6
lstrcpyA.KERNEL32(00000000,00000000,00000000,?,00000001), ref: 00491D45
lstrcatA.KERNEL32(00000000,TXTCLR,?,?,?,?,?,?,?,?,?,?,?,0000006C), ref: 00491D54
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00491E0D
lstrcmpA.KERNEL32(00000000,004C2BD0,?,?,?,?,?,?,?,?,?,?,?,?,?,0000006C), ref: 00491E2E
GetSysColor.USER32(00000008), ref: 00491E48
lstrcpyA.KERNEL32(00000000,00000000,00000000,?,00000001), ref: 00491E81
lstrcatA.KERNEL32(00000000,DISTXTCLR), ref: 00491E90
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00491F49
lstrcmpA.KERNEL32(00000000,004C2BD0), ref: 00491F6A
GetSysColor.USER32(00000011), ref: 00491F84

Part of subcall function 00407F60: _memmove.LIBCMT ref: 00408015

wsprintfA.USER32 ref: 00491FC4
wsprintfA.USER32 ref: 0049211A

Part of subcall function 0045C169: std::exception::exception.LIBCMT ref: 0045C19D
Part of subcall function 0045C169: __CxxThrowException@8.LIBCMT ref: 0045C1B2

Part of subcall function 004862F0: _memset.LIBCMT ref: 00486301
Part of subcall function 004862F0: _memset.LIBCMT ref: 00486315

Strings

DISTXTCLR, xrefs: 00491E87
TXTCLR, xrefs: 00491D4B
P/L, xrefs: 00491EAB
x/L, xrefs: 00490D64
lJ, xrefs: 00490B40
|-L, xrefs: 00491146
T4L, xrefs: 00491EB5
TRNSPRNTCLR, xrefs: 00491C13
|-L, xrefs: 00492134
|-L, xrefs: 00491332
|-L, xrefs: 00490B8A
BUTTONS, xrefs: 00490C2F
POS, xrefs: 004918AA
x/L, xrefs: 00490D01
ALL, xrefs: 00490E80, 00490EA2, 00490ED8, 00490F32
OPT, xrefs: 00491ADB
|-L, xrefs: 004918E1
DOWN, xrefs: 004915C4
|-L, xrefs: 00491617
BUTTON, xrefs: 004910EF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$lstrcpy$PrivateProfile$lstrcat$_memset$lstrcmp$Color$ByteCharMultiWidewsprintf$Exception@8Throw__itow_malloc_memmovestd::exception::exception
String ID: ALL$BUTTON$BUTTONS$DISTXTCLR$DOWN$OPT$P/L$POS$T4L$TRNSPRNTCLR$TXTCLR$lJ$x/L$x/L$|-L$|-L$|-L$|-L$|-L$|-L
API String ID: 1098502464-2208858857
Opcode ID: 4afadc2c1574c5d765f9a2e36e55e4df8d27b0383df82c8abf002dde54009666
Instruction ID: d90ebabf519ae0549fa234705d987d1b988953ce10c5817453ccb74728b57cef
Opcode Fuzzy Hash: 4afadc2c1574c5d765f9a2e36e55e4df8d27b0383df82c8abf002dde54009666
Instruction Fuzzy Hash: E2E25871E0022A9FDF60DB61DC44BDEBBB9BB44304F0041EAE509A3291DB75AE94CF94

Function 0048A330 Relevance: 100.6, APIs: 39, Strings: 18, Instructions: 884stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0048A3A8
SetLastError.KERNEL32(lJ), ref: 0048A3F3
_memset.LIBCMT ref: 0048A43F
lstrcpyA.KERNEL32(?,NO DOUBT), ref: 0048A453
_memset.LIBCMT ref: 0048A46F
lstrcpyW.KERNEL32(?,?), ref: 0048A47F
lstrlenA.KERNEL32 ref: 0048A4B9
_memset.LIBCMT ref: 0048A4F5
lstrcpyA.KERNEL32(?,?,?,00000000,00000103,?,?,?,00000000,?), ref: 0048A511
lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 0048A51E
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,00000000,?), ref: 0048A53B
_memmove.LIBCMT ref: 0048A55C
lstrcmpiA.KERNEL32(?,skin.ini), ref: 0048A57E
GetLastError.KERNEL32 ref: 0048A686
SetLastError.KERNEL32(004AFFC0,?,00000000,000000FF), ref: 0048A6F6

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0043AF40: __EH_prolog3_GS.LIBCMT ref: 0043AF4A
Part of subcall function 0043AF40: WriteFile.KERNELBASE(?,?,?,?,00000000,00000088,0048A746,?,00000000,004AFFB8,40000000,00000001,00000080,00000002,00000000,00000000), ref: 0043AF6E
Part of subcall function 0043AF40: __CxxThrowException@8.LIBCMT ref: 0043AFB3

_memmove.LIBCMT ref: 0048A7CA
GetPrivateProfileIntA.KERNEL32(SKINS,VERSION,00000001,00000000), ref: 0048A84E
_memset.LIBCMT ref: 0048A8A7
lstrcpyA.KERNEL32(?,TEXTCOLOR,00000063,ALL,00000003,?,?,?,?,?,?,?,00000000,?), ref: 0048A8BB
GetPrivateProfileStringA.KERNEL32(ALL,?,004C2BD0,?,00000064,00000000), ref: 0048A8E4
GetSysColor.USER32(00000008), ref: 0048A8F2

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

_memset.LIBCMT ref: 0048A9BA
_memset.LIBCMT ref: 0048A9CB

Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000002,?,?,0048A841,?,00000000,00000103), ref: 00490876
Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000,?,?), ref: 004908BE

GetPrivateProfileSectionNamesA.KERNEL32(?,00000C00,00000000), ref: 0048A9E8
lstrcpyA.KERNEL32(00000000,?), ref: 0048AA08
lstrlenA.KERNEL32(?), ref: 0048AA0B

Part of subcall function 00485E90: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485EE4
Part of subcall function 00485E90: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485F1D

lstrcpyA.KERNEL32 ref: 0048AAE6
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,00000064,00000000), ref: 0048AB0A
GetSysColor.USER32(00000008), ref: 0048AB18
GetLastError.KERNEL32(ALL-,00000000,00000004,00000000,?,00000001), ref: 0048ACD8
SysFreeString.OLEAUT32(?), ref: 0048ACFA
SysFreeString.OLEAUT32(?), ref: 0048AD0B
SetLastError.KERNEL32(?), ref: 0048AD3A

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyA.KERNEL32(00000000,?), ref: 0048AD5E
lstrlenA.KERNEL32(?), ref: 0048AD65
lstrcmpA.KERNEL32(SKINS,00000000,ALL,00000000,00000003,00000000,?,00000001), ref: 0048ADB0
lstrcpyA.KERNEL32 ref: 0048AE56
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,00000064,00000000), ref: 0048AE7E

Strings

GetThemeAppProperties, xrefs: 0048B01D
dJ, xrefs: 0048A410
dJ, xrefs: 0048A5D2
lJ, xrefs: 0048A41A
VERSION, xrefs: 0048A844
dJ, xrefs: 0048A394
lJ, xrefs: 0048A5AB
NO DOUBT, xrefs: 0048A44D
ALL-, xrefs: 0048AA36
SKINS, xrefs: 0048A849, 0048ADAB
dK, xrefs: 0048A75D
lJ, xrefs: 0048A3CF
dJ, xrefs: 0048A5A1
skin.ini, xrefs: 0048A570
TEXTCOLOR, xrefs: 0048A8B5, 0048AACC, 0048AE3C
ALL, xrefs: 0048A881, 0048A923, 0048A936, 0048A949, 0048A956, 0048A96B, 0048AD8A
ALL, xrefs: 0048A8DF
lJ, xrefs: 0048A5DC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Freelstrcpy$_memset$PrivateProfilelstrlen$ByteCharColorMultiWide_memmove$Exception@8FileH_prolog3H_prolog3_NamesSectionThrowWritelstrcmplstrcmpi
String ID: ALL$ALL$ALL-$GetThemeAppProperties$NO DOUBT$SKINS$TEXTCOLOR$VERSION$dK$dJ$dJ$dJ$dJ$lJ$lJ$lJ$lJ$skin.ini
API String ID: 2276469943-1455993456
Opcode ID: 4e28de5b403937847b2f650d6970140e5461d4b70495ad67fabac8032a30ebc3
Instruction ID: 79012e49ed486ce22d0537f09b4fbe6ad00e0975ff4e1d2c00a5e82a599fa431
Opcode Fuzzy Hash: 4e28de5b403937847b2f650d6970140e5461d4b70495ad67fabac8032a30ebc3
Instruction Fuzzy Hash: EC829871900258EEEB10EBA1DD45BDEB7B8AF15304F0040EBE549E7181DBB86B98CF65

Function 0049DEC4 Relevance: 53.9, APIs: 35, Instructions: 1384COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0049DF50
__whiteout.LIBCMT ref: 0049DFBF

Part of subcall function 0045D506: __getptd_noexit.LIBCMT ref: 0045D506

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Locale$UpdateUpdate::___getptd_noexit__whiteout
String ID:
API String ID: 4052982633-0
Opcode ID: a14992832d4c41711310f10542e10f0b6cb14402c983ec2b552a6598a4c39450
Instruction ID: a3e14714cc9df98a0816df650cad5d880d5d2ed2129245b8a3308b3300a5d14b
Opcode Fuzzy Hash: a14992832d4c41711310f10542e10f0b6cb14402c983ec2b552a6598a4c39450
Instruction Fuzzy Hash: E7B29E71D012698BDF35DB16CC88BAEBBB5AB14310F5441FBE449A7291DA389EC1CF48

Function 0049CA69 Relevance: 53.8, APIs: 35, Instructions: 1338COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0049CAF5
__whiteout.LIBCMT ref: 0049CB60

Part of subcall function 0045D506: __getptd_noexit.LIBCMT ref: 0045D506

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Locale$UpdateUpdate::___getptd_noexit__whiteout
String ID:
API String ID: 4052982633-0
Opcode ID: 4ae8c31ef9adc148e74008aa2df9d659f8bcc0f180d1acb9f72c2e61c9f1cd83
Instruction ID: acd30b8ab0848bff3661401df2af51d9eb98b2ff4f73cbc454c4f0973d2d5f84
Opcode Fuzzy Hash: 4ae8c31ef9adc148e74008aa2df9d659f8bcc0f180d1acb9f72c2e61c9f1cd83
Instruction Fuzzy Hash: 5EB29C71D052698BDF359B14CC98BBEBBB4AB44310F2441FBE449A7291DA389EC1CF48

Function 004685CF Relevance: 34.5, APIs: 18, Strings: 1, Instructions: 1277COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0046862A

Part of subcall function 0045D506: __getptd_noexit.LIBCMT ref: 0045D506

_memset.LIBCMT ref: 004687D4

Strings

X, xrefs: 004686C2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Locale$UpdateUpdate::___getptd_noexit_memset
String ID: X
API String ID: 2502719891-3081909835
Opcode ID: 06469d0f745e7e1af953ad50afcf297e59d042d0d5e6141ce931f08a4ab8aecb
Instruction ID: 4b2ee9128e37929f719b3c37fa5a85234011a7bc61eaa186f30933d59cbc89c6
Opcode Fuzzy Hash: 06469d0f745e7e1af953ad50afcf297e59d042d0d5e6141ce931f08a4ab8aecb
Instruction Fuzzy Hash: AAB26071B003298ADB24CF14CC447AAB3B5BB56315F1446EBD409E7691EBB99E81CF0B

Function 00478B63 Relevance: 30.5, APIs: 15, Strings: 2, Instructions: 773COMMON

Download Yara Rule

APIs

__cftof.LIBCMT ref: 00478D3A
__aulldvrm.LIBCMT ref: 004793B4
_write_multi_char.LIBCMT ref: 00479531
_write_string.LIBCMT ref: 0047955A
_write_multi_char.LIBCMT ref: 0047957C
__cftof.LIBCMT ref: 004795B4
_write_string.LIBCMT ref: 004795E5
_write_string.LIBCMT ref: 00479619
_write_multi_char.LIBCMT ref: 00479645
_free.LIBCMT ref: 0047965C

Strings

g, xrefs: 0047909E
, xrefs: 004794F1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _write_multi_char_write_string$__cftof$__aulldvrm_free
String ID: $g
API String ID: 4283718489-3845294767
Opcode ID: 56729c77d3118aed5c545930438daf89eb8e63f6f313d63d92ef7f0f50c1d39c
Instruction ID: 6440e9874cd6092b9ddce141ad40cae7026d053fb984efffda5b722766f15a1d
Opcode Fuzzy Hash: 56729c77d3118aed5c545930438daf89eb8e63f6f313d63d92ef7f0f50c1d39c
Instruction Fuzzy Hash: 9B529F719442288BEB258A18CC487EA77F5FB54314F29C0EBD48DA7291DF399D81CF89

Function 004443E5 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 186libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004443EF
GetModuleHandleW.KERNEL32(Kernel32.dll,LCIDToLocaleName), ref: 00444408
GetProcAddress.KERNEL32(00000000), ref: 0044440F
LoadLibraryW.KERNEL32(-00000004,mlang.dll,?,00000000), ref: 004444DF
GetProcAddress.KERNEL32(00000000,LcidToRfc1766W), ref: 0044450E

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 004445D8
@/L, xrefs: 00444639
@/L, xrefs: 004444AE
@/L, xrefs: 0044442D
@/L, xrefs: 00444526
LcidToRfc1766W, xrefs: 00444508
mlang.dll, xrefs: 004444A3
Kernel32.dll, xrefs: 00444403
LCIDToLocaleName, xrefs: 004443FE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$AddressFreeH_prolog3_Proc$AllocH_prolog3HandleLibraryLoadModule
String ID: @/L$@/L$@/L$@/L$@/L$Kernel32.dll$LCIDToLocaleName$LcidToRfc1766W$mlang.dll
API String ID: 1118478212-902657132
Opcode ID: 16d3e830ff4997a16fd1543d72b2f8f1a218a0f0d02ae41491b42857594e5497
Instruction ID: fb490cd4c4185951d43f97ecbd8599a8fae49d0cfa27e50f6b17a355b2b286b9
Opcode Fuzzy Hash: 16d3e830ff4997a16fd1543d72b2f8f1a218a0f0d02ae41491b42857594e5497
Instruction Fuzzy Hash: 35713F70900318EEEB10EF91CC55BDDBB78BF15704F1440AEE509B7292DBB85A45CB6A

Function 00455333 Relevance: 22.7, APIs: 15, Instructions: 168encryptionfileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0045533A
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0045536E
ReadFile.KERNEL32(00000000,?,00000018,?,00000000), ref: 00455399
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,?), ref: 004553D6
ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00008004,00000000,00000000,?), ref: 004553EC
CryptHashData.ADVAPI32(?,00000000,?,00000000,?,00008004,00000000,00000000,?), ref: 004553FE
GetLastError.KERNEL32(?,00008004,00000000,00000000,?), ref: 00455408
CryptHashData.ADVAPI32(?,00000000,?,00000000,?,?,00000001,?,00008004,00000000,00000000,?), ref: 00455439
GetLastError.KERNEL32(?,00008004,00000000,00000000,?), ref: 00455443
CryptDeriveKey.ADVAPI32(?,00006801,?,00000000,?,?,00008004,00000000,00000000,?), ref: 00455463
GetLastError.KERNEL32(?,00008004,00000000,00000000,?), ref: 0045546D
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 004554C1
CryptImportKey.ADVAPI32(?,00000000,?,?,00000010,00000001), ref: 004554E1
GetLastError.KERNEL32(?,00000000,?,?,00000010,00000001), ref: 004554EB

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

GetLastError.KERNEL32 ref: 00455501

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptErrorLast$File$HashRead$CreateData$DeriveH_prolog3_Import_malloc
String ID:
API String ID: 1372746476-0
Opcode ID: 5d4dccef398e3006b5e8c6c78856fb833ffb8c02c93fcf4529e7e366c087f09a
Instruction ID: 7b9a2a811e8abfb9575a15a0fa225ae37e23c5c53042507687d6b7065a6ff11c
Opcode Fuzzy Hash: 5d4dccef398e3006b5e8c6c78856fb833ffb8c02c93fcf4529e7e366c087f09a
Instruction Fuzzy Hash: BF518C71800119EFEB119FE2CC45AEEBF78EF05305F10412AF915A72A2DB34595ADB68

Function 00475CA1 Relevance: 21.5, APIs: 14, Instructions: 537COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb8f3866b5ea48272a6f9154bea011b6ec47790a0d751755b6acb7a5d7e2f49
Instruction ID: bcaf2ade6dbcaa6ecbdc78d049e7b0f52704d079f8f8195321b0f73386b771a1
Opcode Fuzzy Hash: 6eb8f3866b5ea48272a6f9154bea011b6ec47790a0d751755b6acb7a5d7e2f49
Instruction Fuzzy Hash: 0C326175B026688FCB24CF55DD406EAB7B5FB46314F0980DAE40EA7A81D7349E80CF4A

Function 004546DD Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 241encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004546E7
CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,0000071C), ref: 00454719
GetLastError.KERNEL32 ref: 00454723
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,?), ref: 0045474E
GetLastError.KERNEL32 ref: 00454758

Strings

ISc(, xrefs: 004547CF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptErrorLast$AcquireContextCreateH_prolog3_Hash
String ID: ISc(
API String ID: 4253850778-3536308444
Opcode ID: a6b943b3bac7db1c4cbb8b49b166c4d1a4de6820a0e071aff16a716a6ead554d
Instruction ID: 27db447b22cf1e47d342e2cd0d2220ae0c24cdb8ed7c3291c8ebcc0736985e66
Opcode Fuzzy Hash: a6b943b3bac7db1c4cbb8b49b166c4d1a4de6820a0e071aff16a716a6ead554d
Instruction Fuzzy Hash: A0917470904118DBDB21DB65CC85BDE7778EF44349F0041DAEA09AB282DB786EC9CF69

Function 00451BC7 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 125filestringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00451BD1

Part of subcall function 00450E91: __EH_prolog3_GS.LIBCMT ref: 00450E9B
Part of subcall function 00450E91: GetFileAttributesW.KERNEL32(00000000,00000084,00451BE3,?,000002E0,0048B00C,?,00000001), ref: 00450EAF
Part of subcall function 00450E91: __CxxThrowException@8.LIBCMT ref: 00450EF4

FindFirstFileW.KERNEL32(-00000004,?,0048B00C,?,00000001), ref: 00451C17
lstrcmpW.KERNEL32(?,004AECA0), ref: 00451C4E
lstrcmpW.KERNEL32(?,004B60E8), ref: 00451C64
FindNextFileW.KERNEL32(00000000,?), ref: 00451CCA
RemoveDirectoryW.KERNEL32(?), ref: 00451CF2
__CxxThrowException@8.LIBCMT ref: 00451D38
DeleteFileW.KERNEL32(?,000002E0,0048B00C,?,00000001), ref: 00451D49

Part of subcall function 00450C01: __EH_prolog3_GS.LIBCMT ref: 00450C08

Strings

lJ, xrefs: 00451D62
dJ, xrefs: 00451D5B
*.*, xrefs: 00451BEC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$H_prolog3_$Exception@8FindThrowlstrcmp$AttributesDeleteDirectoryFirstNextRemove
String ID: *.*$dJ$lJ
API String ID: 1087441661-4156733564
Opcode ID: 67a68092f78478d7a8c64480c62e0ce1f454beb8aa18d340584e6b26e5b1f450
Instruction ID: 143d3da405b5dbad7b1d6632039a36703aa4dcd64b6036911f87ea3ed7e8dd09
Opcode Fuzzy Hash: 67a68092f78478d7a8c64480c62e0ce1f454beb8aa18d340584e6b26e5b1f450
Instruction Fuzzy Hash: 48418271900248EECB00EFA1CC89BDE77BCAF15309F40416AF915A3152EB789B4DCB69

Function 004542BF Relevance: 18.2, APIs: 12, Instructions: 208encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004542C9

Part of subcall function 0045395F: __EH_prolog3_GS.LIBCMT ref: 00453966

Part of subcall function 004545AC: __EH_prolog3_GS.LIBCMT ref: 004545B6
Part of subcall function 004545AC: GetLastError.KERNEL32 ref: 0045460F

GetLastError.KERNEL32 ref: 0045433A
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,?), ref: 0045438C
GetLastError.KERNEL32 ref: 00454396

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$CreateCryptHash
String ID:
API String ID: 2420322064-0
Opcode ID: c7a9ce9d7c59fbf4a77726799446fda23b776c5990e4ab0e42447bbf332d635d
Instruction ID: 33f30238f05662e3a32777ba37e20be3ced18808b6e6381ff4dd07b928e6ac16
Opcode Fuzzy Hash: c7a9ce9d7c59fbf4a77726799446fda23b776c5990e4ab0e42447bbf332d635d
Instruction Fuzzy Hash: D981A571900128AFDB249B51CC45FDEB779AF84309F0141DAFA09A7242DF75AE98CF68

Function 00430226 Relevance: 18.1, APIs: 12, Instructions: 104memoryfileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 0043023F
GetProcessHeap.KERNEL32(00000008,00000001,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 00430260
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 00430267
ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF), ref: 00430285
_strlen.LIBCMT ref: 00430294
GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 004302C9
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 004302D0
GetProcessHeap.KERNEL32(00000008,00000003,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 004302E0
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 004302E7
ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF), ref: 00430301
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 0043031F
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,004303A9,000000FF,?,?,000000FF,?), ref: 00430326

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Heap$Process$File$AllocFreeRead$Size_strlen
String ID:
API String ID: 3537955524-0
Opcode ID: 8525024322926dda2b8c73ce46ddf0f5c2a4bfa67a9af4508137702a1035c735
Instruction ID: d969d208ad07ff395abe69dae3ca2b342e6068e6d281f30907df666d4f1ca5ed
Opcode Fuzzy Hash: 8525024322926dda2b8c73ce46ddf0f5c2a4bfa67a9af4508137702a1035c735
Instruction Fuzzy Hash: 7B31D432600214BBDB109BA6DC4DFAB7FACEF4E711F000266FA15C7190DB749904CBA9

Function 0046A3CF Relevance: 15.2, APIs: 10, Instructions: 161COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetLocaleInfoA.LIBCMT ref: 0046A421

Part of subcall function 0047A437: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0047A443
Part of subcall function 0047A437: __crtGetLocaleInfoA_stat.LIBCMT ref: 0047A458

GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 0046A433
___crtGetLocaleInfoA.LIBCMT ref: 0046A453
___crtGetLocaleInfoA.LIBCMT ref: 0046A495
__calloc_crt.LIBCMT ref: 0046A468

Part of subcall function 00469F4C: __calloc_impl.LIBCMT ref: 00469F5B
Part of subcall function 00469F4C: Sleep.KERNEL32(00000000,?,00464DC4,00000001,000003BC), ref: 00469F72

__calloc_crt.LIBCMT ref: 0046A4AA
_free.LIBCMT ref: 0046A4C2
_free.LIBCMT ref: 0046A500
__calloc_crt.LIBCMT ref: 0046A52A
_free.LIBCMT ref: 0046A550

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Locale$Info$___crt__calloc_crt_free$A_statErrorLastSleepUpdateUpdate::___calloc_impl__crt
String ID:
API String ID: 1073277423-0
Opcode ID: 31cd79e289f3c1475c7a424cc7badf702c209c52576d9ce5a4c50099f67c7731
Instruction ID: 864030f714bf7105de4cbe2fbf77e887a894cb5dba9e112f49c47a8bbddb9d38
Opcode Fuzzy Hash: 31cd79e289f3c1475c7a424cc7badf702c209c52576d9ce5a4c50099f67c7731
Instruction Fuzzy Hash: 0251A5B1900215ABDF249F658C45BAB7BA9EF04314F10809AF80DE2241FF79CD648F6B

Function 00446187 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108processCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00446191

Part of subcall function 0041525D: __EH_prolog3_GS.LIBCMT ref: 00415264

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000003B,00000000,?,00000001,00000284), ref: 004461F4
GetLastError.KERNEL32(00000002,00000000,0000003B,00000000,?,00000001,00000284), ref: 0044620A
Process32FirstW.KERNEL32 ref: 00446229
Process32NextW.KERNEL32(00000000,?), ref: 004462A5

Strings

@/L, xrefs: 0044624F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_Process32$CreateErrorFirstLastNextSnapshotToolhelp32
String ID: @/L
API String ID: 3102987474-3803013380
Opcode ID: 8b321bc83049cdccbccfc38694c27a24e3f8fade2d8680e1ccb61ce418d63844
Instruction ID: 1051442936c2f9e768134ec6fec72a2a3bd5fac9e71656c3d22c2f1aefdc5c6d
Opcode Fuzzy Hash: 8b321bc83049cdccbccfc38694c27a24e3f8fade2d8680e1ccb61ce418d63844
Instruction Fuzzy Hash: 4D416D71C05129AAEF20EB66CC49BEEBBB8AF55304F1041EFE408A2191DFB45E84CF55

Function 00420149 Relevance: 12.1, APIs: 8, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00420153
LoadLibraryExW.KERNEL32(?,00000000,00000060,00000424,00420A3B,?,00000000,?,00000000,00000004,00422F16,004AFD3C,?,?,REGISTRY,004AFD3C), ref: 00420192
LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 004201A8
FindResourceW.KERNEL32(00000000,?,?), ref: 004201D3
LoadResource.KERNEL32(00000000,00000000), ref: 004201EB
SizeofResource.KERNEL32(00000000,00000000), ref: 004201FD

Part of subcall function 0041886B: GetLastError.KERNEL32(00422C2D), ref: 0041886B

FreeLibrary.KERNEL32(00000000), ref: 00420297

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: LibraryLoadResource$ErrorFindFreeH_prolog3_catch_LastSizeof
String ID:
API String ID: 1818814483-0
Opcode ID: 5c40c895b842d40c583e07fe4555a5f175d465904de97858630341c00a426d0b
Instruction ID: dcd30aa2ccdba2c5da9b84cebe88835904bb6204f87880d06d77132595859cd1
Opcode Fuzzy Hash: 5c40c895b842d40c583e07fe4555a5f175d465904de97858630341c00a426d0b
Instruction Fuzzy Hash: B64151B1A0022D9BCB219F559C44BDE7AF5AF09354F9040EEF508A3252DB358E81CF6D

Function 00455DCC Relevance: 10.6, APIs: 7, Instructions: 95fileencryptionCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00455DE4

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

CryptSignHashW.ADVAPI32(?,00000002,00000000,00000000,00000000,?), ref: 00455DFA
GetLastError.KERNEL32 ref: 00455E04
CryptSignHashW.ADVAPI32(?,00000002,00000000,00000000,?,?), ref: 00455E47
WriteFile.KERNEL32(?,?,00000004,?,00000000), ref: 00455E63
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00455E73
SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00455EA7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$CryptHashPointerSignWrite$ErrorLast_malloc
String ID:
API String ID: 1271059220-0
Opcode ID: fc1477883dac733aeb79915de24bcf6a291ba1e5d74a572f931663686e11a877
Instruction ID: 28c5d0445e811f71bfbf1d5993522376da190f2c4232c2fe774f0be825dfd1f5
Opcode Fuzzy Hash: fc1477883dac733aeb79915de24bcf6a291ba1e5d74a572f931663686e11a877
Instruction Fuzzy Hash: 5331E132240616BFEF114F61DC46FA77FA9FF00711F004026FE00AA5A1C7B2A964DB94

Function 0045564F Relevance: 7.5, APIs: 5, Instructions: 49encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 00455A6D: CryptAcquireContextW.ADVAPI32(?,?,00000000,00000001,00000010,?,?,?,?,0045566C,00000000), ref: 00455A88
Part of subcall function 00455A6D: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,0045566C,00000000), ref: 00455A91
Part of subcall function 00455A6D: CryptDestroyHash.ADVAPI32(?,?,00000000,?,?,?,0045566C,00000000), ref: 00455A9A

CoCreateGuid.OLE32(?,00000000), ref: 00455670
StringFromGUID2.OLE32(?,?,00000028), ref: 00455680
_wcsncpy.LIBCMT ref: 00455690
CryptAcquireContextW.ADVAPI32(?,?,?,00000001,00000008), ref: 0045569F
CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000001,00000008), ref: 004556B5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Crypt$Context$AcquireCreateHash$DestroyFromGuidReleaseString_wcsncpy
String ID:
API String ID: 396328816-0
Opcode ID: 2265288f131747b7349a2cbe0a2d1fb9926499350dc997a78105b36db74e1acb
Instruction ID: 7739b7cb654ae7079a22b9405ed4236f99ab491bf0d2af22a6cbab156e3c7506
Opcode Fuzzy Hash: 2265288f131747b7349a2cbe0a2d1fb9926499350dc997a78105b36db74e1acb
Instruction Fuzzy Hash: 11015E72600218BBDB00DFE1DC89F9B7BBCEB09705F104466FA019A181DAB4EA08CB65

Function 0041CAE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041CAEE
GetPrivateProfileIntW.KERNEL32(Startup,AllUsers,00000000,-00000004), ref: 0041CB30

Strings

Startup, xrefs: 0041CB2B
AllUsers, xrefs: 0041CB26

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_PrivateProfile
String ID: AllUsers$Startup
API String ID: 477331544-1531790124
Opcode ID: 15c9069964983c92b044df91cb72890182536ad4b849ba4e9695917b6c3142d3
Instruction ID: e22680aeceeda87f44c82e58a12d05d65c08435aef8c1e6c3b34f179fcf946c7
Opcode Fuzzy Hash: 15c9069964983c92b044df91cb72890182536ad4b849ba4e9695917b6c3142d3
Instruction Fuzzy Hash: 7901B1B0B402009FDB14EF65D89979DBBE4EF45309F44006EE445D7292CB38ED49CB88

Function 0046E5AC Relevance: 6.2, APIs: 4, Instructions: 173COMMON

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 0046E605
GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 0046E652
GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 0046E702

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: InfoLocale$__amsg_exit__getptd_noexit
String ID:
API String ID: 41668988-0
Opcode ID: 250c7e0f169319473d2ab52f48354382f08f58874d9e7da598718d2f2a084208
Instruction ID: 84d2ae87c26c69b423e8ef456a5c678aca90cf99854d1c4513fa7dadb5d5393e
Opcode Fuzzy Hash: 250c7e0f169319473d2ab52f48354382f08f58874d9e7da598718d2f2a084208
Instruction Fuzzy Hash: 36518A75500216AFEF289F26C882B6B77E8EF11315F10417BE800CA292F7B8D955DB5A

Function 0042C966 Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0042C9A3
GetFileAttributesW.KERNEL32(?), ref: 0042C9DA
SetFileAttributesW.KERNEL32(?,00000000), ref: 0042C9E5
DeleteFileW.KERNEL32(?), ref: 0042C9F4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$Attributes$DeleteFindFirst
String ID:
API String ID: 2297122337-0
Opcode ID: 8bb42c000784f76d68038a9efd1e5df228410e67c8050de428b4ce5ea6037d64
Instruction ID: b0eac9454e78ba0cc43f222def109c854297570c411374b70cd897779411f04e
Opcode Fuzzy Hash: 8bb42c000784f76d68038a9efd1e5df228410e67c8050de428b4ce5ea6037d64
Instruction Fuzzy Hash: 40110671600664DBC720EF18EC8C55DB7B4EF46316B50066EE052A71A0CB789ECACB5C

Function 004125AD Relevance: 4.6, APIs: 3, Instructions: 52COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,00001004,?,00000014), ref: 004125E1
TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 004125FC
IsValidLocale.KERNEL32(?,00000001), ref: 0041262A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: InfoLocale$CharsetTranslateValid
String ID:
API String ID: 1865635962-0
Opcode ID: fdad4521af90eed553c557b12d549d6fd565ed28d828521a4f028f7a35e841a9
Instruction ID: 734faa13da326b0d3bf3c840113cfb97524dd83f0da8d1589cdf40ad58ad38cc
Opcode Fuzzy Hash: fdad4521af90eed553c557b12d549d6fd565ed28d828521a4f028f7a35e841a9
Instruction Fuzzy Hash: CE11A534A00104AADB14DF65D945AFA77B8AF18700B10442AFA01E72D1EBB5EC91C76C

Function 0045505F Relevance: 4.5, APIs: 3, Instructions: 39encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 0045507B
GetLastError.KERNEL32 ref: 00455085
CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 004550B1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptHashParam$ErrorLast
String ID:
API String ID: 1884520423-0
Opcode ID: c193fc93756d2847739b82c0c75ae9b82191190ddc07a669d83e2fc80bdfa83d
Instruction ID: cfd196a1478a03f14f59f2b7840bf961381deeede028b4b3d1fdd0a9fb735bc8
Opcode Fuzzy Hash: c193fc93756d2847739b82c0c75ae9b82191190ddc07a669d83e2fc80bdfa83d
Instruction Fuzzy Hash: A6F081B5000708BFEB20CF50CC46FEB7BBCEB00B10F00451AFA11C6290E7B1A9089BA5

Function 004559E0 Relevance: 4.5, APIs: 3, Instructions: 37encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 004559FC
GetLastError.KERNEL32 ref: 00455A06
CryptSetHashParam.ADVAPI32(?,00000002,?,00000000), ref: 00455A2E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptHashParam$ErrorLast
String ID:
API String ID: 1884520423-0
Opcode ID: d5c56685a24979982aa0d8ef8a23978b060038e388f986dbf2681cca73596991
Instruction ID: 9a9db5d308ff9ccaea8357ed1139faa85925d2d7cdae957a465facf69a33f7f9
Opcode Fuzzy Hash: d5c56685a24979982aa0d8ef8a23978b060038e388f986dbf2681cca73596991
Instruction Fuzzy Hash: CFF04F71510704BFEB20CF60DC4AFAA7FA8EB01700F10461AEA1296290E7B5AD059B64

Function 00455A6D Relevance: 4.5, APIs: 3, Instructions: 28encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,?,00000000,00000001,00000010,?,?,?,?,0045566C,00000000), ref: 00455A88
CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,0045566C,00000000), ref: 00455A91
CryptDestroyHash.ADVAPI32(?,?,00000000,?,?,?,0045566C,00000000), ref: 00455A9A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Crypt$Context$AcquireDestroyHashRelease
String ID:
API String ID: 2937476097-0
Opcode ID: 706c87482f787f2664a75151b30f21f106f4f774529dca5b9423f8773dbe496b
Instruction ID: b581e11407cbc47a4c99fe5eb7ccddbb5a29ade457aadda0d58643ef8943acc7
Opcode Fuzzy Hash: 706c87482f787f2664a75151b30f21f106f4f774529dca5b9423f8773dbe496b
Instruction Fuzzy Hash: 8AE039B6100A14ABD6304F66EC08D87BFFCEB85701B000A2AB692D2160D6B2A948CB64

Function 00464F6E Relevance: 3.1, APIs: 2, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00464FA3
IsDebuggerPresent.KERNEL32(?,?,00000000), ref: 00465058

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: DebuggerPresent_memset
String ID:
API String ID: 2328436684-0
Opcode ID: 30e630e0c4360776ab38092c0afed0eafb2761b64fe840dba2adabf5bf55a564
Instruction ID: 6a2e9a9e9d10309ba4ee37709abccabb61ed69375fac9e00e357eaa61f69ad69
Opcode Fuzzy Hash: 30e630e0c4360776ab38092c0afed0eafb2761b64fe840dba2adabf5bf55a564
Instruction Fuzzy Hash: 3F31B675801228ABCF21DF65D9887C9B7F8AF08314F5041EAE81CA7251E7789B858F49

Function 0046E4AC Relevance: 3.0, APIs: 2, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

_GetPrimaryLen.LIBCMT ref: 0046E4F7
EnumSystemLocalesW.KERNEL32(0046E5AC,00000001,000000A0,?,?,0046EB36,00000000,?,?,?,?,?,00000055), ref: 0046E507

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: EnumLocalesPrimarySystem__amsg_exit__getptd_noexit
String ID:
API String ID: 3487593440-0
Opcode ID: 9f9565c636c59fd6a40c03239ab5f95cbac2029abe3a144c69ffeb1cd06cadce
Instruction ID: adb5cb6d038db806dabc890ed3941d36723e6c2896cd645e690a7ff04314c5a9
Opcode Fuzzy Hash: 9f9565c636c59fd6a40c03239ab5f95cbac2029abe3a144c69ffeb1cd06cadce
Instruction Fuzzy Hash: C201F73A550307AFEB209F7AD409B66BBE0EF40729F10492EE447861C1FB7CA414CB49

Function 0046E529 Relevance: 3.0, APIs: 2, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

_GetPrimaryLen.LIBCMT ref: 0046E55B
EnumSystemLocalesW.KERNEL32(0046E79F,00000001,?,?,0046EB00,004620B7,?,?,00000055,?,?,004620B7,?,?,?), ref: 0046E56E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: EnumLocalesPrimarySystem__amsg_exit__getptd_noexit
String ID:
API String ID: 3487593440-0
Opcode ID: 4f30b4fd97aca6579e7ab532277327b2e75f6e49790ce1654feefc81a4c946b9
Instruction ID: 9b194bf615f34a188e3360dd678b4b267d31ed76c2cc864db2014fbbf2881020
Opcode Fuzzy Hash: 4f30b4fd97aca6579e7ab532277327b2e75f6e49790ce1654feefc81a4c946b9
Instruction Fuzzy Hash: 22F02035910304BEEB206B76E801FA23FD4CB02329F20481BF84A8A192FA781900866A

Function 004559DE Relevance: 3.0, APIs: 2, Instructions: 27encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 004559FC
GetLastError.KERNEL32 ref: 00455A06

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptErrorHashLastParam
String ID:
API String ID: 2561833602-0
Opcode ID: d2bd3f526ffcab827848f3352d30dc01e53f6bfb96fa9e44300d7d78fc3b36db
Instruction ID: 01fa2e57d49853d085b3c6b94d87a937f65bde4b32404e6bb0c0c54f07d55c21
Opcode Fuzzy Hash: d2bd3f526ffcab827848f3352d30dc01e53f6bfb96fa9e44300d7d78fc3b36db
Instruction Fuzzy Hash: F3E092B2500304BFEB24DF51DC0AEEB7BACEB01700F00026BE90193240E6B1AE089674

Function 00455D9E Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON

Download Yara Rule

APIs

CryptVerifySignatureW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,004407A0,00000001,?,00000000,00000000,?,?,000001ED,00000000), ref: 00455DB1
GetLastError.KERNEL32 ref: 00455DBB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptErrorLastSignatureVerify
String ID:
API String ID: 2524884230-0
Opcode ID: e41b0b5dac174dff23051184fff421a58b20a60067bba2cd77ad8fd4c4cdc764
Instruction ID: 71fa4fb927ae7c563d7a200f7b9d3092a9c6925e5d1a4eaff98f384954e56967
Opcode Fuzzy Hash: e41b0b5dac174dff23051184fff421a58b20a60067bba2cd77ad8fd4c4cdc764
Instruction Fuzzy Hash: FCE0EC32140B20AFDB215F61AC09B937FE1BB45710F014859E662469A0D272A855AB44

Function 0046E79F Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

GetLocaleInfoW.KERNEL32(00000000,?,?,000000F0), ref: 0046E7F8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: InfoLocale__amsg_exit__getptd_noexit
String ID:
API String ID: 3113341244-0
Opcode ID: a04deb6f81116242e4524b4085a1d0491f7a0c5bafdb467c6e726964d0ee26b6
Instruction ID: 8115c626b999ecea31a7e474cb9bf8adedcce59d9df97034df0d2f925dfb735f
Opcode Fuzzy Hash: a04deb6f81116242e4524b4085a1d0491f7a0c5bafdb467c6e726964d0ee26b6
Instruction Fuzzy Hash: 96218376500216AFEB24AB26D842BBB73ECEF45315F10017FED0187182FB789D59CA5A

Function 00430174 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 004301A1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 2832456f11c060cd0b794991ee57ccbb05c39478b69244dc5654ccd42b1bfb3b
Instruction ID: 7319d55478f440adb9be3f0c93e2518c3f23ad37675a81d97adda49a0b8018e7
Opcode Fuzzy Hash: 2832456f11c060cd0b794991ee57ccbb05c39478b69244dc5654ccd42b1bfb3b
Instruction Fuzzy Hash: 11F08C30A2125C9FCB54FF79D84A7DA7BE46B0A704F4040BEA409D3291DB799E88CB48

Function 004552A9 Relevance: 1.5, APIs: 1, Instructions: 16encryptionCOMMON

Download Yara Rule

APIs

CryptImportKey.ADVAPI32(?,?,?,00000000,?,?,?,0045524F,?,?,?), ref: 004552BD

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptImport
String ID:
API String ID: 365355273-0
Opcode ID: b3f1e4ba6b1e29f29402b69bb5628869b50dd2b71fafb138142bb0ad58ad59ea
Instruction ID: 900fc10cd5a9fd490bdb10e79e9bb780e289fc71fc74bfcddd7d23e94dd786bb
Opcode Fuzzy Hash: b3f1e4ba6b1e29f29402b69bb5628869b50dd2b71fafb138142bb0ad58ad59ea
Instruction Fuzzy Hash: A1D0923609410DABDF01AFA0DC00EA97B6DEB15704F108425BA19C9060D6729525AB54

Function 00454DDC Relevance: 1.5, APIs: 1, Instructions: 15encryptionCOMMON

Download Yara Rule

APIs

CryptExportKey.ADVAPI32(?,00000000,00000006,?,?,?), ref: 00454DEF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptExport
String ID:
API String ID: 3389274496-0
Opcode ID: e4c75fbdd417c76a26c3bc60670c3e46bfbb020ba5fc6b41369e347131a9fa02
Instruction ID: cf802b866f72df25074d93545b209c631ec5f1b05fb7829114a2a83150e93ff8
Opcode Fuzzy Hash: e4c75fbdd417c76a26c3bc60670c3e46bfbb020ba5fc6b41369e347131a9fa02
Instruction Fuzzy Hash: 27D0C93219420DBBDF115FA1DC01F997F2AEB15750F008024B619C90A0C6739432AB54

Function 0045521D Relevance: 1.5, APIs: 1, Instructions: 12encryptionCOMMON

Download Yara Rule

APIs

CryptHashData.ADVAPI32(?,?,?,00000000), ref: 0045522B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CryptDataHash
String ID:
API String ID: 4245837645-0
Opcode ID: 268971d0e33aefb79e69c38cac60b728a26826172c325b9ccdb1988ebb492c2e
Instruction ID: a684f307210f68e850dcc11fdfa315bd933b69cc9a36ccad98f41c2e9a9221a9
Opcode Fuzzy Hash: 268971d0e33aefb79e69c38cac60b728a26826172c325b9ccdb1988ebb492c2e
Instruction Fuzzy Hash: F9C0123219820DBBDF011EA1DC01E953F29AB11711F208120B619880A0C6729024AB54

Function 00454C59 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4174b9389ff6ccb49cbf26b32f4b45137529def5cf4d0702bda6e93628ee28e9
Instruction ID: 720dd9784d7ddd72b307fbec705fff6e0fb157f28ed4351bcec19ade2eafb700
Opcode Fuzzy Hash: 4174b9389ff6ccb49cbf26b32f4b45137529def5cf4d0702bda6e93628ee28e9
Instruction Fuzzy Hash: FCD012311155218BF7310E24FC00B9273D46B81756F29042E9480991B4D7F88CC4C65C

Function 00454C91 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44dac623479ab8d54e28553e1fde5bf2da857e4f3c372e72a21ba5f122344b45
Instruction ID: 7b7da9609656c9049257375588c864be9154602eec8d43ca5e029df1e4d4d4e0
Opcode Fuzzy Hash: 44dac623479ab8d54e28553e1fde5bf2da857e4f3c372e72a21ba5f122344b45
Instruction Fuzzy Hash: 4BC01231121121CBE7310E67E80179576D46BC0316F16082E948089290D7B98CC0C654

Function 00454CAB Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe1b20618835f18976d6e79287851e967064628a4209108dd5dd1dac9a9dd98
Instruction ID: 88fe66a3bdd6f8142c6fe228e44481322a4e10ced52755408f3c7228a0f8a0b1
Opcode Fuzzy Hash: 3fe1b20618835f18976d6e79287851e967064628a4209108dd5dd1dac9a9dd98
Instruction Fuzzy Hash: 08C012311151218BE7310E14F800B9172D46B80316F25092E94908B264D7B88CC0CB54

Function 00402200 Relevance: 96.7, APIs: 44, Strings: 11, Instructions: 404timeCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0040225F
SetLastError.KERNEL32(T4L), ref: 004022A2

Part of subcall function 004040F0: SysStringLen.OLEAUT32(?), ref: 004040FE
Part of subcall function 004040F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00404118

GetDateFormatW.KERNEL32(00000800,00000000,00000000,M-d-yyyy,00000000,00000080,?,00000080), ref: 004022EA

Part of subcall function 00403CF0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,?,?,?,?,?,?,00000000,004AC478,000000FF,T4L), ref: 00403D2F
Part of subcall function 00403CF0: GetLastError.KERNEL32(?,00000000,000000FF), ref: 00403DC9
Part of subcall function 00403CF0: SysFreeString.OLEAUT32(?), ref: 00403DE3
Part of subcall function 00403CF0: SysFreeString.OLEAUT32(?), ref: 00403DF0
Part of subcall function 00403CF0: SetLastError.KERNEL32(?), ref: 00403E14
Part of subcall function 00403CF0: SetLastError.KERNEL32(?,?,00000000,7591DFA0,?,?,?,?,?,?,?,?,00000000,004AC478,000000FF,T4L), ref: 00403E1A

GetLastError.KERNEL32 ref: 00402311
SetLastError.KERNEL32(T4L), ref: 00402345

Part of subcall function 004040F0: _wmemcpy_s.LIBCMT ref: 00404145

GetTimeFormatW.KERNEL32(00000800,00000000,00000000,hh':'mm':'ss tt,00000000,00000080,?,00000080), ref: 0040238A

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

Part of subcall function 00403080: GetLastError.KERNEL32 ref: 004030E5
Part of subcall function 00403080: SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 0040314E
Part of subcall function 00403080: GetLastError.KERNEL32(?), ref: 004031A4
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 004031BE
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 004031CB
Part of subcall function 00403080: SetLastError.KERNEL32(?), ref: 004031EF

Part of subcall function 004034E0: GetLastError.KERNEL32 ref: 0040354B
Part of subcall function 004034E0: SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 004035B4
Part of subcall function 004034E0: SysFreeString.OLEAUT32(?), ref: 004036A6

Part of subcall function 00403080: GetLastError.KERNEL32(00000000,?,00000000,?), ref: 00403290
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 004032A8
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 004032B5
Part of subcall function 00403080: SetLastError.KERNEL32(?), ref: 004032D9
Part of subcall function 00403080: GetLastError.KERNEL32(00000000,00000000,000000FF), ref: 00403334
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 0040334C
Part of subcall function 00403080: SysFreeString.OLEAUT32(?), ref: 00403359

Part of subcall function 00402DE0: GetLastError.KERNEL32 ref: 00402E45
Part of subcall function 00402DE0: SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 00402EA5
Part of subcall function 00402DE0: GetLastError.KERNEL32 ref: 00402ECE
Part of subcall function 00402DE0: SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00402F2E
Part of subcall function 00402DE0: GetLastError.KERNEL32 ref: 00402F4E

GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,00000001,?,?,?,00000001), ref: 00402447
SysFreeString.OLEAUT32(?), ref: 0040246B
SysFreeString.OLEAUT32(?), ref: 0040247E
SetLastError.KERNEL32(?), ref: 004024B1
GetLastError.KERNEL32 ref: 004024C6
SysFreeString.OLEAUT32(?), ref: 004024E4
SysFreeString.OLEAUT32(?), ref: 004024F7
SetLastError.KERNEL32(?), ref: 0040252A
GetLastError.KERNEL32 ref: 0040253F
SysFreeString.OLEAUT32(?), ref: 0040255D
SysFreeString.OLEAUT32(?), ref: 00402570
SetLastError.KERNEL32(?), ref: 004025A3
GetLastError.KERNEL32 ref: 004025B8
SysFreeString.OLEAUT32(?), ref: 004025D6
SysFreeString.OLEAUT32(?), ref: 004025E9
SetLastError.KERNEL32(?), ref: 0040261C
GetLastError.KERNEL32 ref: 00402631
SysFreeString.OLEAUT32(?), ref: 0040264F
SysFreeString.OLEAUT32(?), ref: 00402662
SetLastError.KERNEL32(?), ref: 00402695
GetLastError.KERNEL32 ref: 004026AD
SetLastError.KERNEL32(T4L), ref: 00402700
GetLastError.KERNEL32 ref: 004027C5
SysFreeString.OLEAUT32(?), ref: 004027E3
SysFreeString.OLEAUT32(?), ref: 004027F6
SetLastError.KERNEL32(?), ref: 00402829
GetLastError.KERNEL32 ref: 0040283E
SysFreeString.OLEAUT32(?), ref: 0040285C
SysFreeString.OLEAUT32(?), ref: 0040286F
SetLastError.KERNEL32(?), ref: 004028A2
GetLastError.KERNEL32 ref: 004028B1
SysFreeString.OLEAUT32(?), ref: 004028C9
SysFreeString.OLEAUT32(?), ref: 004028D6
SetLastError.KERNEL32(?), ref: 004028FA
GetLastError.KERNEL32 ref: 0040290F
SysFreeString.OLEAUT32(?), ref: 00402927
SysFreeString.OLEAUT32(?), ref: 00402934

Part of subcall function 00403B50: __vwprintf_p.LIBCMT ref: 00403B7F
Part of subcall function 00403B50: vswprintf.LIBCMT ref: 00403BB1

SetLastError.KERNEL32(?), ref: 00402958

Strings

M-d-yyyy, xrefs: 004022DC
T4L, xrefs: 0040232A
P/L, xrefs: 00402301
T4L, xrefs: 004026D9
hh':'mm':'ss tt, xrefs: 0040237C
P/L, xrefs: 00402697
%s[%s]: %s -- File: %s, Line: %d, xrefs: 00402757
P/L, xrefs: 00402750, 0040275C
P/L, xrefs: 0040224C
T4L, xrefs: 00402281
%s[%s]: %s, xrefs: 00402788

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$Format$AllocDateTime__vwprintf_p_wmemcpy_svswprintf
String ID: %s[%s]: %s$%s[%s]: %s -- File: %s, Line: %d$M-d-yyyy$P/L$P/L$P/L$P/L$T4L$T4L$T4L$hh':'mm':'ss tt
API String ID: 1002200784-2789026671
Opcode ID: f69a7b9fae25941d03fa104c4305318c631f64017a0491884069ae751dd80c88
Instruction ID: 688b1669901aab8b91c164d4b3d8465613a847ef94fe040e21fb9ed64ef3d503
Opcode Fuzzy Hash: f69a7b9fae25941d03fa104c4305318c631f64017a0491884069ae751dd80c88
Instruction Fuzzy Hash: 1B12F671508380DFD721DF69C849B9ABBE4BF89308F00892DE98C932A1DB75A814CF57

Function 0044680A Relevance: 75.6, APIs: 1, Strings: 42, Instructions: 349COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00446811

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044363E: __EH_prolog3_GS.LIBCMT ref: 00443645
Part of subcall function 0044363E: GetModuleHandleW.KERNEL32(Kernel32.dll,LocaleNameToLCID,00000074), ref: 00443659
Part of subcall function 0044363E: GetProcAddress.KERNEL32(00000000), ref: 00443660

Strings

american, xrefs: 00446906
greek, xrefs: 00446A4A
korean, xrefs: 00446AEC
canadian, xrefs: 0044693C
chinese-traditional, xrefs: 0044684B
icelandic, xrefs: 00446A80
spanish, xrefs: 00446BDD
spanish-modern, xrefs: 00446C13
australian, xrefs: 00446921
english-uk, xrefs: 004468EB
turkish, xrefs: 00446C49
english-nz, xrefs: 00446957
portuguese, xrefs: 00446B71
norwegian-bokmal, xrefs: 00446B20
german, xrefs: 004469F9
czech, xrefs: 00446866
slovak, xrefs: 00446BC2
hungarian, xrefs: 00446A65
spanish-mexican, xrefs: 00446BF8
portuguese-brazilian, xrefs: 00446B8C
chinese, xrefs: 0044681A
danish, xrefs: 00446881
russian, xrefs: 00446BA7
swedish, xrefs: 00446C2E
french, xrefs: 0044698D
german-swiss, xrefs: 00446A2F
finnish, xrefs: 00446972
norwegian-nynorsk, xrefs: 00446B3B
italian-swiss, xrefs: 00446AB6
english, xrefs: 004468D2
dutch, xrefs: 0044689C
french-swiss, xrefs: 004469C3
@/L, xrefs: 00446C72
chinese-simplified, xrefs: 00446830
french-belgian, xrefs: 004469A8
polish, xrefs: 00446B56
german-austrian, xrefs: 00446A14
dutch-belgian, xrefs: 004468B7
japanese, xrefs: 00446AD1
french-canadian, xrefs: 004469DE
italian, xrefs: 00446A9B
norwegian, xrefs: 00446B07

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$AddressH_prolog3_HandleModuleProc
String ID: @/L$american$australian$canadian$chinese$chinese-simplified$chinese-traditional$czech$danish$dutch$dutch-belgian$english$english-nz$english-uk$finnish$french$french-belgian$french-canadian$french-swiss$german$german-austrian$german-swiss$greek$hungarian$icelandic$italian$italian-swiss$japanese$korean$norwegian$norwegian-bokmal$norwegian-nynorsk$polish$portuguese$portuguese-brazilian$russian$slovak$spanish$spanish-mexican$spanish-modern$swedish$turkish
API String ID: 1772309320-951662217
Opcode ID: c9257187e726acacb3abfe6e34c368163eb70a406963623a945be78eecffe4be
Instruction ID: 09f8fec64f06b567d922b2b76d34bc84588bd33ab69aeb8cfb7145ae5b5f1af8
Opcode Fuzzy Hash: c9257187e726acacb3abfe6e34c368163eb70a406963623a945be78eecffe4be
Instruction Fuzzy Hash: CFB161A0310168A1FB10AE12E951BB52754DB11309FA2843BBDC7DA1C1FBBCEF15D62E

Function 00492320 Relevance: 74.0, APIs: 34, Strings: 8, Instructions: 494stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000002,?,?,0048A841,?,00000000,00000103), ref: 00490876
Part of subcall function 00490850: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000,?,?), ref: 004908BE

GetPrivateProfileIntA.KERNEL32(?,RECTS,00000000,?), ref: 00492417
_memset.LIBCMT ref: 00492447
_memset.LIBCMT ref: 00492458
_memset.LIBCMT ref: 00492472
lstrcpyA.KERNEL32(00000000,RECT), ref: 004924B2
__itow.LIBCMT ref: 004924C2
lstrcatA.KERNEL32(00000000,00000000), ref: 004924D2
GetLastError.KERNEL32 ref: 004924EC
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 0049257A
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 0049260E
GetLastError.KERNEL32 ref: 0049262C
SysFreeString.OLEAUT32(00000000), ref: 0049264E
SysFreeString.OLEAUT32(?), ref: 0049265F
SetLastError.KERNEL32(004C2F50), ref: 00492694
GetSysColor.USER32(0000000F), ref: 00492698
CreateSolidBrush.GDI32(?), ref: 004926CE
lstrcpyA.KERNEL32(00000000,00000000), ref: 004926E2
lstrcatA.KERNEL32(00000000,POS), ref: 004926F1
GetLastError.KERNEL32 ref: 0049270B
SetLastError.KERNEL32(004C3454,004C2D7C,004C2D7A), ref: 0049279A
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00492827
GetLastError.KERNEL32 ref: 00492845
SysFreeString.OLEAUT32(00000000), ref: 00492867
SysFreeString.OLEAUT32(?), ref: 00492878
SetLastError.KERNEL32(004C2F50), ref: 004928AD
lstrcpyA.KERNEL32(00000000,00000000,00000000,?,00000001), ref: 004928FB
lstrcatA.KERNEL32(00000000,AREA), ref: 0049290A
GetLastError.KERNEL32 ref: 00492924
SetLastError.KERNEL32(004C3454,004C2D7C,00000000), ref: 004929AA
GetPrivateProfileStringA.KERNEL32(00000000,00000000,004C2BD0,00000000,000003E8,00000000), ref: 00492A31
GetLastError.KERNEL32 ref: 00492A4F
SysFreeString.OLEAUT32(00000000), ref: 00492A71
SysFreeString.OLEAUT32(?), ref: 00492A82
SetLastError.KERNEL32(004C2F50), ref: 00492AB7

Strings

RECT, xrefs: 004924A6
lJ, xrefs: 00492320
RECTS, xrefs: 0049240C
POS, xrefs: 004926E8
AREA, xrefs: 00492901
T4L, xrefs: 0049291A
|-L, xrefs: 0049235C
P/L, xrefs: 00492910

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$PrivateProfile$_memsetlstrcatlstrcpy$ByteCharMultiWide$BrushColorCreateSolid__itow
String ID: AREA$P/L$POS$RECT$RECTS$T4L$lJ$|-L
API String ID: 792308993-3612069791
Opcode ID: fa48708b4e3af9e7a9e99997592a41cd4d6c9ae0536503e3d14adad394899abf
Instruction ID: 847f3d342a300f7a84bb54192f6ac905bd70cd248483a1ad69a0eaab08ef64dd
Opcode Fuzzy Hash: fa48708b4e3af9e7a9e99997592a41cd4d6c9ae0536503e3d14adad394899abf
Instruction Fuzzy Hash: C82240B59012299FDF60DF54CD85B9EBBB8BF44308F0041EAEA09A7291DB745E84CF58

Function 004946B0 Relevance: 65.1, APIs: 33, Strings: 4, Instructions: 329memoryCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004946ED

Part of subcall function 00480F50: GetLastError.KERNEL32(98A63EB4,7529E860), ref: 00480F9C
Part of subcall function 00480F50: SetLastError.KERNEL32(004C2F90,00000000,00000000,000000FF), ref: 00480FFC
Part of subcall function 00480F50: GetLastError.KERNEL32(00000000,00000000,000000FF), ref: 0048102A
Part of subcall function 00480F50: SetLastError.KERNEL32(?,?,00000000,000000FF), ref: 00481078

GetLastError.KERNEL32(00000000,00000004,?), ref: 00494794
SysFreeString.OLEAUT32(?), ref: 004947A9
SysFreeString.OLEAUT32(?), ref: 004947BA
SetLastError.KERNEL32(?), ref: 004947E9
GetLastError.KERNEL32 ref: 00494800
SysFreeString.OLEAUT32(?), ref: 00494818
SysFreeString.OLEAUT32(?), ref: 00494829
SetLastError.KERNEL32(?), ref: 00494858
GetLastError.KERNEL32 ref: 00494869
SysFreeString.OLEAUT32(?), ref: 0049487B
SysFreeString.OLEAUT32(?), ref: 00494886
SetLastError.KERNEL32(?), ref: 004948A6
GetLastError.KERNEL32 ref: 004948BD
SysFreeString.OLEAUT32(?), ref: 004948D5
SysFreeString.OLEAUT32(?), ref: 004948E6
SetLastError.KERNEL32(?), ref: 0049491B
GetLastError.KERNEL32 ref: 0049492B
SetLastError.KERNEL32(004AE96C), ref: 00494957
SysStringLen.OLEAUT32(?), ref: 00494980
SysReAllocStringLen.OLEAUT32(7591E034,7591E014,?), ref: 0049499D
_wmemcpy_s.LIBCMT ref: 004949D9
wsprintfW.USER32 ref: 00494A01
GetFileAttributesW.KERNEL32(00000000,?,00000000,000000FF), ref: 00494A37
GetLastError.KERNEL32 ref: 00494A65
SysFreeString.OLEAUT32(?), ref: 00494A77
SysFreeString.OLEAUT32(?), ref: 00494A82
SetLastError.KERNEL32(004AE964), ref: 00494AA2
__CxxThrowException@8.LIBCMT ref: 00494B36
GetLastError.KERNEL32(004AE89C,004C6AB8), ref: 00494B3D
SysFreeString.OLEAUT32(?), ref: 00494B53
SysFreeString.OLEAUT32(?), ref: 00494B5E
SetLastError.KERNEL32(004AE964), ref: 00494B7E

Strings

%hx.rra, xrefs: 004949FA
dJ, xrefs: 0049491D
lJ, xrefs: 00494924
lJ, xrefs: 004946B0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$AllocAttributesCountException@8FileThrowTick_wmemcpy_swsprintf
String ID: %hx.rra$dJ$lJ$lJ
API String ID: 2442431672-3032772394
Opcode ID: 69d7577b068154ca7ccc83d41f32f11949bc8a86746b2759cc3b2edff5e475fa
Instruction ID: 57c3e9b993fe8f9d33eff172e26738e36be1e758f2be950968eea74ca9e0be38
Opcode Fuzzy Hash: 69d7577b068154ca7ccc83d41f32f11949bc8a86746b2759cc3b2edff5e475fa
Instruction Fuzzy Hash: 64E14871900218DFDF10DFA9CC85B9EBBB4BF09314F1081A9E818A72A1D735AE95CF59

Function 00489C10 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 476stringwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00485E90: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485EE4
Part of subcall function 00485E90: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,004AAF61,000000FF,?,00489C65,?,?,00000001), ref: 00485F1D

wsprintfA.USER32 ref: 00489C9A

Part of subcall function 00407F60: _memmove.LIBCMT ref: 00408015

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

GetLastError.KERNEL32 ref: 00489CF2
SetLastError.KERNEL32(?,?,00000000,000000FF), ref: 00489D40
lstrcpyA.KERNEL32(000000D0,?), ref: 00489D89
lstrcpyA.KERNEL32(00000004,?), ref: 00489D90
lstrcpyA.KERNEL32(00000068,?), ref: 00489DA0
MapDialogRect.USER32(?,?), ref: 00489DDE
MulDiv.KERNEL32(?,000186A0,00000006), ref: 00489E09
MulDiv.KERNEL32(?,000186A0,0000000D), ref: 00489E1E
MulDiv.KERNEL32(?,?,00000004), ref: 00489E86
MulDiv.KERNEL32(?,?,00000008), ref: 00489EB2
GetClientRect.USER32(?,?), ref: 00489F45
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00489F56
CreateCompatibleDC.GDI32(00000000), ref: 00489F62
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00489F7B
SelectObject.GDI32(?,00000000), ref: 00489F8E
MulDiv.KERNEL32(?,?,00000004), ref: 00489FBE
MulDiv.KERNEL32(?,?,00000008), ref: 00489FD1
MulDiv.KERNEL32(?,?,00000004), ref: 00489FE4
MulDiv.KERNEL32(?,?,00000008), ref: 00489FF7
FillRect.USER32(?,?,?), ref: 0048A00C
GetDlgItem.USER32(?,?), ref: 0048A12F
DrawIcon.USER32(?,?,?,00000000), ref: 0048A146

Strings

PROP_PSKIN, xrefs: 0048A1BD
-%04x, xrefs: 00489C85
DISPLAY, xrefs: 00489F51

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$CreateRectlstrcpy$CompatibleFreeString$BitmapClientDialogDrawFillIconItemObjectSelect_memmovewsprintf
String ID: -%04x$DISPLAY$PROP_PSKIN
API String ID: 4259255117-337460466
Opcode ID: 699e3fec2dd89d017e5b6cf3d41b093f95551703619165cb3b4e5b9639e52c7b
Instruction ID: 70738925456c83a3d94c2be7d828d2fde00a464bb3ee72cafabbb019b9fd451b
Opcode Fuzzy Hash: 699e3fec2dd89d017e5b6cf3d41b093f95551703619165cb3b4e5b9639e52c7b
Instruction Fuzzy Hash: 1722BF31A00614EFEB21DF64C848FAEBBF1BF09304F08859AE559AB3A1D775AC54CB45

Function 004896F0 Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 395stringwindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0048971F
GetClassNameW.USER32(?,?,00000064), ref: 0048972E
lstrcmpiW.KERNEL32(Button,?), ref: 00489743
GetWindowLongW.USER32(?,000000F0), ref: 00489750
SetWindowLongW.USER32(?,000000F0,?), ref: 004897E6
GetWindowLongW.USER32(?,000000F4), ref: 004897EF
GetWindowRect.USER32(?,?), ref: 0048991B
MulDiv.KERNEL32(?,000186A0,000186A0), ref: 00489962
MulDiv.KERNEL32(?,?,000186A0), ref: 0048997F
MulDiv.KERNEL32(?,000186A0,?), ref: 004899A9
MulDiv.KERNEL32(?,000186A0,?), ref: 004899E8
ScreenToClient.USER32(?,?), ref: 00489A14
MulDiv.KERNEL32(?,?,00000004), ref: 00489A36
MulDiv.KERNEL32(?,?,00000008), ref: 00489A50
MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00489A6F
lstrcmpiW.KERNEL32(Static,?), ref: 00489A83
GetWindowLongW.USER32(?,000000F0), ref: 00489A96
GetWindowLongW.USER32(?,000000F0), ref: 00489AA7
GetWindowRect.USER32(?,?), ref: 00489AB9
MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00489ACA
SendMessageW.USER32(?,00000171,00000000,00000000), ref: 00489AE6
GetWindowLongW.USER32(?,000000F4), ref: 00489B09
ShowWindow.USER32(?,00000000), ref: 00489B3E
GetWindowTextW.USER32(?,?,0000000A), ref: 00489B81
SetWindowLongW.USER32(?,000000FC,0048B5D0), ref: 00489B96
SetPropW.USER32(?,PROP_STAT_PSKIN,?), ref: 00489BB3
SetPropW.USER32(?,PROP_STAT_OLDPROC,00000000), ref: 00489BBC

Strings

PROP_STAT_PSKIN, xrefs: 00489BAD
Static, xrefs: 00489A7E
Button, xrefs: 0048973E
PROP_STAT_OLDPROC, xrefs: 00489BB6
msctls_progress32, xrefs: 00489BC4
@, xrefs: 00489B87

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$Long$PropRectlstrcmpi$ClassClientMessageMoveNamePointsScreenSendShowText_memset
String ID: @$Button$PROP_STAT_OLDPROC$PROP_STAT_PSKIN$Static$msctls_progress32
API String ID: 2481118448-847272177
Opcode ID: 4ed7df9cd92373620730382fc3c96828335f7747dfe276474ca3cd7cf5f7590a
Instruction ID: 41f908669bd52f81dd4fa49fd0d274b072d1bd80de334967a700d6d04aa9b213
Opcode Fuzzy Hash: 4ed7df9cd92373620730382fc3c96828335f7747dfe276474ca3cd7cf5f7590a
Instruction Fuzzy Hash: B8F12974A00605EFCB14DF69C884FAABBF5BB08304F14899AE96AD7391DB35EC41CB54

Function 0040C4F0 Relevance: 56.5, APIs: 20, Strings: 12, Instructions: 473windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040C4FA
GetWindowLongW.USER32(?,000000EB), ref: 0040C55E
SetDlgItemTextW.USER32(?,000003F3,-00000004), ref: 0040C5C7
GetWindowRect.USER32(?,?), ref: 0040C5E8
MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040C619
LoadIconW.USER32(00000000,00007F01), ref: 0040C787
GetDlgItem.USER32(?,000003F9), ref: 0040C79A
SendMessageW.USER32(00000000), ref: 0040C7A1
SetWindowTextW.USER32(?,-00000004), ref: 0040C7D5
SetDlgItemTextW.USER32(?,000003F8,-00000004), ref: 0040C864
SetDlgItemTextW.USER32(?,000003F7,00000004), ref: 0040C91C

Strings

open, xrefs: 0040C6C3
@/L, xrefs: 0040C89F
@/L, xrefs: 0040CA7A
%ld : 0x%x, xrefs: 0040C815
%s%ld : 0x%x%s%s, xrefs: 0040CB2F
@/L, xrefs: 0040C6D4
<<, xrefs: 0040C599, 0040C5A1, 0040CA1D, 0040CA25
@/L, xrefs: 0040C743
@/L, xrefs: 0040C7F9
@/L, xrefs: 0040C647
|-L, xrefs: 0040C703
>>, xrefs: 0040C594, 0040CA18

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ItemTextWindow$H_prolog3_IconLoadLongMessageMoveRectSend
String ID: <<$ >>$%ld : 0x%x$%s%ld : 0x%x%s%s$@/L$@/L$@/L$@/L$@/L$@/L$open$|-L
API String ID: 4073716165-137234772
Opcode ID: cbf33ad165af3ab7047c361cec52352d60fbbe3d0b412b787d289faf2e15a951
Instruction ID: 6b9efaaaacef784ff1fdca34bf3a7d303e4e581d6e4752c68b6b157190edf8f9
Opcode Fuzzy Hash: cbf33ad165af3ab7047c361cec52352d60fbbe3d0b412b787d289faf2e15a951
Instruction Fuzzy Hash: 25125B71900218EFDB15DBA4CC95FAE77B8BF09304F0401AEE509A72A1DB78AA44CF59

Function 004100B5 Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 289windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004100BF
EndDialog.USER32(?), ref: 0041012F
GetDlgItem.USER32(?,00000001), ref: 00410147
EnableWindow.USER32(00000000), ref: 0041014A
GetDlgItem.USER32(?,0000012D), ref: 00410158
ShowWindow.USER32(00000000), ref: 0041015B
GetDlgItem.USER32(?,000003EB), ref: 004101BD
GetDlgItem.USER32(?,000003E9), ref: 004101C6
SetWindowTextW.USER32(?,-00000004), ref: 00410263
SendDlgItemMessageW.USER32(?,00000009,00000030,00000000,00000000), ref: 0041029B
SendDlgItemMessageW.USER32(?,00000001,00000030,00000000,00000000), ref: 004102C7
SendDlgItemMessageW.USER32(?,000003EB,00000030,00000000), ref: 004102D9
SendDlgItemMessageW.USER32(?,000003E9,00000030,00000000), ref: 004102EB
SendDlgItemMessageW.USER32(?,000003ED,00000030,00000000), ref: 004102FD
SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000), ref: 0041030F
SendDlgItemMessageW.USER32(?,0000040A,00000030,00000000), ref: 00410321
SendDlgItemMessageW.USER32(?,000003EE,00000030,00000000), ref: 00410333
SendDlgItemMessageW.USER32(?,0000040B,00000030,00000000), ref: 00410345
GetDlgItem.USER32(?,0000012D), ref: 00410355
ShowWindow.USER32(00000000), ref: 00410358
GetDlgItem.USER32(?,000003EE), ref: 00410403
SetWindowTextW.USER32(00000000), ref: 00410406
DeleteObject.GDI32(000000D4), ref: 0041048C

Strings

T4L, xrefs: 00410371
PrereqDialog, xrefs: 004101F3
P/L, xrefs: 0041036E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$MessageSend$Window$ShowText$DeleteDialogEnableH_prolog3_Object
String ID: P/L$PrereqDialog$T4L
API String ID: 128106140-452211144
Opcode ID: 7660520ec895de8dcc91c66f694f1584091d7a9feecac8de77f27f00f02b1e60
Instruction ID: ecff8cb4ece4c13748142295969d04c6f5643743f071b9191e4dc25ec3dc4e6d
Opcode Fuzzy Hash: 7660520ec895de8dcc91c66f694f1584091d7a9feecac8de77f27f00f02b1e60
Instruction Fuzzy Hash: F5B19171501254AFEB21EB91DC89FAE77A8EB55704F0040ABF205BB1D1CBB89D85CB6C

Function 0040971C Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 287threadinjectionprocessCOMMON

Download Yara Rule

APIs

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,00000104), ref: 004097A8

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00441E34: __EH_prolog3_GS.LIBCMT ref: 00441E3E

GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00409884
SetCurrentDirectoryW.KERNEL32(?), ref: 004098B7
_memset.LIBCMT ref: 004098DD
_memset.LIBCMT ref: 004098F6
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000044,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0040991C
_memset.LIBCMT ref: 0040993F
_wcsncpy.LIBCMT ref: 004099B2

Part of subcall function 00441E34: GetLastError.KERNEL32 ref: 00441ED3
Part of subcall function 00441E34: GetLastError.KERNEL32 ref: 00441F92
Part of subcall function 00441E34: __CxxThrowException@8.LIBCMT ref: 00442002

_wcsncpy.LIBCMT ref: 004099DD
GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004099FD
GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A00
DuplicateHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A03
TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A24
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A30
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A38
MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00409A53
_memmove.LIBCMT ref: 00409AA1
GetThreadContext.KERNEL32 ref: 00409AC0
VirtualProtectEx.KERNEL32(?,?,00000C35,00000040,?), ref: 00409B02
WriteProcessMemory.KERNEL32(?,?,?,00000C35,00000000), ref: 00409B1D
FlushInstructionCache.KERNEL32(?,?,00000C35), ref: 00409B2F
SetThreadContext.KERNEL32(?,00010003), ref: 00409B42
ResumeThread.KERNEL32(?), ref: 00409B4E
CloseHandle.KERNEL32(?), ref: 00409B5A
CloseHandle.KERNEL32(?), ref: 00409B62

Strings

@/L, xrefs: 00409768
explorer.exe, xrefs: 004098C0
@/L, xrefs: 0040981C
@/L, xrefs: 0040984D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$HandleProcess$Close$CurrentH_prolog3_Thread_memset$ContextDirectoryFileString_wcsncpy$AllocCacheCreateDuplicateException@8FlushH_prolog3InstructionMemoryModuleMoveNameProtectResumeSystemTerminateThrowVirtualWrite_memmove
String ID: @/L$@/L$@/L$explorer.exe
API String ID: 3542506763-3744986830
Opcode ID: 2e89cc81ac628f05e1b25ae007ebb62a4afcba40ef15aef06bb319ac2cd72fb6
Instruction ID: f51911a9ddecf8f95a698078a3ab9431c8a2878545a22eec0a50bb54fcfc93b8
Opcode Fuzzy Hash: 2e89cc81ac628f05e1b25ae007ebb62a4afcba40ef15aef06bb319ac2cd72fb6
Instruction Fuzzy Hash: ABC13C71900228AFEB25DB65CC49FDABBB8EF05344F0041EAF909A71A1DB745E84CF95

Function 00405AE0 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 250COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00405B4B
SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 00405BB4
GetLastError.KERNEL32 ref: 00405BD4
SetLastError.KERNEL32(T4L), ref: 00405C11
GetLastError.KERNEL32(?,000000FF,00000001), ref: 00405C8C
SysFreeString.OLEAUT32(?), ref: 00405CA6
SysFreeString.OLEAUT32(?), ref: 00405CB9
SetLastError.KERNEL32(?), ref: 00405CF2
GetLastError.KERNEL32(00000000,00000000,000000FF,?,?,000000FF,?,000000FF,00000001), ref: 00405D52
SysFreeString.OLEAUT32(?), ref: 00405D6C
SysFreeString.OLEAUT32(?), ref: 00405D7F
SetLastError.KERNEL32(?), ref: 00405DB8
GetLastError.KERNEL32(?,000000FF,00000001), ref: 00405DCB
SetLastError.KERNEL32(?,?,00000000,000000FF), ref: 00405E22
GetLastError.KERNEL32 ref: 00405E37
SysFreeString.OLEAUT32(?), ref: 00405E4B
SysFreeString.OLEAUT32(?), ref: 00405E58
SetLastError.KERNEL32(?), ref: 00405E7C
GetLastError.KERNEL32 ref: 00405E8F
SysFreeString.OLEAUT32(?), ref: 00405EA3
SysFreeString.OLEAUT32(?), ref: 00405EB0
SetLastError.KERNEL32(?), ref: 00405ED4

Strings

T4L, xrefs: 00405AE0
P/L, xrefs: 00405BC1
T4L, xrefs: 00405BB0
T4L, xrefs: 00405DC4
T4L, xrefs: 00405BF0
T4L, xrefs: 00405B8B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: P/L$T4L$T4L$T4L$T4L$T4L
API String ID: 2425351278-1114961416
Opcode ID: bae9bababab1643fc427e99a430b4058c6078c8af4335f0efac4ce899c9eef20
Instruction ID: f040519dc64b790a380e079862b9e4b9806259381dd47372e147210011703477
Opcode Fuzzy Hash: bae9bababab1643fc427e99a430b4058c6078c8af4335f0efac4ce899c9eef20
Instruction Fuzzy Hash: 15B12A715083809FD720DF29C844B5BBBE4FF89318F114A2EE498972A1DB79D859CF4A

Function 00438907 Relevance: 47.7, APIs: 22, Strings: 5, Instructions: 450windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00438911

Part of subcall function 00438520: __EH_prolog3_GS.LIBCMT ref: 0043852A
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000031,00000000,00000000), ref: 00438576
Part of subcall function 00438520: GetObjectW.GDI32(00000000,0000005C,?), ref: 00438586
Part of subcall function 00438520: lstrcpyW.KERNEL32(?,?), ref: 004385B2
Part of subcall function 00438520: CreateFontIndirectW.GDI32(?), ref: 004385BF
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000030,?,00000001), ref: 004385F5
Part of subcall function 00438520: SetDlgItemTextW.USER32(?,0000000C,-00000004), ref: 0043862A
Part of subcall function 00438520: GetDlgItem.USER32(?,0000000C), ref: 0043863D
Part of subcall function 00438520: EnableWindow.USER32(00000000,?), ref: 0043864F

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

SetDlgItemTextW.USER32(?,00000001,-00000004), ref: 00438954
SetDlgItemTextW.USER32(?,00000009,-00000004), ref: 0043898C
SetDlgItemTextW.USER32(?,00000034,-00000004), ref: 004389C4
SetDlgItemTextW.USER32(?,00000033,-00000004), ref: 004389FC
SetDlgItemTextW.USER32(?,000003FA,-00000004), ref: 00438A42
SetDlgItemTextW.USER32(?,000003F2,-00000004), ref: 00438AA7
SetDlgItemTextW.USER32(?,000003F3,-00000004), ref: 00438AE2
GetDlgItem.USER32(?,000003F3), ref: 00438AFA
GetDlgItem.USER32(?,000003F2), ref: 00438B0C
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00438B2D
GetDlgItem.USER32(?,000003ED), ref: 00438B45
EnableWindow.USER32(00000000), ref: 00438B48
SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00438B5E
GetDlgItem.USER32(?,000003ED), ref: 00438B68
SendMessageW.USER32(00000000,00001036,00000000,00000020), ref: 00438B7E
_memset.LIBCMT ref: 00438D52
SendMessageW.USER32(00000000,0000104D,00000000,?), ref: 00438D8D
SendMessageW.USER32(00000000,00001074,00000000,?), ref: 00438DC7
SendMessageW.USER32(00000000,0000102B,?,?), ref: 00438DFB
SendMessageW.USER32(00000000,0000101E,00000000,0000FFFF), ref: 00438E63
SendMessageW.USER32(00000000,0000101E,00000001,0000FFFF), ref: 00438E72

Strings

InstallLocation, xrefs: 00438CE4
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 00438BC2
DisplayName, xrefs: 00438C48
@/L, xrefs: 00438E8B
@/L, xrefs: 00438BD1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$MessageSend$Text$H_prolog3_$EnableWindow$CreateFontIndirectObject_memsetlstrcpy
String ID: @/L$@/L$DisplayName$InstallLocation$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
API String ID: 4221600495-3072867973
Opcode ID: ba554d67defc6c5b510dc2c7bad898bcac5c629a97a6fd672a827a772d7fcf8f
Instruction ID: f4065dad9136cee450ccfd26a1c38904ffa9fa8b9581f805fbc6e3bc669e9b24
Opcode Fuzzy Hash: ba554d67defc6c5b510dc2c7bad898bcac5c629a97a6fd672a827a772d7fcf8f
Instruction Fuzzy Hash: E2024E70A00204DFEB14EB64CD56FA9B7B4EF04704F0441AEF50AAB2A2DBB4EA44CF55

Function 0042E2AA Relevance: 44.0, APIs: 9, Strings: 16, Instructions: 240windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042E2B4
SendMessageW.USER32(?,0000000C,00000000,ISPREREQDIR), ref: 0042E368
SendMessageW.USER32(?,0000000C,00000000,?), ref: 0042E389
SendMessageW.USER32(?,00000111,00000008,00000000), ref: 0042E39A
SendMessageW.USER32(?,0000000C,00000000,?), ref: 0042E3B8
SendMessageW.USER32(?,00000111,00000007,00000000), ref: 0042E3C9
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0042E3D7
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0042E406

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Strings

T4L, xrefs: 0042E60F
P/L, xrefs: 0042E41D
P/L, xrefs: 0042E31A
ISPREREQDIR, xrefs: 0042E35E
T4L, xrefs: 0042E4A4
T4L, xrefs: 0042E5CC
P/L, xrefs: 0042E4FF
[SETUPEXEDIR], xrefs: 0042E562
[ProductLanguage], xrefs: 0042E435
T4L, xrefs: 0042E306
[SETUPEXENAME], xrefs: 0042E504
T4L, xrefs: 0042E33A
P/L, xrefs: 0042E316, 0042E325, 0042E43A, 0042E46B, 0042E486, 0042E509, 0042E533, 0042E54E, 0042E567, 0042E592, 0042E5AD, 0042E5C6, 0042E5DF, 0042E5EF, 0042E319, 0042E46E, 0042E536, 0042E595, 0042E5E2
[ISPREREQDIR], xrefs: 0042E5C1
P/L, xrefs: 0042E430
P/L, xrefs: 0042E3E4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: MessageSend$ErrorLast$H_prolog3_
String ID: ISPREREQDIR$P/L$P/L$P/L$P/L$P/L$P/L$T4L$T4L$T4L$T4L$T4L$[ISPREREQDIR]$[ProductLanguage]$[SETUPEXEDIR]$[SETUPEXENAME]
API String ID: 860943175-2351489034
Opcode ID: f829a352067c94b8d2136d2da42c29586a9d3a204320ed353cdc83418de33877
Instruction ID: 79434aba791d9d0bd5f5de81912bae10fd3ddc51b5e82914d9b94aa6d9080963
Opcode Fuzzy Hash: f829a352067c94b8d2136d2da42c29586a9d3a204320ed353cdc83418de33877
Instruction Fuzzy Hash: 8AA15E75900218EEDB15DB91CD41BDEBBB8AF18304F0440AEF50977182DBB86A48DF69

Function 0042D52A Relevance: 42.3, APIs: 11, Strings: 13, Instructions: 291windowsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0042B1C8: __EH_prolog3.LIBCMT ref: 0042B1CF
Part of subcall function 0042B1C8: GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,00000105,00000014,0042D5E6,00000008,?,00000001), ref: 0042B21F
Part of subcall function 0042B1C8: SetCurrentDirectoryW.KERNEL32(@/L), ref: 0042B23D

_memset.LIBCMT ref: 0042D5FB

Part of subcall function 0042C627: __EH_prolog3_GS.LIBCMT ref: 0042C62E
Part of subcall function 0042C627: SetWindowTextW.USER32(00000000,?), ref: 0042C705

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

ShellExecuteExW.SHELL32(?), ref: 0042D883
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000004FF), ref: 0042D8E5
PeekMessageW.USER32(?,00000000,00000113,00000113,00000001), ref: 0042D900
PeekMessageW.USER32(?,00000000,00000000,00000000,04270001), ref: 0042D916
TranslateMessage.USER32(?), ref: 0042D924
DispatchMessageW.USER32(?), ref: 0042D92E
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 0042D93B
GetExitCodeProcess.KERNEL32(00000000,?), ref: 0042D954
CloseHandle.KERNEL32(00000000), ref: 0042D960
GetLastError.KERNEL32 ref: 0042D9A8

Strings

T4L, xrefs: 0042D7C0
Creating new process for prerequisite, launching command line %s [%s] %s, xrefs: 0042D84D
<, xrefs: 0042D609
Prerequisite process exited with return code %d, xrefs: 0042D972
?, xrefs: 0042D7FB
Launching: , xrefs: 0042D6ED
..\..\Shared\Setup\SetupPreRequisite.cpp, xrefs: 0042D852
LJ, xrefs: 0042D77E
P/LP/L, xrefs: 0042D70E, 0042D711
P/L, xrefs: 0042D784, 0042D78E, 0042D79D, 0042D7B6, 0042D7CE, 0042D7DD, 0042D80E, 0042D870, 0042D791, 0042D7D1
No process created by successful prerequisite launch, xrefs: 0042D8A0
P/L, xrefs: 0042D6D2, 0042D6D8
Could not launch prerequisite, last error: %d, ShellExecute: %d, xrefs: 0042D9B5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$Message$CurrentDirectoryFreePeekStringWait$CloseCodeDispatchExecuteExitH_prolog3H_prolog3_HandleMultipleObjectObjectsProcessShellSingleTextTranslateWindow_memset
String ID: ..\..\Shared\Setup\SetupPreRequisite.cpp$<$Could not launch prerequisite, last error: %d, ShellExecute: %d$Creating new process for prerequisite, launching command line %s [%s] %s$Launching: $LJ$No process created by successful prerequisite launch$P/L$P/L$P/LP/L$Prerequisite process exited with return code %d$T4L$?
API String ID: 2605968414-436948734
Opcode ID: e71a3f2d2a089c766f84c1fd2eb14a0511c08aa2de0e75c7102c2c15218af3f4
Instruction ID: c9bc824b41885e786c5c4dc4d682975b70ef9eaa1a67df954e4f72b307bcb23a
Opcode Fuzzy Hash: e71a3f2d2a089c766f84c1fd2eb14a0511c08aa2de0e75c7102c2c15218af3f4
Instruction Fuzzy Hash: C6C17F71A00168EEDB10DBA2DD45FDEB7BCAF15304F5040AFA50AB2181DB786B49CF69

Function 004891D0 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 156windowstringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0048920D
GetWindowRect.USER32(?,?), ref: 0048921D
MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00489230
GetWindowTextW.USER32(?,?,000000A0), ref: 00489251
SetWindowTextW.USER32(?,004C2D7C), ref: 0048926C
GetWindowLongW.USER32(?,000000F0), ref: 0048927B
GetWindowLongW.USER32(?,000000EC), ref: 00489287
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0048928F
CreateWindowExW.USER32(00000000,STATIC,00000000,00000000,0000000A,?,0000000A,?,?,000000FF,00000000), ref: 004892D7
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004892FB
SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00489309
SetWindowLongW.USER32(00000000,000000FC,0048B5D0), ref: 00489313
SetPropW.USER32(00000000,PROP_STAT_PSKIN,?), ref: 0048932D
SetPropW.USER32(00000000,PROP_STAT_OLDPROC,00000000), ref: 00489336
GetDC.USER32(00000000), ref: 00489339
SelectObject.GDI32(00000000,?), ref: 0048935C
lstrlenW.KERNEL32(00000000,?), ref: 00489370
GetTextExtentPoint32W.GDI32(00000000,00000000,00000000), ref: 0048937F
ReleaseDC.USER32(00000000,00000000), ref: 00489387
SetWindowPos.USER32(00000000,?,0000000A,?,00000000,00000000,00000002), ref: 004893B0

Strings

PROP_STAT_PSKIN, xrefs: 00489325
PROP_STAT_OLDPROC, xrefs: 00489330
STATIC, xrefs: 004892D1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$LongText$MessagePropSend$CreateExtentHandleModuleObjectPoint32PointsRectReleaseSelect_memsetlstrlen
String ID: PROP_STAT_OLDPROC$PROP_STAT_PSKIN$STATIC
API String ID: 2762062944-2065393330
Opcode ID: bf93ef031eaad974e9cead7c19c87a383d5c3986f2365f2943bb7513e27f3eef
Instruction ID: 554e64f90a53f570123fbcd2b9e0d893343d00fca2cdb48856f930deabf8fc29
Opcode Fuzzy Hash: bf93ef031eaad974e9cead7c19c87a383d5c3986f2365f2943bb7513e27f3eef
Instruction Fuzzy Hash: 77518F71901228BFDB209BA5DC48F9A7B7DEB0A310F0001A5F619A7191DB745E80CF69

Function 00404640 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 199COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 004046A7
SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 0040470A
GetLastError.KERNEL32(00000000,00000000,000000FF,?,00000000,?,?), ref: 00404792
SysFreeString.OLEAUT32(?), ref: 004047AC
SysFreeString.OLEAUT32(?), ref: 004047BC
SetLastError.KERNEL32(?), ref: 004047E6
GetLastError.KERNEL32 ref: 00404801
SysFreeString.OLEAUT32(?), ref: 00404815
SysFreeString.OLEAUT32(?), ref: 00404822
SetLastError.KERNEL32(?), ref: 00404846

Part of subcall function 00404580: GetLastError.KERNEL32(98A63EB4,?,?,?,00000000,004ACAC8,000000FF,T4L,004050D6,00000000,00000001,000000FF), ref: 004045BE
Part of subcall function 00404580: SetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 0040461A

GetLastError.KERNEL32(?,?,000000FF,?,00000001,00000000), ref: 00404885
SysFreeString.OLEAUT32(?), ref: 00404899
SysFreeString.OLEAUT32(?), ref: 004048A6
SetLastError.KERNEL32(?), ref: 004048CA
GetLastError.KERNEL32 ref: 004048DD
SysFreeString.OLEAUT32(?), ref: 004048F1
SysFreeString.OLEAUT32(?), ref: 004048FE
SetLastError.KERNEL32(?), ref: 00404922

Strings

T4L, xrefs: 004046E7
T4L, xrefs: 00404640
P/L, xrefs: 00404697
T4L, xrefs: 00404706

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: P/L$T4L$T4L$T4L
API String ID: 2425351278-1200131689
Opcode ID: e21d52ea6584db1b08c492c2dc4f3a2eef207e403f46286ccb6dab0482927bdd
Instruction ID: cde076b80f0a8efed71b4ffcd14bd0697ccf1f34df26b5c4eb0a563b8905cb2f
Opcode Fuzzy Hash: e21d52ea6584db1b08c492c2dc4f3a2eef207e403f46286ccb6dab0482927bdd
Instruction Fuzzy Hash: CF9125711083809FD720DF29C845B5BBBE5BF89318F104A2DF599972A1D776E818CF46

Function 00404C00 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 246COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00404C5F
SetLastError.KERNEL32(T4L), ref: 00404C97
GetLastError.KERNEL32(00000000,00000000,000000FF,00000007,00000000,00000000,T4L,00000002,00000001), ref: 00404D70
SysFreeString.OLEAUT32(?), ref: 00404D88
SysFreeString.OLEAUT32(?), ref: 00404D95
SetLastError.KERNEL32(?), ref: 00404DBF
GetLastError.KERNEL32(?), ref: 00404E54
SysFreeString.OLEAUT32(?), ref: 00404E6C
SysFreeString.OLEAUT32(?), ref: 00404E79
SetLastError.KERNEL32(?), ref: 00404E9D
GetLastError.KERNEL32 ref: 00404EB0
SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00404F03
GetLastError.KERNEL32 ref: 00404F12
SysFreeString.OLEAUT32(?), ref: 00404F2A
SysFreeString.OLEAUT32(?), ref: 00404F37
SetLastError.KERNEL32(?), ref: 00404F5B

Strings

\, xrefs: 00404D16
P/L, xrefs: 00404C4F
T4L, xrefs: 00404CF0, 00404D0E, 00404CF4, 00404D12
T4L, xrefs: 00404C7C
T4L, xrefs: 00404EA9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: P/L$T4L$T4L$T4L$\
API String ID: 2425351278-1825822663
Opcode ID: 4659591ec9c173596597a223606b4cff03fb49f5437a1000925287c0d0ce57ef
Instruction ID: aa9b36dd0ea5038fb1f37e920e4466eefaced8f4359d97b31f3457d675e79404
Opcode Fuzzy Hash: 4659591ec9c173596597a223606b4cff03fb49f5437a1000925287c0d0ce57ef
Instruction Fuzzy Hash: FEA15BB1108340DFD710DF24C985B5BBBE4BF88318F10492EF999972A1D779E948CB9A

Function 00401CA0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 214COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4), ref: 00401D5B
SetLastError.KERNEL32(T4L), ref: 00401D91
GetLastError.KERNEL32(?,00000104), ref: 00401E08
SetLastError.KERNEL32(004C3454), ref: 00401E38
GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,00000104), ref: 00401E6A

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

Strings

SOFTWARE\InstallShield\22.0\Professional, xrefs: 00401D2F
VerboseLogPath, xrefs: 00401DD7
P/L, xrefs: 00401DFA
T4L, xrefs: 00401E01
P/L, xrefs: 00401D4D
InstallShield.log, xrefs: 00401ED5
T4L, xrefs: 00401D79

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FileModuleName
String ID: InstallShield.log$P/L$P/L$SOFTWARE\InstallShield\22.0\Professional$T4L$T4L$VerboseLogPath
API String ID: 1026760046-777573538
Opcode ID: 1d6d3eb3d8f6c7f78560d07c1a3589e2c246a6b27d59768c343c7773800a5df6
Instruction ID: a826d0a235e98ca63236490f962bccbb2077009cf1f65bafaa1f07d6c467c3ca
Opcode Fuzzy Hash: 1d6d3eb3d8f6c7f78560d07c1a3589e2c246a6b27d59768c343c7773800a5df6
Instruction Fuzzy Hash: B8914671900258DFDB10DFA4CC45BDDBBB4BF08308F1041AAE905B72A2DBB86A48CF59

Function 004121A7 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 208windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004121B1
GetVersionExW.KERNEL32 ref: 004121DF

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

SendMessageW.USER32(00000000,00000111,-00000003,00000000), ref: 00412370

Part of subcall function 0041075B: __EH_prolog3_GS.LIBCMT ref: 00410762

Strings

J, xrefs: 00412398, 004123B3
StartStopProgress - Embedded Looping, xrefs: 00412314
T4L, xrefs: 004122FF
StartStopProgress - Embedded, xrefs: 00412262
P/L, xrefs: 00412221
T4L, xrefs: 00412326
..\..\Shared\Setup\IsPreReqDlg.cpp, xrefs: 0041223E, 004122F4
StartStopProgress - Fallback - %d of %d, xrefs: 004123AE
P/L, xrefs: 004122EF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeH_prolog3_LastString$MessageSendVersion
String ID: ..\..\Shared\Setup\IsPreReqDlg.cpp$P/L$P/L$StartStopProgress - Embedded$StartStopProgress - Embedded Looping$StartStopProgress - Fallback - %d of %d$T4L$T4L$J
API String ID: 769765983-1904212388
Opcode ID: ec59afcb61641f62f463e10475dff29df5807bc78ad57a7ce08a595ed43e0f88
Instruction ID: fbceac630cb4103d327e9a4c239ca0b8bf1133a04f97d0e8b8a959c252da8487
Opcode Fuzzy Hash: ec59afcb61641f62f463e10475dff29df5807bc78ad57a7ce08a595ed43e0f88
Instruction Fuzzy Hash: 3F81E270900214AFDB25DB61CD46FEEBBB8AB05314F14806FF516E62D1CBB85A89CB1D

Function 00488F10 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 188stringwindowCOMMON

Download Yara Rule

APIs

GetPropW.USER32(?,PROP_PSKIN), ref: 00488F37
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00488F62
CopyRect.USER32(?,?), ref: 00488F75
GetWindowDC.USER32(?), ref: 00488F87
SaveDC.GDI32(00000000), ref: 00488F91
SelectObject.GDI32(?,00000000), ref: 00488FA1
SetBkMode.GDI32(?,00000001), ref: 00488FAC
_memset.LIBCMT ref: 00488FC8
GetWindowTextW.USER32(?,?,00000400), ref: 00488FDF
SetTextColor.GDI32(?,?), ref: 0048908F
lstrlenW.KERNEL32(?,?,00000025,?,?,?), ref: 004890A5
DrawTextW.USER32(?,?,00000000,?,?), ref: 004890B2

Strings

PROP_PSKIN, xrefs: 00488F2B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Text$Window$ColorCopyDrawMessageModeObjectPropRectSaveSelectSend_memsetlstrlen
String ID: PROP_PSKIN
API String ID: 4252396310-87134567
Opcode ID: 7b86111057095eec148e7ec5289d20ac218a723cb6ab76f13d62882ec73e630e
Instruction ID: cb2e39630f42b20d055d4f040fc1d11ba7b46237cdc587037aa14d23a8e36253
Opcode Fuzzy Hash: 7b86111057095eec148e7ec5289d20ac218a723cb6ab76f13d62882ec73e630e
Instruction Fuzzy Hash: 3D719F71900618EFCB109FA5DC49BAABBF8FF09304F0485A9E94593190DB35AD95CFD4

Function 00408999 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 175sleepprocessstringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004089E6
lstrcpyW.KERNEL32(?,?), ref: 004089F6
CoCreateGuid.OLE32(?), ref: 00408A0B
wsprintfW.USER32 ref: 00408A63
_memset.LIBCMT ref: 00408A7C
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00408AAA
WaitForInputIdle.USER32(?,00004E20), ref: 00408AC9
CloseHandle.KERNEL32(?), ref: 00408ADB
CloseHandle.KERNEL32(?), ref: 00408AE3
CreateItemMoniker.OLE32(004AE788,?,00000000), ref: 00408B1E
Sleep.KERNEL32(0000012C), ref: 00408B2F
GetRunningObjectTable.OLE32(00000000,00000000), ref: 00408B43
Sleep.KERNEL32(0000012C), ref: 00408B73
SysFreeString.OLEAUT32(?), ref: 00408BD6
SysFreeString.OLEAUT32(?), ref: 00408BDE

Strings

%s %s:%s, xrefs: 00408A5D
D, xrefs: 00408AA0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Create$CloseFreeHandleSleepString_memset$GuidIdleInputItemMonikerObjectProcessRunningTableWaitlstrcpywsprintf
String ID: %s %s:%s$D
API String ID: 1856294533-3221625341
Opcode ID: caa98a643aa1c9f07a7de46df3d2a173a0f0c0a318de980771262210bcc06cb9
Instruction ID: 6d2a3535a564949f3a27c88a7dc45fa473a966758db7ff26171fb717b92680c0
Opcode Fuzzy Hash: caa98a643aa1c9f07a7de46df3d2a173a0f0c0a318de980771262210bcc06cb9
Instruction Fuzzy Hash: 9F615E72900129ABCF20DB61CD44B9A77F9BF48315F0480EAE989A7251DF35AE85CFD4

Function 00430765 Relevance: 28.1, APIs: 1, Strings: 15, Instructions: 82COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043076C

Part of subcall function 0042F17A: RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,00000001), ref: 0042F1FA

Part of subcall function 0042F0B4: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,00000001,?,?,00000001,004AFFB4,00000008,?,00000001), ref: 0042F0ED

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Strings

PendingFileRenameOperations, xrefs: 004307A2, 00430819
RunOnce, xrefs: 004307F5
[WindowsFolder]Wininit.ini, xrefs: 004307BC
FileRenameOperations, xrefs: 0043082B
T4L, xrefs: 0043080E
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00430773
SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00430792
T4L, xrefs: 004307DD
RunOnceEx, xrefs: 00430807
P/L, xrefs: 0043083F, 00430847
Reboot required - %s key added, xrefs: 00430842
rename, xrefs: 004307B7
Wininit.ini rename, xrefs: 0043083A
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 004307A7
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, xrefs: 00430783

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLastValue$EnumH_prolog3_Query
String ID: FileRenameOperations$P/L$PendingFileRenameOperations$Reboot required - %s key added$RunOnce$RunOnceEx$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx$SYSTEM\CurrentControlSet\Control\Session Manager$SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations$T4L$T4L$Wininit.ini rename$[WindowsFolder]Wininit.ini$rename
API String ID: 3169893437-3071006280
Opcode ID: 00ac6a287fb0775836a4a836d2bf89853549e207758ae03f023f9276af7890cf
Instruction ID: ed5429d839554e5b15bb60490259541da5dbb0ef2b890cefcf450b3e0e9fcbec
Opcode Fuzzy Hash: 00ac6a287fb0775836a4a836d2bf89853549e207758ae03f023f9276af7890cf
Instruction Fuzzy Hash: EC21A970B40205EACB18FAA5C992BEDB3B8BF54704F54152BE505B7183C7FC5C0686AD

Function 0041D8B2 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 370COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041D8BC

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 004160F7: __EH_prolog3.LIBCMT ref: 004160FE

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 0041AE03: __EH_prolog3_GS.LIBCMT ref: 0041AE0D
Part of subcall function 0041AE03: SysStringLen.OLEAUT32(?), ref: 0041AF0D
Part of subcall function 0041AE03: SysFreeString.OLEAUT32(?), ref: 0041AF18

Part of subcall function 0041AE03: SysFreeString.OLEAUT32(?), ref: 0041AF53

Strings

no_engine, xrefs: 0041DB5E
|-L, xrefs: 0041DAC1
installfromweb:, xrefs: 0041DC60
auto, xrefs: 0041DB42
@/L, xrefs: 0041D930
IS_temp, xrefs: 0041DB12
|-L, xrefs: 0041DA1F
extract_all:, xrefs: 0041DA7B
@/L, xrefs: 0041DCAA
runfromtemp, xrefs: 0041DAF5
media_path:, xrefs: 0041DBA3
IS_OriginalLauncher:, xrefs: 0041DD21
delayedstart:, xrefs: 0041D95E
tempdisk1folder:, xrefs: 0041D9D8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$ErrorFreeLast$H_prolog3_$AllocH_prolog3
String ID: @/L$@/L$IS_OriginalLauncher:$IS_temp$auto$delayedstart:$extract_all:$installfromweb:$media_path:$no_engine$runfromtemp$tempdisk1folder:$|-L$|-L
API String ID: 126701897-1698992500
Opcode ID: 7a79681f5a3fc07a61b9147f45927bdf99ee0e05e85368a0ee279a2e9edf547a
Instruction ID: 4d0e82a3e1fc830d835c838a24e5cf109e40e4a2356c89bde4cad9fd60ae6b00
Opcode Fuzzy Hash: 7a79681f5a3fc07a61b9147f45927bdf99ee0e05e85368a0ee279a2e9edf547a
Instruction Fuzzy Hash: C3E1B170A04258AECB25EB61CC51BDEBB74AF11308F0441EEF146371D2DBB95E89CB69

Function 0041D22E Relevance: 26.6, APIs: 5, Strings: 10, Instructions: 369stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041D238
_memmove.LIBCMT ref: 0041D31E
lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001), ref: 0041D358
__setjmp3.LIBCMT ref: 0041D379

Part of subcall function 0040E057: __EH_prolog3_GS.LIBCMT ref: 0040E061

Part of subcall function 0041A199: __EH_prolog3_GS.LIBCMT ref: 0041A1A0

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

_memmove.LIBCMT ref: 0041D751

Strings

setup.cpp, xrefs: 0041D32F
Success, xrefs: 0041D609
Result=%sError=0x%08lxHeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s, xrefs: 0041D6D2
Failure, xrefs: 0041D6CD
OpenCABEnd, xrefs: 0041D627, 0041D6EB
Result=%sHeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s, xrefs: 0041D60E
ISSetupDLLOp, xrefs: 0041D2EA, 0041D645, 0041D709
@/L, xrefs: 0041D3DC
HeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s, xrefs: 0041D2B3
OpenCABBegin, xrefs: 0041D2CC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$H_prolog3_$ErrorFreeLast_memmove$Alloc__setjmp3_longjmplstrcpy
String ID: @/L$Failure$HeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s$ISSetupDLLOp$OpenCABBegin$OpenCABEnd$Result=%sError=0x%08lxHeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s$Result=%sHeaderPathFile=%sUser=%sPassword=%sProxyUser=%sProxyPassword=%s$Success$setup.cpp
API String ID: 4289572177-3023734520
Opcode ID: 2c0b02372d2e7b4a0f49aad5c5bbce9b0dfe81279bee21d0e97e0301e172cf40
Instruction ID: 033641801d150d44d134599509e2117a10eddff37f33a6f588b1976842b4bc5d
Opcode Fuzzy Hash: 2c0b02372d2e7b4a0f49aad5c5bbce9b0dfe81279bee21d0e97e0301e172cf40
Instruction Fuzzy Hash: D1F15070901218DFDB14EF65C999BDAB7B9EF45304F0000EEE509AB292DB78AB84CF55

Function 004109A6 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 246synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Part of subcall function 00411934: __EH_prolog3_GS.LIBCMT ref: 0041193E

GetModuleFileNameW.KERNEL32(00000000,?,00000400,000000FF), ref: 00410A1A

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040E23E: __EH_prolog3_GS.LIBCMT ref: 0040E245

Part of subcall function 0040E1C1: __EH_prolog3_GS.LIBCMT ref: 0040E1C8

_memset.LIBCMT ref: 00410BA6
ShellExecuteExW.SHELL32(?), ref: 00410C27
WaitForInputIdle.USER32(?,00002710), ref: 00410C3C
ShowWindow.USER32(00000000,00000000), ref: 00410C4E

Part of subcall function 00411846: __EH_prolog3_GS.LIBCMT ref: 00411850
Part of subcall function 00411846: IsWindow.USER32(?), ref: 0041186C
Part of subcall function 00411846: SendMessageW.USER32(?,00001074,?,?), ref: 00411911
Part of subcall function 00411846: SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 0041191C

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00410C5C
GetExitCodeProcess.KERNEL32(?,?), ref: 00410C6F
CloseHandle.KERNEL32(?), ref: 00410C7B

Strings

@/L, xrefs: 00410A38
/runprerequisites", xrefs: 00410A6A
Prerequisites need elevation; launching elevated with arguments: %s, xrefs: 00410B7A
/debuglog", xrefs: 00410B04
J, xrefs: 00410B80
P/L, xrefs: 004115AB
T4L, xrefs: 004109E6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$MessageSendWaitWindow$CloseCodeExecuteExitFileHandleIdleInputModuleNameObjectProcessShellShowSingle_memset
String ID: /debuglog"$ /runprerequisites"$@/L$P/L$Prerequisites need elevation; launching elevated with arguments: %s$T4L$J
API String ID: 2857916795-3942929204
Opcode ID: 7722a622becdbd17bd668536b255e5f1746b33eb76e55b6c629e475fcf2192e1
Instruction ID: bfd18bfaadf6a67000669331278259af1ee67e682f1695489e365acfe78be12f
Opcode Fuzzy Hash: 7722a622becdbd17bd668536b255e5f1746b33eb76e55b6c629e475fcf2192e1
Instruction Fuzzy Hash: 94B17E71901259EFDB20EB65CC45BCAB7B8BF04304F0081EAE549B7192DB74AB84CF98

Function 00499CB0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 203filememoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00499CDA
ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 00499D18
ReadFile.KERNEL32(00000000,?,0000000C,00000004,00000000), ref: 00499D5B
ReadFile.KERNEL32(00000000,?,00000004,0000000C,00000000), ref: 00499D85
GlobalAlloc.KERNEL32(00000042,00000408), ref: 00499DA4
GlobalLock.KERNEL32(00000000), ref: 00499DB1
ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000), ref: 00499DC6
ReadFile.KERNEL32(00000000,00000004,?,00000004,00000000), ref: 00499DF8

Strings

RIFF, xrefs: 00499D3C

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$Read$Global$AllocCreateLock
String ID: RIFF
API String ID: 3955436798-110600796
Opcode ID: 35ef50a9a3d2bb9f6a957f20a0b1166f03cdfddc88815c73f1f07a234f9a26a1
Instruction ID: 1d04d0dfda4a2410dd206582d648e19fd6c8b20c30a9597cdfe0bf6b6187c96f
Opcode Fuzzy Hash: 35ef50a9a3d2bb9f6a957f20a0b1166f03cdfddc88815c73f1f07a234f9a26a1
Instruction Fuzzy Hash: FE61887160011CABEF24DB65DC46FEA77ACDB19714F0041BAEA09D61C0DBB49E84CFA5

Function 00408BF3 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 108stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 00408C25
_memset.LIBCMT ref: 00408C4F
lstrcpyW.KERNEL32(?,?), ref: 00408C5F
_wcschr.LIBCMT ref: 00408C6E
GetModuleFileNameW.KERNEL32(?,?,00000208), ref: 00408C86
_wcsrchr.LIBCMT ref: 00408C95
wsprintfW.USER32 ref: 00408CB3
GetModuleHandleW.KERNEL32(?), ref: 00408CC3
CoLoadLibrary.OLE32(00000000,00000001), ref: 00408CE5
SysFreeString.OLEAUT32(?), ref: 00408CF3

Strings

%s\%s, xrefs: 00408CAD
..\..\..\inc\CoCreate.cpp, xrefs: 00408D0A
x4K, xrefs: 00408D02
DllGetClassObject, xrefs: 00408D21

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Module$FileFreeHandleLibraryLoadNameString_memset_wcschr_wcsrchrlstrcpylstrlenwsprintf
String ID: %s\%s$..\..\..\inc\CoCreate.cpp$DllGetClassObject$x4K
API String ID: 836880797-3589990351
Opcode ID: 62448f792ccd6f6464d93e8e352c8bc92f98070b702b0d51859baf54152be34a
Instruction ID: 816578f38f4b4d2644b821f4f19a0e6ae83ca2fdd092241f6fd384f9e14ada88
Opcode Fuzzy Hash: 62448f792ccd6f6464d93e8e352c8bc92f98070b702b0d51859baf54152be34a
Instruction Fuzzy Hash: C131C675901318ABDF20EBA1DC49EDA77BCEF19300F0045AAF915E3181EB789E448F69

Function 0044542C Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00445433

Part of subcall function 00445309: GetVersionExW.KERNEL32(?,?,00000000), ref: 0044533B

Strings

Windows 2000, xrefs: 004454A6
Windows NT 4.0, xrefs: 004454AD
Windows 7 / Server 2008 R2, xrefs: 0044550D
Windows 98, xrefs: 004454BB
@/L, xrefs: 0044546D
Windows XP, xrefs: 004454C9
Windows Me, xrefs: 004454B4
Windows Vista / Server 2008, xrefs: 00445514
Windows Server 2003, xrefs: 0044551B
Windows 8 / Server 2012, xrefs: 00445506
Windows 8.1 / Server 2012 R2, xrefs: 004454FF
@/L, xrefs: 00445450, 00445453
@/L, xrefs: 00445535
Windows 95, xrefs: 004454C2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_Version
String ID: @/L$@/L$@/L$Windows 2000$Windows 7 / Server 2008 R2$Windows 8 / Server 2012$Windows 8.1 / Server 2012 R2$Windows 95$Windows 98$Windows Me$Windows NT 4.0$Windows Server 2003$Windows Vista / Server 2008$Windows XP
API String ID: 3152847492-3735908412
Opcode ID: 728f093121cf3072fa887d1affe32f44f956eff660b418373e5830da57ea95ef
Instruction ID: 89d619f7e0f2fec5d0ca7ad439ae17567f4ff9548112a3e4181b66542faee5d8
Opcode Fuzzy Hash: 728f093121cf3072fa887d1affe32f44f956eff660b418373e5830da57ea95ef
Instruction Fuzzy Hash: C021F672900B14F7FF14AA589845BFEB2259B04300F65412BF801772DAE6BC2E459B9F

Function 0043190D Relevance: 25.9, APIs: 17, Instructions: 401windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00431917
SendMessageW.USER32(?,0000000C,00000000,?), ref: 004319B6
SendMessageW.USER32(?,00000111,00000011,00000000), ref: 00431AD8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: MessageSend$H_prolog3_
String ID:
API String ID: 3491702567-0
Opcode ID: 3cbdbb80509f3dd07162f011f52de1cc26bba07a418bf6a61fbf048c2ab3a28c
Instruction ID: f29ec4940026f901c8c63d912fe719e0b599786281a900669bd12044710333b6
Opcode Fuzzy Hash: 3cbdbb80509f3dd07162f011f52de1cc26bba07a418bf6a61fbf048c2ab3a28c
Instruction Fuzzy Hash: 01E1F370A41219BFDB24EB51CC89BAABBB4FF0D301F14505BE506966A0D739AD80CF99

Function 00411FC6 Relevance: 25.7, APIs: 17, Instructions: 154COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00411FF4
GetDlgItem.USER32(000003EC,?), ref: 00412020
GetWindowRect.USER32(00000000), ref: 00412029
GetDlgItem.USER32(0000012D), ref: 00412036
GetWindowRect.USER32(00000000,?), ref: 00412042
ScreenToClient.USER32(?), ref: 00412081
SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000004), ref: 00412094
GetDlgItem.USER32(000003EB), ref: 004120A5
GetWindowRect.USER32(00000000,?), ref: 004120B2
GetWindowRect.USER32(?,?), ref: 004120CB
ScreenToClient.USER32(?), ref: 00412102
SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000004), ref: 00412115
GetDlgItem.USER32(0000040B), ref: 00412126
GetWindowRect.USER32(00000000,?), ref: 0041213A
GetWindowRect.USER32(00000000,?), ref: 00412141
ScreenToClient.USER32(?), ref: 0041217D
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00412192

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$Rect$Item$ClientScreen
String ID:
API String ID: 1521148189-0
Opcode ID: 03d8f41e63986f824cd9499d5980d3e3cc7b4f54c68830348ee8837366ffa1bd
Instruction ID: 3c1246fc33e8bfaa141091deeb84a48d6a8805fb812ee7279d1519111118527a
Opcode Fuzzy Hash: 03d8f41e63986f824cd9499d5980d3e3cc7b4f54c68830348ee8837366ffa1bd
Instruction Fuzzy Hash: 0C51D772D00218AFCF14DFE5DD48AAEBFB9FB49304F04416AFA11B7250DA75A905CB58

Function 0042D048 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 342registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042D052

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,00000004), ref: 0042D2B4

Strings

T4L, xrefs: 0042D095
P/L, xrefs: 0042D08E
|-L, xrefs: 0042D3B7, 0042D3BA, 0042D3CB
HKEY_PERFORMANCE_DATA, xrefs: 0042D1A9
HKEY_CURRENT_USER, xrefs: 0042D161
, xrefs: 0042D4DD
HKEY_LOCAL_MACHINE, xrefs: 0042D179
HKEY_CLASSES_ROOT, xrefs: 0042D146
HKEY_USERS, xrefs: 0042D191
HKEY_DYN_DATA, xrefs: 0042D1D9
, xrefs: 0042D40D
HKEY_CURRENT_CONFIG, xrefs: 0042D1C1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_QueryValue
String ID: $ $HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_DYN_DATA$HKEY_LOCAL_MACHINE$HKEY_PERFORMANCE_DATA$HKEY_USERS$P/L$T4L$|-L
API String ID: 2669483599-3843504692
Opcode ID: f06eae71abe48cfbbd86e421a7393177120c22bba0bcb7f614c21f1382e8ce41
Instruction ID: 760d87769cb27e9a3106f8434ad31bc11ce91334da186b466ba4f57283696265
Opcode Fuzzy Hash: f06eae71abe48cfbbd86e421a7393177120c22bba0bcb7f614c21f1382e8ce41
Instruction Fuzzy Hash: 3FD1A331E00229EEDF24EF54DC41BEEB374AF15304F54419AE80967251DB38AE85CF5A

Function 004993A0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 249COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 004993CC
MulDiv.KERNEL32(?,?,000186A0), ref: 004993F2
MulDiv.KERNEL32(?,?,000186A0), ref: 00499408
MulDiv.KERNEL32(?,?,000186A0), ref: 004995A4
MulDiv.KERNEL32(?,?,000186A0), ref: 004995B4
GdipCreateFromHDC.GDIPLUS(dtI,00000000,?,?,?,?,495D8068,?,495D8068,?,?,?,?,00497464,?), ref: 00499628
GdipSetInterpolationMode.GDIPLUS(00000000,00000007,dtI,00000000,?,?,?,?,495D8068,?,495D8068,?,?,?,?,00497464), ref: 00499636
GdipDrawImageRectI.GDIPLUS(?,00000000,?,004968FC,?,?,00000000,00000007,dtI,00000000,?,?,?,?,495D8068,?), ref: 00499653
GdipDeleteGraphics.GDIPLUS(?,?,00000000,?,004968FC,?,?,00000000,00000007,dtI,00000000,?,?,?,?,495D8068), ref: 00499659

Strings

dtI, xrefs: 0049961E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Gdip$Rect$ClientCreateDeleteDrawFromGraphicsImageInterpolationMode
String ID: dtI
API String ID: 2842912273-4107075368
Opcode ID: a1d50315728ef9d2e6159dfe1f894fbe1ebda8f4c066f3690cc7e651875e586c
Instruction ID: 735df29da3d41b5e84f5607b61dba7307d7bd735b7e6884b43e8b034cdb8b0ab
Opcode Fuzzy Hash: a1d50315728ef9d2e6159dfe1f894fbe1ebda8f4c066f3690cc7e651875e586c
Instruction Fuzzy Hash: D2A12572900219DFCF15CFA9C984AEEBFF5AF48300F19416AE904B7255D778AD41CBA8

Function 0040C163 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 245COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040C16D

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B30D: __EH_prolog3_GS.LIBCMT ref: 0040B317
Part of subcall function 0040B30D: GetTempPathW.KERNEL32(00000104,?,000003C4,0040C1ED,004C2FA0,00000000,setup.log,?,00000000), ref: 0040B333
Part of subcall function 0040B30D: __CxxThrowException@8.LIBCMT ref: 0040B354
Part of subcall function 0040B30D: _memset.LIBCMT ref: 0040B366
Part of subcall function 0040B30D: GetVersionExW.KERNEL32(?), ref: 0040B37F
Part of subcall function 0040B30D: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 0040B400

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0040C1BA
ResultCode, xrefs: 0040C405
@/L, xrefs: 0040C4BD
setup.log, xrefs: 0040C1C4
ExtendedError, xrefs: 0040C490
Version, xrefs: 0040C3B6
@/L, xrefs: 0040C201
InstallShield Silent, xrefs: 0040C366, 0040C36B, 0040C3D6
ResponseResult, xrefs: 0040C41D
Log File, xrefs: 0040C32C
v7.00, xrefs: 0040C398
ErrorInfo, xrefs: 0040C474
File, xrefs: 0040C34A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeH_prolog3String$CreateException@8FilePathTempThrowVersion_memset
String ID: @/L$@/L$@/L$ErrorInfo$ExtendedError$File$InstallShield Silent$Log File$ResponseResult$ResultCode$Version$setup.log$v7.00
API String ID: 2783467436-2482715196
Opcode ID: c51d2eeb24c7beff72e35115a8a0cced74da065aa422779f053bcff9a83ebb26
Instruction ID: c68d3ea23bdf467265571757f091d5588a3b108f499c8db3734d4648a1fd0980
Opcode Fuzzy Hash: c51d2eeb24c7beff72e35115a8a0cced74da065aa422779f053bcff9a83ebb26
Instruction Fuzzy Hash: 4AA1D770A41218EEEB15EBA5C856FDDBB78AF15304F1000DEE409671C2DBB95F48CBA6

Function 004903C0 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 243COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,98A63EB4,?,?,?), ref: 0049042D
SetLastError.KERNEL32(004C2FA8,?,?,?), ref: 00490459
GetLastError.KERNEL32(?,?,?), ref: 00490470
SetLastError.KERNEL32(004C2FA8,?,?,?), ref: 004904A8

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Strings

@/L, xrefs: 00490640
|-L, xrefs: 0049059E
x/L, xrefs: 00490688, 0049068E
@/L, xrefs: 004905C1
-%04x, xrefs: 0049066D
ALL, xrefs: 00490568
x/L, xrefs: 00490722

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: -%04x$@/L$@/L$ALL$x/L$x/L$|-L
API String ID: 2425351278-1512846612
Opcode ID: 78b4928d7478143692704d0aa30728f32b45240465ebc3f1f510221e1aca66df
Instruction ID: ebecb8ea2020591ad02cc0cc64adcfa2df6b7ac4c083aef3c2a62466a0d9f0de
Opcode Fuzzy Hash: 78b4928d7478143692704d0aa30728f32b45240465ebc3f1f510221e1aca66df
Instruction Fuzzy Hash: F6B16B71900218DFDF14DFA5CD45BDEBBB8AF14304F1041AEE519A7291EBB86A48CF64

Function 0041DDEE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041DDF5
_wcsstr.LIBCMT ref: 0041DE84
CharNextW.USER32(?,?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DE95
CharNextW.USER32(00000000,?,?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DE9A
CharNextW.USER32(00000000,?,?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DE9F
CharNextW.USER32(00000000,?,?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DEA4
CharNextW.USER32(00000000,}},?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DF4C
CharNextW.USER32(?,00000000), ref: 0041DFDA
CharNextW.USER32(?,00000000,00000001,?,00000060,00420044,?,00000000), ref: 0041DFEE
CoTaskMemFree.OLE32(?,00000060,00420044,?,00000000), ref: 0041E02C

Strings

}}, xrefs: 0041DF28
HKCU{Software{Classes, xrefs: 0041DEA6
HKCR, xrefs: 0041DE7D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CharNext$FreeH_prolog3_Task_wcsstr
String ID: }}$HKCR$HKCU{Software{Classes
API String ID: 2086807494-1142484189
Opcode ID: 8f30e03445809a091b1cffeecd05f48cd9bfb1e696a547fa3020534b9aea9403
Instruction ID: df0c8aa4c098a463b193e25667902a6e3b71f4746cd688b4e961f85f3641d515
Opcode Fuzzy Hash: 8f30e03445809a091b1cffeecd05f48cd9bfb1e696a547fa3020534b9aea9403
Instruction Fuzzy Hash: 3A7185B4D043469EDF159FE5C885AEEBBB4AF19304F14002FE806AB285EB7D9D85C718

Function 004623EA Relevance: 24.1, APIs: 16, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00462401

Part of subcall function 00469F4C: __calloc_impl.LIBCMT ref: 00469F5B
Part of subcall function 00469F4C: Sleep.KERNEL32(00000000,?,00464DC4,00000001,000003BC), ref: 00469F72

__calloc_crt.LIBCMT ref: 00462425
_free.LIBCMT ref: 00462433
__calloc_crt.LIBCMT ref: 00462441
_free.LIBCMT ref: 00462451
_free.LIBCMT ref: 00462457
__copytlocinfo_nolock.LIBCMT ref: 00462466
__wsetlocale_nolock.LIBCMT ref: 00462473
___removelocaleref.LIBCMT ref: 00462481
___freetlocinfo.LIBCMT ref: 00462488
_free.LIBCMT ref: 0046248E
__setmbcp_nolock.LIBCMT ref: 004624A0
_free.LIBCMT ref: 004624AE
___removelocaleref.LIBCMT ref: 004624B5
___freetlocinfo.LIBCMT ref: 004624BC
_free.LIBCMT ref: 004624C2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
String ID:
API String ID: 2661855409-0
Opcode ID: e6060315223cd679f0e935f0c800c775c802199c932b956f3eed8f01737f9e20
Instruction ID: a9ca251b26a119557e22d5c9d6a3ceed4c557929d5e648630d0751dc90489963
Opcode Fuzzy Hash: e6060315223cd679f0e935f0c800c775c802199c932b956f3eed8f01737f9e20
Instruction Fuzzy Hash: 4F217B31504A10BAEB313F66CD02A5B77E5DF40759B10802FF84851162FFBE8811865F

Function 00438666 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043866D

Part of subcall function 00438520: __EH_prolog3_GS.LIBCMT ref: 0043852A
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000031,00000000,00000000), ref: 00438576
Part of subcall function 00438520: GetObjectW.GDI32(00000000,0000005C,?), ref: 00438586
Part of subcall function 00438520: lstrcpyW.KERNEL32(?,?), ref: 004385B2
Part of subcall function 00438520: CreateFontIndirectW.GDI32(?), ref: 004385BF
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000030,?,00000001), ref: 004385F5
Part of subcall function 00438520: SetDlgItemTextW.USER32(?,0000000C,-00000004), ref: 0043862A
Part of subcall function 00438520: GetDlgItem.USER32(?,0000000C), ref: 0043863D
Part of subcall function 00438520: EnableWindow.USER32(00000000,?), ref: 0043864F

SetDlgItemTextW.USER32(?,000003F0,-00000004), ref: 004386ED
SetDlgItemTextW.USER32(000000FF,00000001,-00000004), ref: 00438731
SetDlgItemTextW.USER32(000000FF,00000009,-00000004), ref: 00438769
SetDlgItemTextW.USER32(000000FF,00000034,-00000004), ref: 004387A1
SetDlgItemTextW.USER32(000000FF,00000033,-00000004), ref: 004387D9

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

GetDlgItem.USER32(000000FF,00000009), ref: 004387F0
EnableWindow.USER32(00000000), ref: 004387F9
GetDlgItem.USER32(000000FF,00000002), ref: 00438802
EnableWindow.USER32(00000000), ref: 00438805

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

SetDlgItemTextW.USER32(000000FF,00000135,-00000004), ref: 00438853
SetDlgItemTextW.USER32(000000FF,00000133,-00000004), ref: 0043888F

Strings

@/L, xrefs: 004388AD

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$Text$EnableH_prolog3_Window$ErrorFreeLastMessageSendString$CreateFontIndirectObjectlstrcpy
String ID: @/L
API String ID: 3400525829-3803013380
Opcode ID: b7b14df3b2de138146940a317480fccefa2ac0e264950bc70ef78e86d65b426c
Instruction ID: 99848dd83c6374fb36809338b4f8e8e67f97a4339c1bcd2e2d1d5bc9e53d76c4
Opcode Fuzzy Hash: b7b14df3b2de138146940a317480fccefa2ac0e264950bc70ef78e86d65b426c
Instruction Fuzzy Hash: 4A912871A00214DFDB04EFA4CD95E59BBB5EF48314B1481AEE906AF2A2DB74E904CF94

Function 0049A519 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 206stringCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0049A551
lstrcmpA.KERNEL32(?,GIF87a,?,?,?,7529E860,?,98A63EB4,?,?,00000000), ref: 0049A568
lstrcmpA.KERNEL32(?,GIF89a), ref: 0049A580
_memmove.LIBCMT ref: 0049A5A6
_memmove.LIBCMT ref: 0049A5C4
_memmove.LIBCMT ref: 0049A5E3
_memmove.LIBCMT ref: 0049A600
_memmove.LIBCMT ref: 0049A61D
_memset.LIBCMT ref: 0049A672
_memmove.LIBCMT ref: 0049A699
_memmove.LIBCMT ref: 0049A6DF

Part of subcall function 0049AC7E: __EH_prolog3.LIBCMT ref: 0049AC85

Strings

GIF89a, xrefs: 0049A577
GIF87a, xrefs: 0049A562

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove$lstrcmp$H_prolog3_memset
String ID: GIF87a$GIF89a
API String ID: 3198123400-2918331024
Opcode ID: 9a78bc09d3a6dfc7bd0308a729b8ce7a21b9173d5990ee77875f7a3950f4731e
Instruction ID: 91db72cd28c73f0ef1eeb2121f56b187381224a7741448445ea30fbe006bc91b
Opcode Fuzzy Hash: 9a78bc09d3a6dfc7bd0308a729b8ce7a21b9173d5990ee77875f7a3950f4731e
Instruction Fuzzy Hash: 25610A71A00205EFDF149FA0D882B66BBF5EF15305F2444BFE885DA142E738C965CB9A

Function 0041A66B Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041A675

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 004160F7: __EH_prolog3.LIBCMT ref: 004160FE

Part of subcall function 0041AE03: __EH_prolog3_GS.LIBCMT ref: 0041AE0D
Part of subcall function 0041AE03: SysStringLen.OLEAUT32(?), ref: 0041AF0D
Part of subcall function 0041AE03: SysFreeString.OLEAUT32(?), ref: 0041AF18

Part of subcall function 0041AE03: SysFreeString.OLEAUT32(?), ref: 0041AF53

Strings

@/L, xrefs: 0041A748
no_selfdeleter, xrefs: 0041A6E9
runfromtemp, xrefs: 0041A712
media_path:, xrefs: 0041A726
@/L, xrefs: 0041A95D
IS_OriginalLauncher:, xrefs: 0041A817
@/L, xrefs: 0041A76C
IS_temp, xrefs: 0041A6C6
tempdisk1folder:, xrefs: 0041A6FD
@/L, xrefs: 0041A793
@/L, xrefs: 0041A69C
package:, xrefs: 0041A7C7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$ErrorFreeH_prolog3_Last$AllocH_prolog3
String ID: @/L$@/L$@/L$@/L$@/L$IS_OriginalLauncher:$IS_temp$media_path:$no_selfdeleter$package:$runfromtemp$tempdisk1folder:
API String ID: 2065516073-3687985525
Opcode ID: 78f2e525f96e608a283c1d164e9a4b2e8f8bcb0b19b0b814d20b3c48a2a64903
Instruction ID: 7eca238bf4f1094fc050d3c58cae8f84a087c1bbe7817835243e007e7fe61ec6
Opcode Fuzzy Hash: 78f2e525f96e608a283c1d164e9a4b2e8f8bcb0b19b0b814d20b3c48a2a64903
Instruction Fuzzy Hash: 8E815970900218AADB25EB51CD96FDEB778AF95308F0440DEF10977192DBB85B88CF69

Function 00499B60 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,0049656D,PNG,?,?,?,?,meI,0049679F,?,meI,00000000,?,?,?,?), ref: 00499B88
FindResourceW.KERNEL32(?,0049656D,00000002,?,0049656D,?,00000000), ref: 00499B99

Strings

meI, xrefs: 00499B60
PNG, xrefs: 00499B81

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: FindResource
String ID: PNG$meI
API String ID: 1635176832-435019584
Opcode ID: 96306c1938d657758a853b8badf2b6628b84b2b29c2069ca4d2c957a01d72c48
Instruction ID: 751e23a65b219406f39188abc307689922d9d28db804e09094a1ae607ac35154
Opcode Fuzzy Hash: 96306c1938d657758a853b8badf2b6628b84b2b29c2069ca4d2c957a01d72c48
Instruction Fuzzy Hash: BD31C572601219ABDB005F6AAC44AAF7FACFF15316F00057AFC14D2250E779DD2087A9

Function 0041C715 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 294stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041C71F
_memmove.LIBCMT ref: 0041C74A

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,0000028C), ref: 0041C77F
__setjmp3.LIBCMT ref: 0041C7A0

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

Part of subcall function 004188B7: __EH_prolog3_GS.LIBCMT ref: 004188C1
Part of subcall function 004188B7: _memmove.LIBCMT ref: 004188F2
Part of subcall function 004188B7: lstrcpyW.KERNEL32(?,-00000004,setup.cpp), ref: 00418927
Part of subcall function 004188B7: __setjmp3.LIBCMT ref: 00418948

Part of subcall function 00419F3C: __EH_prolog3_GS.LIBCMT ref: 00419F46
Part of subcall function 00419F3C: _memset.LIBCMT ref: 00419F95
Part of subcall function 00419F3C: _memmove.LIBCMT ref: 00419FAD
Part of subcall function 00419F3C: lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001), ref: 00419FE2
Part of subcall function 00419F3C: __setjmp3.LIBCMT ref: 0041A003
Part of subcall function 00419F3C: _wcschr.LIBCMT ref: 0041A01E
Part of subcall function 00419F3C: VariantClear.OLEAUT32(?), ref: 0041A081
Part of subcall function 00419F3C: _memmove.LIBCMT ref: 0041A15F

Part of subcall function 0041FA74: __EH_prolog3_GS.LIBCMT ref: 0041FA7E

GetDlgItem.USER32(?,00000009), ref: 0041C9BE
EnableWindow.USER32(00000000), ref: 0041C9C7
GetDlgItem.USER32(?,00000002), ref: 0041C9D3
EnableWindow.USER32(00000000), ref: 0041C9D6
_memmove.LIBCMT ref: 0041CA6B

Strings

<Support>, xrefs: 0041C89B
setup.cpp, xrefs: 0041C75B
<Support>\Engine\Log, xrefs: 0041C902

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove$ErrorH_prolog3_Last$__setjmp3lstrcpy$EnableFreeItemStringWindow$ClearVariant_longjmp_memset_wcschr
String ID: <Support>$<Support>\Engine\Log$setup.cpp
API String ID: 723219012-2693976720
Opcode ID: 974d0f14b5b2ba866243e95e352fa81eeb5e0d0110e1ff6b9f88b5e664b33e63
Instruction ID: 01d2c1aa1e48944ee1a50b52351e8f206b17040fda434f4d6f10e28c08ad58c2
Opcode Fuzzy Hash: 974d0f14b5b2ba866243e95e352fa81eeb5e0d0110e1ff6b9f88b5e664b33e63
Instruction Fuzzy Hash: EEA1A170640204AFDB14EBB5CC99FAA7768AF48304F1081ADB50ADF2C2DF78D945CBA4

Function 00450F31 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 229stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00450F3B
MoveFileExW.KERNEL32(?,?,00000005), ref: 00450F6F
GetLastError.KERNEL32 ref: 00450F7D

Part of subcall function 00450E4E: __EH_prolog3_GS.LIBCMT ref: 00450E55

Part of subcall function 00450D51: __EH_prolog3_GS.LIBCMT ref: 00450D58

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00451E0F: __EH_prolog3_GS.LIBCMT ref: 00451E16
Part of subcall function 00451E0F: GetShortPathNameW.KERNEL32(?,00000000,00000104), ref: 00451E73
Part of subcall function 00451E0F: __CxxThrowException@8.LIBCMT ref: 00451EA2

Part of subcall function 0043CD31: __EH_prolog3_GS.LIBCMT ref: 0043CD38

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

GetPrivateProfileSectionW.KERNEL32(rename,00000000,00001FFF,WININIT.INI), ref: 00451180
GetPrivateProfileSectionW.KERNEL32(rename,00000000,?,00000000), ref: 004511D7
lstrcpyW.KERNEL32(00001FFF,?), ref: 0045120A
lstrlenW.KERNEL32(00001FFF), ref: 00451211
WritePrivateProfileSectionW.KERNEL32(rename,00000000,WININIT.INI), ref: 0045122F
GetLastError.KERNEL32 ref: 0045124A

Strings

NUL, xrefs: 00450F92
WININIT.INI, xrefs: 004510DF, 0045116D, 004511C4, 0045121D
rename, xrefs: 00451174, 004511D2, 00451225

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$PrivateProfileSection$FreeString$Exception@8FileH_prolog3H_prolog3_catch_MoveNamePathShortThrowWritelstrcpylstrlen
String ID: NUL$WININIT.INI$rename
API String ID: 3909151621-58278441
Opcode ID: bcbcf30e14effe8b9a6ca9d2176630f10a68fbf5ea9d3c718e81344bd2c79a49
Instruction ID: 8363b48016af33153c358b9385617e216f70485c1f9bce546ef3a4aba1493cfb
Opcode Fuzzy Hash: bcbcf30e14effe8b9a6ca9d2176630f10a68fbf5ea9d3c718e81344bd2c79a49
Instruction Fuzzy Hash: F291C631900118EECB11EBA5CC55BDE7778AF15305F1040AFF906A3192EB786B48CF69

Function 00438288 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 219windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043828F

Part of subcall function 00438520: __EH_prolog3_GS.LIBCMT ref: 0043852A
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000031,00000000,00000000), ref: 00438576
Part of subcall function 00438520: GetObjectW.GDI32(00000000,0000005C,?), ref: 00438586
Part of subcall function 00438520: lstrcpyW.KERNEL32(?,?), ref: 004385B2
Part of subcall function 00438520: CreateFontIndirectW.GDI32(?), ref: 004385BF
Part of subcall function 00438520: SendDlgItemMessageW.USER32(?,00000034,00000030,?,00000001), ref: 004385F5
Part of subcall function 00438520: SetDlgItemTextW.USER32(?,0000000C,-00000004), ref: 0043862A
Part of subcall function 00438520: GetDlgItem.USER32(?,0000000C), ref: 0043863D
Part of subcall function 00438520: EnableWindow.USER32(00000000,?), ref: 0043864F

GetDlgItem.USER32(?,00000130), ref: 004382A3

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0043832A
SendMessageW.USER32(00000000,0000019A,00000000,?), ref: 0043833C
SendMessageW.USER32(00000000,0000018F,000000FF,?), ref: 004383AE
SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 004383C0
SetDlgItemTextW.USER32(00000000,00000001,-00000004), ref: 004383F9
SetDlgItemTextW.USER32(00000000,00000009,-00000004), ref: 00438431
SetDlgItemTextW.USER32(00000000,00000034,-00000004), ref: 00438469
SetDlgItemTextW.USER32(00000000,00000033,-00000004), ref: 004384A1

Strings

@/L, xrefs: 004384BF
@/L, xrefs: 004382BB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$MessageSend$Text$ErrorH_prolog3_Last$CreateEnableFontIndirectObjectWindowlstrcpy
String ID: @/L$@/L
API String ID: 1643976860-2149722323
Opcode ID: fd743ebeaceb948908356b01ddb1164d18b8e931b08b3b7ee77adbc5462df1e6
Instruction ID: bd88454f7a6d59e6672a981e1f5a4da371b6e447b4fcc15e68d28bb08d8c6674
Opcode Fuzzy Hash: fd743ebeaceb948908356b01ddb1164d18b8e931b08b3b7ee77adbc5462df1e6
Instruction Fuzzy Hash: 70913C71900104EFDB04EF64C995EA9B7B8FF08318F14816EF916AB2A2DB74E914CF54

Function 00414634 Relevance: 21.2, APIs: 14, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041463E
SetDlgItemTextW.USER32(?,00000002,-00000004), ref: 00414687
SetDlgItemTextW.USER32(?,000003F0,-00000004), ref: 004146E2
SetWindowTextW.USER32(?,-00000004), ref: 00414729
GetDesktopWindow.USER32 ref: 00414747
GetClientRect.USER32(00000000), ref: 0041474E
GetWindowRect.USER32(?,?), ref: 00414759
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,00000088), ref: 0041478D
GetDlgItem.USER32(?,00000009), ref: 00414798
EnableWindow.USER32(00000000), ref: 004147A5
GetDlgItem.USER32(?,00000002), ref: 004147AE
EnableWindow.USER32(00000000), ref: 004147B5
GetDlgItem.USER32(?,00000002), ref: 004147EC
IsWindowEnabled.USER32(00000000), ref: 004147F3

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$Item$Text$EnableH_prolog3_Rect$ClientDesktopEnabledMove
String ID:
API String ID: 3274798458-0
Opcode ID: 6b6eaa5e9d2bcf7e3eb6567ff08be4d225d798d8ea05d6adec4517f8e64a5b00
Instruction ID: b7755b4ba74daaa41efc44d42eaf60814dde8330b4d32263410293f3089a8e82
Opcode Fuzzy Hash: 6b6eaa5e9d2bcf7e3eb6567ff08be4d225d798d8ea05d6adec4517f8e64a5b00
Instruction Fuzzy Hash: 6051A371A10218AFDB14EFB5DC49EAE7BB8FF49304F00052AF506A7291DB38E944CB64

Function 00440A93 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 133libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00440A9D
GetModuleHandleW.KERNEL32(Shell32.dll,SHBrowseForFolderW), ref: 00440AC9
GetProcAddress.KERNEL32(00000000), ref: 00440AD2
GetModuleHandleW.KERNEL32(Shell32.dll,SHGetPathFromIDListW), ref: 00440AE1
GetProcAddress.KERNEL32(00000000), ref: 00440AE4
GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,00000104), ref: 00440B27

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

_memset.LIBCMT ref: 00440B47

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Strings

SHGetPathFromIDListW, xrefs: 00440AD4
SHBrowseForFolderW, xrefs: 00440AB8
@/L, xrefs: 00440BD8
Shell32.dll, xrefs: 00440ABD, 00440AD9
@/L, xrefs: 00440C35

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressErrorH_prolog3_HandleLastModuleProcString$AllocCurrentDirectory_memset
String ID: @/L$@/L$SHBrowseForFolderW$SHGetPathFromIDListW$Shell32.dll
API String ID: 2532054659-2189340400
Opcode ID: ca00e0afcdca0b51f3f52e7a07cb63110c05bf419bbb5ec3627c6f8628fc6424
Instruction ID: c095bc60ee846dac0ee6b09579a757ac3e992aeae7e9b7a79c30b1b31e433d7c
Opcode Fuzzy Hash: ca00e0afcdca0b51f3f52e7a07cb63110c05bf419bbb5ec3627c6f8628fc6424
Instruction Fuzzy Hash: 5E515070900218DFDB15EFA1CC85BDEBBB4AF15304F1040AEE505A7292DBB99A48CF69

Function 00444C28 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 87registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 00444C3D
GetProcAddress.KERNEL32(00000000,GetSystemDefaultUILanguage), ref: 00444C4D
RegOpenKeyExW.ADVAPI32(80000003,.Default\Control Panel\desktop\ResourceLocale,00000000,000F003F,?), ref: 00444C86
RegQueryValueExW.ADVAPI32(?,004C2D7C,00000000,00000000,?,0000000A), ref: 00444C9E
RegOpenKeyExW.ADVAPI32(80000003,.DEFAULT\Control Panel\International,00000000,000F003F,?), ref: 00444CBF
RegQueryValueExW.ADVAPI32(?,Locale,00000000,00000000,?,0000000A), ref: 00444CD9
__wcstoi64.LIBCMT ref: 00444CFB

Strings

.Default\Control Panel\desktop\ResourceLocale, xrefs: 00444C72
.DEFAULT\Control Panel\International, xrefs: 00444CB2
GetSystemDefaultUILanguage, xrefs: 00444C47
Locale, xrefs: 00444CD1
Kernel32.dll, xrefs: 00444C38

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: OpenQueryValue$AddressHandleModuleProc__wcstoi64
String ID: .DEFAULT\Control Panel\International$.Default\Control Panel\desktop\ResourceLocale$GetSystemDefaultUILanguage$Kernel32.dll$Locale
API String ID: 2065448255-3798069133
Opcode ID: 0beab6f27266994117a11318befe2c0ba251e351e15b1392993b225ab02f0337
Instruction ID: dec2fee5953cf9e0dbbcb3b0352eb84763cbe800ecd0f804597b60404a3882f0
Opcode Fuzzy Hash: 0beab6f27266994117a11318befe2c0ba251e351e15b1392993b225ab02f0337
Instruction Fuzzy Hash: E9214471E0122EAEFB10DBA1CC81FBF776CEB04745F15003BA911B2181DA689E058BBD

Function 0043C3A2 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 84registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043C3AC
_memset.LIBCMT ref: 0043C3D2
RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,?), ref: 0043C3F4
RegQueryValueExW.ADVAPI32(?,CommonFilesDir,00000000,00000000,?,?), ref: 0043C433

Part of subcall function 00415AF8: __EH_prolog3_GS.LIBCMT ref: 00415AFF
Part of subcall function 00415AF8: GetLastError.KERNEL32(0000003C,00487419,?,?,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B2A
Part of subcall function 00415AF8: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B5B

Strings

lJ, xrefs: 0043C44D
SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 0043C3E7
dJ, xrefs: 0043C4A0
dJ, xrefs: 0043C448
ProgramFilesDir, xrefs: 0043C411
CommonFilesDir, xrefs: 0043C417, 0043C422
lJ, xrefs: 0043C4A5
@/L, xrefs: 0043C3B4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$OpenQueryValue_memset
String ID: @/L$CommonFilesDir$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion$dJ$dJ$lJ$lJ
API String ID: 1696510972-2331546588
Opcode ID: 7042db034f39b0445524c6c2400622a06e55ee3fe3de6444a9ae2e7c206ed696
Instruction ID: b406483aece97984e2f67a5298c2128ff1b561336d28c389f68f5baeca76a5df
Opcode Fuzzy Hash: 7042db034f39b0445524c6c2400622a06e55ee3fe3de6444a9ae2e7c206ed696
Instruction Fuzzy Hash: BA313DB19002289BDB24EF56CD91BEDB7B8AF19304F4040EBA50DA3251DB785F848F69

Function 00461F6C Relevance: 19.8, APIs: 13, Instructions: 293COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

_wcscmp.LIBCMT ref: 00462052
_wcscmp.LIBCMT ref: 00462068
___lc_wcstolc.LIBCMT ref: 00462094
___get_qualified_locale.LIBCMT ref: 004620B9

Part of subcall function 0046E1E0: _TranslateName.LIBCMT ref: 0046E220
Part of subcall function 0046E1E0: _GetLocaleNameFromLangCountry.LIBCMT ref: 0046E239
Part of subcall function 0046E1E0: _TranslateName.LIBCMT ref: 0046E254
Part of subcall function 0046E1E0: _GetLocaleNameFromLangCountry.LIBCMT ref: 0046E26A
Part of subcall function 0046E1E0: IsValidCodePage.KERNEL32(00000000,?,?,00000055,?,?,004620BE,?,?,?,?,00000004,?,00000000), ref: 0046E2BE

GetACP.KERNEL32(?,?,?,?,?,00000004,?,00000000), ref: 00462150
_memmove.LIBCMT ref: 00462206
__lock.LIBCMT ref: 0046227A
InterlockedDecrement.KERNEL32(00000000), ref: 0046228D
_free.LIBCMT ref: 004622A3
__lock.LIBCMT ref: 004622BC
___removelocaleref.LIBCMT ref: 004622CB
___freetlocinfo.LIBCMT ref: 004622E4
_free.LIBCMT ref: 004622F7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Name$CountryFromLangLocaleTranslate__lock_free_wcscmp$CodeDecrementInterlockedPageValid___freetlocinfo___get_qualified_locale___lc_wcstolc___removelocaleref__amsg_exit__getptd_noexit_memmove
String ID:
API String ID: 1815561178-0
Opcode ID: 65f231167ef966e2e19903536a99e1c99888594b17d5478a5711cc6edae10bdb
Instruction ID: 8ba6a8e79f3cbfa52e94c298c00d96272bc19f7e46cd040681b3506d6b616aee
Opcode Fuzzy Hash: 65f231167ef966e2e19903536a99e1c99888594b17d5478a5711cc6edae10bdb
Instruction Fuzzy Hash: 6091D671900615BBDB209F65CD42BEF77B8AF45314F1440ABFD08A2251FB788E85CB9A

Function 00419185 Relevance: 19.7, APIs: 5, Strings: 6, Instructions: 440stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041918F
_memmove.LIBCMT ref: 004191AF

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp), ref: 004191EB
__setjmp3.LIBCMT ref: 0041920C

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 0041A199: __EH_prolog3_GS.LIBCMT ref: 0041A1A0

Part of subcall function 00418E75: __EH_prolog3_GS.LIBCMT ref: 00418E7F
Part of subcall function 00418E75: _memmove.LIBCMT ref: 00418EA4
Part of subcall function 00418E75: lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,00000000), ref: 00418ED9
Part of subcall function 00418E75: __setjmp3.LIBCMT ref: 00418EFA

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0040E057: __EH_prolog3_GS.LIBCMT ref: 0040E061

Part of subcall function 0040B22B: __EH_prolog3_GS.LIBCMT ref: 0040B232

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 00418E75: _memmove.LIBCMT ref: 00419163

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Part of subcall function 00417EFF: __EH_prolog3.LIBCMT ref: 00417F06

_memmove.LIBCMT ref: 00419783

Strings

setup.cpp, xrefs: 004191C2
layout.bin, xrefs: 00419224, 0041922E, 00419249
setup.inx, xrefs: 0041960D, 00419612, 00419627
.cab, xrefs: 004193F8, 00419471
@/L, xrefs: 00419229
&, xrefs: 00419733

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$ErrorLast$FreeString_memmove$__setjmp3lstrcpy$H_prolog3_longjmp
String ID: &$.cab$@/L$layout.bin$setup.cpp$setup.inx
API String ID: 697873258-901562178
Opcode ID: cb3e79b7c898eaa0216b41af2dd1793d1d7cb792debdc366a6b2bfe39a8d7abc
Instruction ID: 8575189158bbba3b6d906a6ef7ac19f1f8741dae015d751b75bd54df3e8103d1
Opcode Fuzzy Hash: cb3e79b7c898eaa0216b41af2dd1793d1d7cb792debdc366a6b2bfe39a8d7abc
Instruction Fuzzy Hash: 0C026F70A001589FDB14E7A5CD56BEDB7B9AF58344F0000EEE509A3292EB785F48CF66

Function 00436805 Relevance: 19.6, APIs: 13, Instructions: 118windowmemoryCOMMON

Download Yara Rule

APIs

GetObjectW.GDI32(?,00000018,?), ref: 00436827
CreateCompatibleDC.GDI32(00000000), ref: 0043684B
SelectObject.GDI32(00000000,?), ref: 0043685B
GetDIBColorTable.GDI32(00000000,00000000,00000100,?), ref: 00436870
GlobalAlloc.KERNEL32(00000042,00000408), ref: 0043687F
GlobalLock.KERNEL32(00000000), ref: 0043688C
GetSystemPaletteEntries.GDI32(?,00000000,0000000A,00000004), ref: 00436927
GetSystemPaletteEntries.GDI32(?,000000F6,0000000A,000003DC), ref: 00436938
CreatePalette.GDI32(00000000), ref: 0043693B
DeleteDC.GDI32(?), ref: 00436947
GetDC.USER32(00000000), ref: 0043695C
CreateHalftonePalette.GDI32(00000000), ref: 00436965
ReleaseDC.USER32(00000000,00000000), ref: 00436972

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Palette$Create$EntriesGlobalObjectSystem$AllocColorCompatibleDeleteHalftoneLockReleaseSelectTable
String ID:
API String ID: 1699956756-0
Opcode ID: 9fffb9183ea9f75ac36f32c1f257a06a84f546f4a87139108fff568328575c93
Instruction ID: 0e618a48a188d60c81fe0ffe5ce451cc4a34528846e82f1bf0bd46f1c2f94a20
Opcode Fuzzy Hash: 9fffb9183ea9f75ac36f32c1f257a06a84f546f4a87139108fff568328575c93
Instruction Fuzzy Hash: 044159B1500264AFC7118F25DC84BEA7FB8EF5A304F0480FAEB46E7242C6749D46CB28

Function 00469B03 Relevance: 19.6, APIs: 13, Instructions: 83COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 00469B0B
_free.LIBCMT ref: 00469B24

Part of subcall function 0045D646: RtlFreeHeap.NTDLL(00000000,00000000), ref: 0045D65A
Part of subcall function 0045D646: GetLastError.KERNEL32(00000000), ref: 0045D66C

_free.LIBCMT ref: 00469B37
_free.LIBCMT ref: 00469B55
_free.LIBCMT ref: 00469B67
_free.LIBCMT ref: 00469B78
_free.LIBCMT ref: 00469B83
_free.LIBCMT ref: 00469BA5
EncodePointer.KERNEL32(000000FF), ref: 00469BAD
_free.LIBCMT ref: 00469BC2
_free.LIBCMT ref: 00469BD8
InterlockedDecrement.KERNEL32 ref: 00469BEA
_free.LIBCMT ref: 00469C04

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _free$Pointer$DecodeDecrementEncodeErrorFreeHeapInterlockedLast
String ID:
API String ID: 4264854383-0
Opcode ID: 91c68485fc1633b49ec803f64a22d7f6c3e15ba7461b77de0e9ebccec0928efd
Instruction ID: d7822e9ec3e302b36f30c4fc4a0e7428b4fbeb0ff8b6079de38b1ccef5b48c89
Opcode Fuzzy Hash: 91c68485fc1633b49ec803f64a22d7f6c3e15ba7461b77de0e9ebccec0928efd
Instruction Fuzzy Hash: 32216D36D02211CBCB22AF66FC8155A3768FB45765319013FE81893362DB3D6C65CA9F

Function 00411934 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 304COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041193E

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

GetCommandLineW.KERNEL32 ref: 00411ABF

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040E35C: __EH_prolog3_GS.LIBCMT ref: 0040E363
Part of subcall function 0040E35C: __itow_s.LIBCMT ref: 0040E39A
Part of subcall function 0040E35C: SetLastError.KERNEL32(?,?,00000000,00000001), ref: 0040E3C9

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0040E057: __EH_prolog3_GS.LIBCMT ref: 0040E061

Part of subcall function 0040A017: __wcsnicmp.LIBCMT ref: 0040A05E

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00411965
@/L, xrefs: 00411B84
%%IS_PREREQ%%-%s, xrefs: 004119D1
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00411A55, 00411A79
@/L, xrefs: 00411B58
P/L, xrefs: 00411AA0, 00411AFF, 00411B44, 00411D92, 00411D4A, 00411D2F, 00411CD2, 00411B29, 004119E2, 00411A14, 00411AA3, 00411B2E, 00411B47, 00411D4D
|-L, xrefs: 00411AC5
ISSetupPrerequisistes, xrefs: 00411D7A
.exe, xrefs: 00411C41, 00411C46, 00411C52

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3_$CloseCommandH_prolog3HandleLineModule__itow_s__wcsnicmp
String ID: ISSetupPrerequisistes$%%IS_PREREQ%%-%s$.exe$@/L$@/L$P/L$Software\Microsoft\Windows\CurrentVersion$Software\Microsoft\Windows\CurrentVersion\RunOnce$|-L
API String ID: 3598051681-2365343915
Opcode ID: 61d3c9801b13fece9804926035e1e3edfcdd71126538be621bfbfa4b5e3402e2
Instruction ID: 5ba13f66eb6bf40d1a68d8553a301f3a621067c2fc7de99ce0a8a9dd4e7a0d18
Opcode Fuzzy Hash: 61d3c9801b13fece9804926035e1e3edfcdd71126538be621bfbfa4b5e3402e2
Instruction Fuzzy Hash: B8D15F71900218EEDB24EBA5CC95FEDB7B8AF14304F1041AEE509B7191EB746E88CF65

Function 0045151D Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 240registryfileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00451527
wsprintfW.USER32 ref: 00451643
wsprintfW.USER32 ref: 00451658
wsprintfW.USER32 ref: 004517C7
wsprintfW.USER32 ref: 004517DA
RegSetValueExW.ADVAPI32(?,Count,00000000,00000004,?,00000004), ref: 00451844

Part of subcall function 00450B11: __EH_prolog3_GS.LIBCMT ref: 00450B18

DeleteFileW.KERNEL32(?), ref: 0045187C

Strings

Count, xrefs: 00451591, 00451839
Software\InstallShieldPendingOperation, xrefs: 00451578
source%d, xrefs: 00451652, 004517D4
dest%d, xrefs: 00451639, 004517C1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: wsprintf$H_prolog3_$DeleteFileValue
String ID: Count$Software\InstallShieldPendingOperation$dest%d$source%d
API String ID: 2703998930-4089646173
Opcode ID: 8451693f85238eed414947f0ff557924e9b3c540a4be866a3fc6c72747ce659f
Instruction ID: 8e9e8d026ccb64995e6bb7a0a4ab435d3ae9af4bc93e76a6530ecb9e04ce2cbe
Opcode Fuzzy Hash: 8451693f85238eed414947f0ff557924e9b3c540a4be866a3fc6c72747ce659f
Instruction Fuzzy Hash: 13A1A0718002199EDB24EF54CC85FE9B7B8AF19304F0041EEE559A7192EBB46B88CF64

Function 004518B9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 179fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004518C3
wsprintfW.USER32 ref: 00451A03
wsprintfW.USER32 ref: 00451A13
DeleteFileW.KERNEL32(?), ref: 00451B27
MoveFileExW.KERNEL32(?,?,00000001), ref: 00451B55
GetLastError.KERNEL32 ref: 00451B5F

Strings

Software, xrefs: 0045190A
Count, xrefs: 0045195C
source%d, xrefs: 00451A0D
dest%d, xrefs: 004519F9
InstallShieldPendingOperation, xrefs: 0045193A, 00451B8E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Filewsprintf$DeleteErrorH_prolog3_LastMove
String ID: Count$InstallShieldPendingOperation$Software$dest%d$source%d
API String ID: 2653183521-2585182305
Opcode ID: 2819c8aa42d7301270cb82d7f507ed12c65533ae54492845a85e7cb80b72b319
Instruction ID: 18e8f3a60b99fad522a7cd0c46d208c56dcb8803b1485228489cfc9843af082e
Opcode Fuzzy Hash: 2819c8aa42d7301270cb82d7f507ed12c65533ae54492845a85e7cb80b72b319
Instruction Fuzzy Hash: 49818C71900229DEEB24EB65CC45BEDB7B4AF15304F0041EAE549A3192EB785FC8CF65

Function 00419F3C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 172stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00419F46
_memset.LIBCMT ref: 00419F95
_memmove.LIBCMT ref: 00419FAD

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001), ref: 00419FE2
__setjmp3.LIBCMT ref: 0041A003
_wcschr.LIBCMT ref: 0041A01E
VariantClear.OLEAUT32(?), ref: 0041A081
_wcsncpy.LIBCMT ref: 0041A09D

Part of subcall function 00417844: SysAllocString.OLEAUT32(?), ref: 00417865

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

VariantClear.OLEAUT32(?), ref: 0041A102
_memmove.LIBCMT ref: 0041A15F

Strings

setup.cpp, xrefs: 00419FBE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$ClearFreeVariant_memmove$AllocH_prolog3___setjmp3_longjmp_memset_wcschr_wcsncpylstrcpy
String ID: setup.cpp
API String ID: 217399626-2020632666
Opcode ID: 24bf8db453f537f2ac38769ced95113c6d8937097eff4c97c70a3883aebfabaf
Instruction ID: f85f04d5041f9a94aa3106536137e34a7d37407c46ebae36e23c02d0bb7d63a7
Opcode Fuzzy Hash: 24bf8db453f537f2ac38769ced95113c6d8937097eff4c97c70a3883aebfabaf
Instruction Fuzzy Hash: 4B615171D01219ABDF10EBA4CD49BDEB7B8AF09304F0041DAF909AB291DB749E84CF59

Function 004961F0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 119libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0043E2D6: __EH_prolog3_GS.LIBCMT ref: 0043E2DD
Part of subcall function 0043E2D6: GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000104,00000078,00444282,?,00000000,00000068,00486772,?,004C2FA0,uxtheme.dll,?,00000000), ref: 0043E335
Part of subcall function 0043E2D6: __CxxThrowException@8.LIBCMT ref: 0043E362

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

LoadLibraryW.KERNEL32(?,004C2FA0,Shcore.dll,?,00000000,?,?), ref: 004962AD
GetProcAddress.KERNEL32(00000000,GetDpiForMonitor), ref: 004962C5
MonitorFromPoint.USER32(00000001,00000001,00000002), ref: 004962DB
GetDC.USER32(00000000), ref: 00496310
GetDeviceCaps.GDI32(00000000,00000058), ref: 0049631F
ReleaseDC.USER32(00000000,00000000), ref: 0049632E
MulDiv.KERNEL32(00000060,00000064,00000060), ref: 0049633E

Strings

GetDpiForMonitor, xrefs: 004962BB
`, xrefs: 00496302
@/L, xrefs: 0049627D
Shcore.dll, xrefs: 0049626E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$AddressCapsDeviceDirectoryException@8FromH_prolog3H_prolog3_LibraryLoadMonitorPointProcReleaseThrowWindows
String ID: @/L$GetDpiForMonitor$Shcore.dll$`
API String ID: 1830457265-1007342126
Opcode ID: 0e0ae79c68afe802f0bbf342f50a642fd3d05c30491e8acd806336a09873d8ab
Instruction ID: 61a6fc84fcf242ae177ddf2fcf310ea8999672785abef5f9ab41c710446a3bc6
Opcode Fuzzy Hash: 0e0ae79c68afe802f0bbf342f50a642fd3d05c30491e8acd806336a09873d8ab
Instruction Fuzzy Hash: 81418171A00318EEDF21DBA5CC45FDEBBB8AF05704F0001AEF915A7281DBB85908CB65

Function 004963B0 Relevance: 18.3, APIs: 12, Instructions: 276COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000001), ref: 00496401
DestroyWindow.USER32(00000001,?,?,00000000,004ABE4B,000000FF,?,00495AB7,?,?,00000002,?,?,00000000,00000001), ref: 0049640E
IsWindow.USER32(?), ref: 00496430
CreateWindowExW.USER32(00000020,00000000,40000000,00000000,00000000,00000000,00000000,?,00000000,?), ref: 004964A2
IsWindow.USER32(00000000), ref: 004964AC
GetWindow.USER32(?,00000003), ref: 004964D0
SetWindowPos.USER32(00000000,?,00000000,00000000,00000000,00000000,00000003), ref: 004964F3
MulDiv.KERNEL32(00000000,00000000,00000064), ref: 0049660A
MulDiv.KERNEL32(00000000,00000000,?), ref: 00496656
MulDiv.KERNEL32(00000000,00000000,?), ref: 00496679
MoveWindow.USER32(00000000,?,?,00000000,?,00000000,00000000,00000000,?,?,00000000), ref: 004966C8
ShowWindow.USER32(00000000,00000000), ref: 004966D3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$CreateDestroyMoveShow
String ID:
API String ID: 3486018820-0
Opcode ID: 54ad85b1d14f8302e427f7de450e69ecc88b3b4ff6ce2b7702f595ccbfc3fc33
Instruction ID: 1bf84b70c09bbdd0bcfb24cd7475d3bf2832844d0d10c60855775236acd56808
Opcode Fuzzy Hash: 54ad85b1d14f8302e427f7de450e69ecc88b3b4ff6ce2b7702f595ccbfc3fc33
Instruction Fuzzy Hash: CAB17B71A00204AFDF10DFA4D995BAEBFB5AF08314F15806AFD05AB295DB39DC11CB68

Function 00402000 Relevance: 18.2, APIs: 12, Instructions: 160fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

CreateFileW.KERNEL32(-00000004,C0000000,00000001,00000000,00000004,00000080,00000000,?,?,00000001,98A63EB4), ref: 00402066
GetLastError.KERNEL32(?,?,00000001,98A63EB4), ref: 00402079
SysFreeString.OLEAUT32(?), ref: 00402095
SysFreeString.OLEAUT32(?), ref: 004020A0
SetLastError.KERNEL32(?), ref: 004020C0
ReadFile.KERNEL32(00000000,00000000,00000002,00000000,00000000), ref: 004020F8
WriteFile.KERNEL32(00000000,00000000,00000002,?), ref: 0040213B
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00402172
GetLastError.KERNEL32 ref: 00402193
SysFreeString.OLEAUT32(?), ref: 004021A9
SysFreeString.OLEAUT32(?), ref: 004021B4
SetLastError.KERNEL32(?), ref: 004021D4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FileFreeString$Write$CreateRead
String ID:
API String ID: 2306213392-0
Opcode ID: 74b8f1236cacd319532d57d6b2d5a616290a54c3b6498e0a95c4e9d8e35ed752
Instruction ID: e106a9f4cbf14f95d49d83af86798c1b7ba84dd5c8c358d7f972cb33e0b1c78b
Opcode Fuzzy Hash: 74b8f1236cacd319532d57d6b2d5a616290a54c3b6498e0a95c4e9d8e35ed752
Instruction Fuzzy Hash: 07514931900208AFEB10DFA5DC49FADBBB8FF09704F10406AEA14BB2E1D774A955CB59

Function 00456686 Relevance: 18.2, APIs: 8, Strings: 4, Instructions: 151stringCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,?,?,?,?,004568E3,004C2BD0,00000000,?,?), ref: 00456707
lstrcmpA.KERNEL32(?,NoRemove,?,?,?,004568E3,004C2BD0,00000000,?,?), ref: 00456719
lstrcmpA.KERNEL32(?,ForceRemove,?,?,?,004568E3,004C2BD0,00000000,?,?), ref: 00456757
lstrcmpA.KERNEL32(?,val,?,?,?,004568E3,004C2BD0,00000000,?,?), ref: 0045676A

Strings

HKCR, xrefs: 00456777
NoRemove, xrefs: 00456713
ForceRemove, xrefs: 00456751
val, xrefs: 00456764

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: lstrcmp$lstrcpyn
String ID: ForceRemove$HKCR$NoRemove$val
API String ID: 3250216649-3921688442
Opcode ID: 64b3d32f1e08da20181bbe47fb14463c8ab379f45b1abeeeca8b6f2c410d0799
Instruction ID: a5d7ce2763394210b2c8c1fb3cb5ab048f1494858562a95f42f6bb40a9617147
Opcode Fuzzy Hash: 64b3d32f1e08da20181bbe47fb14463c8ab379f45b1abeeeca8b6f2c410d0799
Instruction Fuzzy Hash: 60413A712043015ED7309A398C84B737BE9BB49316FD6062BEC86C7683D76DF8498B28

Function 004490F5 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 279COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004490FF

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

GetErrorInfo.OLEAUT32(00000000,?,00000264,0043A729,?,?,?,00000001), ref: 0044913B
CreateErrorInfo.OLEAUT32(?), ref: 0044919A
ProgIDFromCLSID.OLE32(?,?), ref: 004491C7
CoTaskMemFree.OLE32(?), ref: 004491EB

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

SetErrorInfo.OLEAUT32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00449448

Strings

@/L, xrefs: 004491FF
), xrefs: 004492E2
@/L, xrefs: 00449121

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Error$Info$LastString$AllocCreateFreeFromH_prolog3_ProgTask
String ID: )$@/L$@/L
API String ID: 290475581-2532612753
Opcode ID: c0bd4b3af20aefacb97d58783fba13363f33016cc5667905c6cb5cce283dbbe9
Instruction ID: 21e2d273a3d2f517428eb9d5f3f77e34d1aad62743345aff31db80580862d89f
Opcode Fuzzy Hash: c0bd4b3af20aefacb97d58783fba13363f33016cc5667905c6cb5cce283dbbe9
Instruction Fuzzy Hash: 72C15D71900218AEDB15EBA1CC54BEE7778AF58304F1440EEE409B3292DB785E49DB69

Function 00499770 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 242fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

__wcsnicmp.LIBCMT ref: 00499826
__wcsnicmp.LIBCMT ref: 0049987F
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00499912
GetFileSize.KERNEL32(00000000,?), ref: 00499935
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00499972

Strings

.wmf, xrefs: 004999F7
.bmp, xrefs: 004999A8
lJ, xrefs: 004997D1
dJ, xrefs: 004997E1
.dll, xrefs: 00499820

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$ErrorLast__wcsnicmp$CreateH_prolog3ReadSize
String ID: .bmp$.dll$.wmf$dJ$lJ
API String ID: 712479857-2517244617
Opcode ID: 36e2a5e6393ac3354ebbffc1edfe716ccb3a7466fc6be135708c91518bc66aed
Instruction ID: 9a53e38ed3cbee91c574600164a1b9e1fa819cd09071de70aa6fd71bcf447936
Opcode Fuzzy Hash: 36e2a5e6393ac3354ebbffc1edfe716ccb3a7466fc6be135708c91518bc66aed
Instruction Fuzzy Hash: D981E671900204EAEF20EB69CC45BEE7B78AF05314F1401BFE815A32D1EB399E49CB59

Function 0044A200 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0044A300: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,0044A209), ref: 0044A313
Part of subcall function 0044A300: GetProcAddress.KERNEL32(00000000), ref: 0044A31A
Part of subcall function 0044A300: GetCurrentProcess.KERNEL32(00000000,?,?,?,0044A209), ref: 0044A32A

GetModuleHandleW.KERNEL32(kernel32,Wow64DisableWow64FsRedirection), ref: 0044A223
GetProcAddress.KERNEL32(00000000), ref: 0044A22C
GetModuleHandleW.KERNEL32(kernel32,Wow64RevertWow64FsRedirection), ref: 0044A237
GetProcAddress.KERNEL32(00000000), ref: 0044A23A

Strings

kernel32, xrefs: 0044A21D, 0044A222, 0044A233, 0044A2B2
Wow64EnableWow64FsRedirection, xrefs: 0044A2AD
Wow64RevertWow64FsRedirection, xrefs: 0044A22E
Wow64DisableWow64FsRedirection, xrefs: 0044A218

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$CurrentProcess
String ID: Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32
API String ID: 565683799-3439747844
Opcode ID: a7d460847f7ac47c9885598faf888c97aae771e5c34a54c084e4059b01bf2cde
Instruction ID: 13ad9e053d7390241737b19a12295ca612cefdc63b0c677b9ac50012449135f7
Opcode Fuzzy Hash: a7d460847f7ac47c9885598faf888c97aae771e5c34a54c084e4059b01bf2cde
Instruction Fuzzy Hash: D711C031681209ABEF14AFA69C51B9B379CBF45344B10406BB902D33A0DBFDDC11EA69

Function 004202C0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 431stringregistryCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,Delete,?,98A63EB4,?,00000000,00000000,?,004A37D8,000000FF,?,00420109,?,00000000,00000000,00000000), ref: 0042034D
lstrcmpiW.KERNEL32(?,ForceRemove,?,00000000,00000000,?,004A37D8,000000FF,?,00420109,?,00000000,00000000,00000000,?,?), ref: 00420364
lstrcmpiW.KERNEL32(?,NoRemove,?,?,00000000,00000000,?,004A37D8,000000FF,?,00420109,?,00000000,00000000,00000000,?), ref: 0042044A
lstrcmpiW.KERNEL32(?,Val,?,00000000,00000000,?,004A37D8,000000FF,?,00420109,?,00000000,00000000,00000000,?,?), ref: 00420472

Part of subcall function 0041D0ED: CharNextW.USER32(?,?,00000000,?,?,?,?,004180FA,?,98A63EB4,?,?,?,?,?,004A2661), ref: 0041D128
Part of subcall function 0041D0ED: CharNextW.USER32(?,?,?,00000000,?,?,?,?,004180FA,?,98A63EB4), ref: 0041D1AE

RegDeleteValueW.ADVAPI32(?,?,?,?), ref: 0042056D

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

Strings

ForceRemove, xrefs: 00420357
Val, xrefs: 0042046C
NoRemove, xrefs: 00420444
Delete, xrefs: 00420340

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: lstrcmpi$CharNext$CloseDeleteHandleModuleValue
String ID: Delete$ForceRemove$NoRemove$Val
API String ID: 1242246611-1781481701
Opcode ID: a1d446e6506353cbc252382d4029f75a5ef42e5710bce3a37fa9218991492181
Instruction ID: 2760f7622405121b3bcfe2dddfac2a0a87bb3b9587d57393e72ef0353ddbb821
Opcode Fuzzy Hash: a1d446e6506353cbc252382d4029f75a5ef42e5710bce3a37fa9218991492181
Instruction Fuzzy Hash: 73E1C931E01235ABCB35EB65AC54AAFB7F4AF14704F4045AFE805E2252D7388F84CE95

Function 0042114F Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 004221C3: __EH_prolog3.LIBCMT ref: 004221CA

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Part of subcall function 00418E75: __EH_prolog3_GS.LIBCMT ref: 00418E7F
Part of subcall function 00418E75: _memmove.LIBCMT ref: 00418EA4
Part of subcall function 00418E75: lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,00000000), ref: 00418ED9
Part of subcall function 00418E75: __setjmp3.LIBCMT ref: 00418EFA

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

Part of subcall function 0041CDBA: LoadLibraryW.KERNEL32(-00000004), ref: 0041CDED

_memmove.LIBCMT ref: 00421625

Strings

*, xrefs: 004214FA
@/L, xrefs: 0042117E
', xrefs: 0042140F
@/L, xrefs: 0042120E
@/L, xrefs: 0042162D
ISSetup.dll, xrefs: 00421168, 0042116D, 004211F8, 004211FD, 0042129D
ISSetup.dll, xrefs: 0042136A, 0042136F, 00421384
@/L, xrefs: 004212AE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeH_prolog3String_memmove$LibraryLoad__setjmp3_longjmplstrcpy
String ID: '$*$@/L$@/L$@/L$@/L$ISSetup.dll$ISSetup.dll
API String ID: 3868212671-3271623578
Opcode ID: f27a9b64ead99a97a793cfd9fb6c14ecb76a49be51d9b9eaf8f32d435d69a777
Instruction ID: 55a32be16f28225197dd2d98624df9587fbe5d17ea24a4de6dec626459dec031
Opcode Fuzzy Hash: f27a9b64ead99a97a793cfd9fb6c14ecb76a49be51d9b9eaf8f32d435d69a777
Instruction Fuzzy Hash: 64B1C270A00158DFDB14EB64C955BEDB7B9AF98304F0040EEF50AA3292DB785F48CB69

Function 004188B7 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 260stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004188C1
_memmove.LIBCMT ref: 004188F2

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp), ref: 00418927
__setjmp3.LIBCMT ref: 00418948

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

SysFreeString.OLEAUT32(?), ref: 00418AFA
_memmove.LIBCMT ref: 00418C4F

Strings

setup.cpp, xrefs: 00418903
@/L, xrefs: 00418A40
SUPPORTDIR, xrefs: 00418AB5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$ErrorLast$Free$_memmove$AllocH_prolog3___setjmp3_longjmplstrcpy
String ID: @/L$SUPPORTDIR$setup.cpp
API String ID: 4158757861-264556979
Opcode ID: 1b16957741b8d29ca3f06fc25600420df800334d41fb51d178047b1ecabdff0f
Instruction ID: 73ab86cc7cfdb58334e1e9dfdae098171c1a2feb4c19dac2799add70096844b1
Opcode Fuzzy Hash: 1b16957741b8d29ca3f06fc25600420df800334d41fb51d178047b1ecabdff0f
Instruction Fuzzy Hash: 33B16B70A00218DFCB14DFA5CD95BDEB7B8AF48304F1041DEE509AB281DB74AA85CFA5

Function 00444E82 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 219fileCOMMON

Download Yara Rule

APIs

GetTempFileNameW.KERNEL32(?,_is,00000000,00000000,?,00000104), ref: 00444FED
GetTempPathW.KERNEL32(00000104,00000000,?,00000104), ref: 00444ECF

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

__EH_prolog3_GS.LIBCMT ref: 00444E8C

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

DeleteFileW.KERNEL32(?), ref: 00445012

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004470DB: __EH_prolog3.LIBCMT ref: 004470E2

Strings

_is, xrefs: 00444FE7
@/L, xrefs: 00444F0B
@/L, xrefs: 00445180
.tmp, xrefs: 00445040
|-L, xrefs: 00445045, 00445086

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FileH_prolog3H_prolog3_StringTemp$AllocDeleteNamePath
String ID: .tmp$@/L$@/L$_is$|-L
API String ID: 1310056418-130929492
Opcode ID: 782cd87ccf0246181b3e72e9fb6f74b7e6a99447064897e5c11226f364f4efc0
Instruction ID: cdc1113ea4c74d231ccbddbdb057c41b85e82c13c8e367bc0be9af636cdf0889
Opcode Fuzzy Hash: 782cd87ccf0246181b3e72e9fb6f74b7e6a99447064897e5c11226f364f4efc0
Instruction Fuzzy Hash: 2391AF30900248EFEB05EBA1CD55FDD7778AF15308F5400AEF50967192DBB85B49CB6A

Function 0042E711 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 213registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042E71B
RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\Environment,00000000,00020019,?,000000B8,0042F5CE,?,P/L), ref: 0042E754

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Part of subcall function 004040F0: SysStringLen.OLEAUT32(?), ref: 004040FE
Part of subcall function 004040F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00404118

Part of subcall function 004040F0: _wmemcpy_s.LIBCMT ref: 00404145

RegEnumValueW.ADVAPI32(?,?,00000000,?,00000000,?,00000000,?,?,?,?,?), ref: 0042E888

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,?,?,00000400,?,00000400), ref: 0042E94B

Part of subcall function 00403CF0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,?,?,?,?,?,?,00000000,004AC478,000000FF,T4L), ref: 00403D2F
Part of subcall function 00403CF0: GetLastError.KERNEL32(?,00000000,000000FF), ref: 00403DC9
Part of subcall function 00403CF0: SysFreeString.OLEAUT32(?), ref: 00403DE3
Part of subcall function 00403CF0: SysFreeString.OLEAUT32(?), ref: 00403DF0
Part of subcall function 00403CF0: SetLastError.KERNEL32(?), ref: 00403E14
Part of subcall function 00403CF0: SetLastError.KERNEL32(?,?,00000000,7591DFA0,?,?,?,?,?,?,?,?,00000000,004AC478,000000FF,T4L), ref: 00403E1A

Strings

SYSTEM\CurrentControlSet\Control\Session Manager\Environment, xrefs: 0042E747
P/L, xrefs: 0042E768
T4L, xrefs: 0042E9CE
P/L, xrefs: 0042E792, 0042E7AD, 0042E82C, 0042E9C2, 0042E9DA, 0042E8EB, 0042E97D, 0042E9C5
T4L, xrefs: 0042E76D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$EnumValue$AllocH_prolog3_Open_wmemcpy_s
String ID: P/L$P/L$SYSTEM\CurrentControlSet\Control\Session Manager\Environment$T4L$T4L
API String ID: 802081060-1690745742
Opcode ID: 308bb98bd5052a1e19987a0a4844abb24b2a51548811d2477baa7fa36349e06b
Instruction ID: 8cff7c8f36a08ea6961593ecb01b9f7f8e85bfe3ec6f2101e9b3e14620bd614f
Opcode Fuzzy Hash: 308bb98bd5052a1e19987a0a4844abb24b2a51548811d2477baa7fa36349e06b
Instruction Fuzzy Hash: 14916271900258DFDB25DFA5C891BDDBBB8BF18304F1040AEE54AB3282DB741A49DF65

Function 0049C444 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 142fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?), ref: 0049C47F
GetFileSize.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0049C4B6
CreateFileMappingW.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?), ref: 0049C4C9
MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?), ref: 0049C4E1
__allrem.LIBCMT ref: 0049C520
UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 0049C586
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?), ref: 0049C58F
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 0049C599

Strings

lJ, xrefs: 0049C444

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$CloseCreateHandleView$MappingSizeUnmap__allrem
String ID: lJ
API String ID: 3476395881-496827753
Opcode ID: 922d89501ecbc639f8f6c24e6d568a34c74741d8c3fd3899ce6649435f5c27aa
Instruction ID: 15958081234dcb66c9fc530a50b4672f1d05b3945c41733da6f1a579c2539a87
Opcode Fuzzy Hash: 922d89501ecbc639f8f6c24e6d568a34c74741d8c3fd3899ce6649435f5c27aa
Instruction Fuzzy Hash: 9E4160B1900229BFDF119FA5DC859AFBFB8EF09760F01452AF915E3251D734AA10CBA4

Function 00450034 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 116stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,0045028D,?,?,?,00000000,?,00415586,?,?,?,0000010C,004243E8,?,00000003,00000000), ref: 00450064
wsprintfW.USER32 ref: 00450098
lstrcatW.KERNEL32(?,?,?,0045028D,?,?,?,00000000,?,00415586,?,?,?,0000010C,004243E8,?), ref: 004500AC
ResetEvent.KERNEL32(?,00000002,?,0045028D,?,?,?,00000000,?,00415586,?,?,?,0000010C,004243E8,?), ref: 004500BB
GetLastError.KERNEL32(?,0045028D,?,?,?,00000000,?,00415586,?,?,?,0000010C,004243E8,?,00000003,00000000), ref: 004500C7
ResetEvent.KERNEL32(0000000E,00000002,?,0045028D,?,?,?,00000000,?,00415586,?,?,?,0000010C,004243E8,?), ref: 00450122

Strings

Range: bytes=%d-, xrefs: 00450089
Range: bytes=%d-, xrefs: 00450090
A, xrefs: 00450050

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorEventLastReset$lstrcatwsprintf
String ID: A$Range: bytes=%d-$Range: bytes=%d-
API String ID: 2894917480-4039695729
Opcode ID: 6fcbd3db4730df72ba2ab927a36c7d3a97c1c80cb252543f66662816af8bc60c
Instruction ID: b1e300c78a8eb2fc5f889235aff39914ca9957faf1e2b898e1473a8cb950363b
Opcode Fuzzy Hash: 6fcbd3db4730df72ba2ab927a36c7d3a97c1c80cb252543f66662816af8bc60c
Instruction Fuzzy Hash: DA416E39100100EFDF199F15ECC9A6A7FA8EF45702B1840AAFE05CA267D736DC45DB29

Function 0043E2D6 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043E2DD

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 0043E413

Part of subcall function 0040B827: __EH_prolog3.LIBCMT ref: 0040B82E
Part of subcall function 0040B827: GetLastError.KERNEL32(00000004,00416939,00000008,004238F4,dJ,00000001,?,00000000), ref: 0040B847

__CxxThrowException@8.LIBCMT ref: 0043E362

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000104,00000078,00444282,?,00000000,00000068,00486772,?,004C2FA0,uxtheme.dll,?,00000000), ref: 0043E335

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000104,00000078,00444282,?,00000000,00000068,00486772,?,004C2FA0,uxtheme.dll,?,00000000), ref: 0043E3A6

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Strings

sysnative, xrefs: 0043E36D
syswow64, xrefs: 0043E3C8
@/L, xrefs: 0043E3D7
lJ, xrefs: 0043E351, 0043E35E, 0043E361

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$Directory$H_prolog3_StringWindows$AllocExceptionException@8H_prolog3RaiseSystemThrow
String ID: @/L$lJ$sysnative$syswow64
API String ID: 415710860-2847466861
Opcode ID: 6cea3ed8e4dc28ebca6e7c1a3155442e2536748fbfd298ce6e005f1135c960b0
Instruction ID: 2134382ef336b3a675b4594a16f7ebd393181ec0228d794400fe4d4d7225ed91
Opcode Fuzzy Hash: 6cea3ed8e4dc28ebca6e7c1a3155442e2536748fbfd298ce6e005f1135c960b0
Instruction Fuzzy Hash: A441A231901248DECB10EBE6C885BDDBB74AF1A308F54806FE54177292DFB85A0DDB59

Function 00486650 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 115libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,?,?), ref: 0048668D
SetLastError.KERNEL32(?,?,?), ref: 004866BD

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 00444261: __EH_prolog3_GS.LIBCMT ref: 00444268

LoadLibraryW.KERNEL32(-00000004,?,?), ref: 00486781
GetProcAddress.KERNEL32(?,SetWindowTheme), ref: 004867C8

Strings

uxtheme.dll, xrefs: 0048672A
@/L, xrefs: 00486755
SetWindowTheme, xrefs: 004867C2
lJ, xrefs: 00486686
dJ, xrefs: 0048667F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$AddressH_prolog3H_prolog3_LibraryLoadProc
String ID: @/L$SetWindowTheme$dJ$lJ$uxtheme.dll
API String ID: 2791025668-3152267377
Opcode ID: 05438a7ba360c899f4ec209ee4ed2754cfea640659ab5f7e611221f13d8250a6
Instruction ID: 2397f6712057be68e4de63de1d47c0fb54ab9de82be4cf15e2e5ef4b9476a4ff
Opcode Fuzzy Hash: 05438a7ba360c899f4ec209ee4ed2754cfea640659ab5f7e611221f13d8250a6
Instruction Fuzzy Hash: 925158B090074AEFD744DF66C988B9ABBB4FF04308F10416EE40597A90D7B9A528CFD4

Function 0042DA1E Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 111COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042DA28

Strings

..\..\Shared\Setup\SetupPreRequisite.cpp, xrefs: 0042DA4C, 0042DB78
T4L, xrefs: 0042DBA1
P/L, xrefs: 0042DA57
T4L, xrefs: 0042DA61
CSetupPreRequisite::ExecuteMsiWithProgress, xrefs: 0042DA75
P/L, xrefs: 0042DA9F, 0042DAA2
Launching MSI prerequisite %s, command line %s, xrefs: 0042DB72
T4L, xrefs: 0042DA87

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_
String ID: ..\..\Shared\Setup\SetupPreRequisite.cpp$CSetupPreRequisite::ExecuteMsiWithProgress$Launching MSI prerequisite %s, command line %s$P/L$P/L$T4L$T4L$T4L
API String ID: 2427045233-2972178079
Opcode ID: b74f44030ade5f35b2185295704e458ec2cf4f76c92aa5a29ac19143f543c10c
Instruction ID: 9a26429b9db501e46e10bf836c7dba27a9b9aa523acc5229f19a120faa493376
Opcode Fuzzy Hash: b74f44030ade5f35b2185295704e458ec2cf4f76c92aa5a29ac19143f543c10c
Instruction Fuzzy Hash: 8D41A570900218EECB15EBA1CC95BDEBBB8BF05304F5440AFE44967182DB786B49CF69

Function 00459FCD Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00459FE0

Part of subcall function 0045C729: std::exception::_Copy_str.LIBCMT ref: 0045C742

__CxxThrowException@8.LIBCMT ref: 00459FF5

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

std::exception::exception.LIBCMT ref: 0045A00E
__CxxThrowException@8.LIBCMT ref: 0045A023
std::regex_error::regex_error.LIBCPMT ref: 0045A035

Part of subcall function 00459CA5: std::exception::exception.LIBCMT ref: 00459CBF

__CxxThrowException@8.LIBCMT ref: 0045A043
std::exception::exception.LIBCMT ref: 0045A05C
__CxxThrowException@8.LIBCMT ref: 0045A071

Strings

bad function call, xrefs: 0045A077

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
String ID: bad function call
API String ID: 2464034642-3612616537
Opcode ID: 62ec070fb249bad3c887c7cc24faaad3d93d20169f6d5f22a8d7e1168cb87a47
Instruction ID: 1cc90383c1ac0bc67d0b26205239dd79d98d37ed18f989b87122f1707719383f
Opcode Fuzzy Hash: 62ec070fb249bad3c887c7cc24faaad3d93d20169f6d5f22a8d7e1168cb87a47
Instruction Fuzzy Hash: FD11D37580020CBB8B04EFD5D8859CD7BBCAA08344F50C56BFD1597541EB74A7588FD9

Function 00488E20 Relevance: 15.1, APIs: 10, Instructions: 82windowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00488E44
ScreenToClient.USER32(?,?), ref: 00488E56
ScreenToClient.USER32(?,?), ref: 00488E6A
CreateCompatibleDC.GDI32(?), ref: 00488E87
CreateCompatibleBitmap.GDI32(?,?,?), ref: 00488E9A
SelectObject.GDI32(00000000,00000000), ref: 00488EA4
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 00488EC7
CreatePatternBrush.GDI32(00000000), ref: 00488ECE
DeleteObject.GDI32(00000000), ref: 00488ED7
DeleteDC.GDI32(00000000), ref: 00488EDE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Create$ClientCompatibleDeleteObjectScreen$BitmapBrushPatternRectSelectWindow
String ID:
API String ID: 3450704212-0
Opcode ID: cf7c7d20052ae2839674c43f1f87d76bf706b61f0c56962b41ee0e9b41c1e847
Instruction ID: 2a29c482f22e08526d3cf4e3a7d650e0fdbfea24619a8449f596064a50d39988
Opcode Fuzzy Hash: cf7c7d20052ae2839674c43f1f87d76bf706b61f0c56962b41ee0e9b41c1e847
Instruction Fuzzy Hash: 0A31D876900229AFCB00DFA5DC88EEEBFB8FF4D310F14446AE915A7221D6756944CFA4

Function 0042CAF6 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 365fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042CB00

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

GetModuleHandleW.KERNEL32(?), ref: 0042CC9A

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00425464: __EH_prolog3_GS.LIBCMT ref: 0042546E
Part of subcall function 00425464: __CxxThrowException@8.LIBCMT ref: 004254D3
Part of subcall function 00425464: GetFileSize.KERNEL32(?,?,00000108,00424345,00000000,00000010,004246AC,?,?,?,?,?,?,00000000), ref: 004254DC
Part of subcall function 00425464: GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004254E9

CopyFileW.KERNEL32(?,00000004,00000000,?), ref: 0042CE20

Strings

P/L, xrefs: 0042CB22
|-L, xrefs: 0042CCC9
T4L, xrefs: 0042CB29
P/L, xrefs: 0042CC1D
T4L, xrefs: 0042CC24

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FileFreeH_prolog3H_prolog3_String$CopyException@8HandleModuleSizeThrow
String ID: P/L$P/L$T4L$T4L$|-L
API String ID: 3870862371-422448004
Opcode ID: 6c388f0004c163faefbbf7cf78ae40eb0d408bf96a58c24b2aa01b12ed92a5ff
Instruction ID: c36dbe24691370739a9835a1c444a55bb41bf866527fb03aff7f3bd6c98a6da1
Opcode Fuzzy Hash: 6c388f0004c163faefbbf7cf78ae40eb0d408bf96a58c24b2aa01b12ed92a5ff
Instruction Fuzzy Hash: DFE17131A00128EEDF24EB65D991BDEB7B4AF15304F9040EEE409A3191DB785B89CF69

Function 004498B6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 218COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004498C0

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00442F46: __EH_prolog3_GS.LIBCMT ref: 00442F50

GetLastError.KERNEL32 ref: 0044991A

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

GetLastError.KERNEL32 ref: 00449992

Strings

@/L, xrefs: 004498FA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: @/L
API String ID: 852442433-3803013380
Opcode ID: 42ad6dfb68b762c1461525a514dbfa7b36e6ccc0df8e15edbc9bb8e65d601691
Instruction ID: 1b2d1e4f24ae07c6c5dbd6125e24edbfe70c6bcde94f42e85396bf2ef9296fe3
Opcode Fuzzy Hash: 42ad6dfb68b762c1461525a514dbfa7b36e6ccc0df8e15edbc9bb8e65d601691
Instruction Fuzzy Hash: 3981E6B1801218DADB10EF65CC46BDE7B78EF15304F10409FF90A96292EB745E49CBE9

Function 00419B97 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 218COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00419BA1

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00441E34: __EH_prolog3_GS.LIBCMT ref: 00441E3E

Strings

@/L, xrefs: 00419E15
@/L, xrefs: 00419E6D
setup.gif, xrefs: 00419CD8, 00419E0A
setupdir\%04x, xrefs: 00419BEE
setup.bmp, xrefs: 00419C20, 00419D83
@/L, xrefs: 00419C35
@/L, xrefs: 00419BCB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeH_prolog3String
String ID: @/L$@/L$@/L$@/L$setup.bmp$setup.gif$setupdir\%04x
API String ID: 888054269-4254738307
Opcode ID: dff2282cf28c2283f1027fc7e78879c50163e39c3448eaf12a755f8841f67d7c
Instruction ID: 2589b504f36761d3e1ad1fc738782170f700540b2eb055d81e53434017a2e2fe
Opcode Fuzzy Hash: dff2282cf28c2283f1027fc7e78879c50163e39c3448eaf12a755f8841f67d7c
Instruction Fuzzy Hash: BF917FB190021CEACB15EBA4C951FDEB7B8AF18308F14019FE54963192EBB45B49CB69

Function 0040D268 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 174COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040D272

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040B22B: __EH_prolog3_GS.LIBCMT ref: 0040B232

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0044BDFA: __EH_prolog3.LIBCMT ref: 0044BE01

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044DA4D: __EH_prolog3_GS.LIBCMT ref: 0044DA57

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Strings

0x%04x, xrefs: 0040D2B0
@/L, xrefs: 0040D4C6
@/L, xrefs: 0040D29C
.ini, xrefs: 0040D301
%ld, xrefs: 0040D2F2
@/L, xrefs: 0040D2DD
@/L, xrefs: 0040D38F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$FreeH_prolog3String
String ID: %ld$.ini$0x%04x$@/L$@/L$@/L$@/L
API String ID: 80789219-516300192
Opcode ID: 9690bca2445eebb595d62efd4a6e2618c32715a8a792eec248f932929b59a1d3
Instruction ID: b3cc2b071437a2081222209709ce3d136839505f496cc787cef8989ad92d6d7f
Opcode Fuzzy Hash: 9690bca2445eebb595d62efd4a6e2618c32715a8a792eec248f932929b59a1d3
Instruction Fuzzy Hash: 0571837180021CEADB10EBA5CD45BDDBBB8AF55308F1440DEE509B3182DBB85B48CBA9

Function 0044975D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 113libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00449764
GetModuleHandleW.KERNEL32(shell32.dll,SHFileOperationW,0000003C,004412FC,?,00000000), ref: 00449780
GetProcAddress.KERNEL32(00000000), ref: 00449789
GetModuleHandleW.KERNEL32(shell32.dll,SHFileOperationA), ref: 00449817
GetProcAddress.KERNEL32(00000000), ref: 0044981A

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 0043DF31: _memset.LIBCMT ref: 0043DF3F

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

SHFileOperationA, xrefs: 0044980D
shell32.dll, xrefs: 00449774, 00449812
SHFileOperationW, xrefs: 0044976F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProcString$AllocH_prolog3H_prolog3__memset
String ID: SHFileOperationA$SHFileOperationW$shell32.dll
API String ID: 2238935536-1880307489
Opcode ID: 403216bd0e91134ddec93d0757ae6b5cf4e04a418ecbec8c7119996f1023fc7d
Instruction ID: 82e1dcefaf5b38845a4e38a086992c5bfe2de4daf0acf35e94c23cad833e38d1
Opcode Fuzzy Hash: 403216bd0e91134ddec93d0757ae6b5cf4e04a418ecbec8c7119996f1023fc7d
Instruction Fuzzy Hash: 6741A671900309AEDB01EFA5CC41FDEBFB89F15304F14405EF905A7292DBB89A45CBA9

Function 004390EA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112COMMON

Download Yara Rule

APIs

GetPropW.USER32(?,This), ref: 004390F9
GetWindowLongW.USER32(?,000000F4), ref: 0043913B
GetSysColor.USER32(00000005), ref: 0043915C
SetBkColor.GDI32(?,00000000), ref: 00439166
SetPropW.USER32(?,This,?), ref: 004391D8
RemovePropW.USER32(?,This), ref: 004391FD
DefWindowProcW.USER32(?,?,?,?), ref: 0043920F

Strings

This, xrefs: 004390F3, 004391CF, 004391F7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Prop$ColorWindow$LongProcRemove
String ID: This
API String ID: 1744480154-1591487769
Opcode ID: c3b06b085747a868f0557f887ee4b44ee0eb8835c087535afdb5271996f0c7d5
Instruction ID: c734fadf3586be9cfb2d03bb6e43c38dc181511a55f91df0914daf74a3f7053e
Opcode Fuzzy Hash: c3b06b085747a868f0557f887ee4b44ee0eb8835c087535afdb5271996f0c7d5
Instruction Fuzzy Hash: DB31AD34200905BBDB285FA9DD4CD2B7BA8FF0D315F10188AF466D73A1CBB8DD018A69

Function 00405950 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,?,00000003,00000000,?,?,?,?,?,?,?,?,00000000,004AC3E0,000000FF), ref: 004059A4
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,004AC3E0,000000FF), ref: 004059DA
GetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004AC3E0,000000FF), ref: 00405A25
SysFreeString.OLEAUT32(000000FF), ref: 00405A41
SysFreeString.OLEAUT32(?), ref: 00405A4C
SetLastError.KERNEL32(?), ref: 00405A6C
SetLastError.KERNEL32(00000003), ref: 00405A76

Strings

T4L, xrefs: 00405998

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: T4L
API String ID: 2425351278-1354015026
Opcode ID: 9c97ba61bc56eddfd076f442ad99ff4f6c67ca2cffa0b5ea2a0af6de39cb4a05
Instruction ID: 1d50ff39d37cd8aa85c9e9d149d21a44b15b42f639968989123202e4cf14c0ac
Opcode Fuzzy Hash: 9c97ba61bc56eddfd076f442ad99ff4f6c67ca2cffa0b5ea2a0af6de39cb4a05
Instruction Fuzzy Hash: 79412A75A00209EFDB00DF69C985B9ABBF4FF08314F14412AE819E7690DB75A911CF98

Function 0040CDAE Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 101COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040CDB8

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040B22B: __EH_prolog3_GS.LIBCMT ref: 0040B232

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044585A: __EH_prolog3_GS.LIBCMT ref: 00445864

Strings

0x%04x, xrefs: 0040CDF0
@/L, xrefs: 0040CEEB
.ini, xrefs: 0040CDFE
Properties, xrefs: 0040CECD
MS Sans Serif, xrefs: 0040CE89
FontName, xrefs: 0040CEA7
@/L, xrefs: 0040CDDC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeString$H_prolog3
String ID: .ini$0x%04x$@/L$@/L$FontName$MS Sans Serif$Properties
API String ID: 1949661404-2396576412
Opcode ID: e022c1b78b51fe355ea5f70f1da36adad66936fc38bfd72748fdeccd5c695ba5
Instruction ID: 852665918b4d215c2952b0b1f833bbc88fc080e3296a1f32bd5dd132b01d9c4b
Opcode Fuzzy Hash: e022c1b78b51fe355ea5f70f1da36adad66936fc38bfd72748fdeccd5c695ba5
Instruction Fuzzy Hash: 1241B671900218EADB14FBA5CC56BEDB7B8AF55704F0040DFF408A7182DBB81B48CBA6

Function 00444D1F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 93COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00444D26
GetEnvironmentVariableW.KERNEL32(Path,-004D9AE4,-004D9AE4,00000074), ref: 00444D52

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

GetEnvironmentVariableW.KERNEL32(Path,00000000,00000000,?,00000001), ref: 00444D99

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000), ref: 00444DBC
ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00444E0A

Part of subcall function 0041525D: __EH_prolog3_GS.LIBCMT ref: 00415264

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 00444D66
Path, xrefs: 00444D4C, 00444D51, 00444D98
@/L, xrefs: 00444DCF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$EnvironmentString$H_prolog3_$ExpandFreeStringsVariable$Alloc
String ID: @/L$@/L$Path
API String ID: 1074818151-3554151785
Opcode ID: abbeb50438e57837bb4e655d190607e1fcf6f37cafd40e8cfdc8cf256c917fca
Instruction ID: 6b91a257a750812075f1071927e0505a25add33ce3993652b0e9007b79f1258f
Opcode Fuzzy Hash: abbeb50438e57837bb4e655d190607e1fcf6f37cafd40e8cfdc8cf256c917fca
Instruction Fuzzy Hash: 62316171900218EEDB15EBE5CC95FDEBBBCAF55308F10406EE501B7292DBB85A08CB65

Function 00438F3A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00438F41
GetDlgItem.USER32(?,000003F2), ref: 00438F56
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00438F68
GetDlgItem.USER32(?,000003ED), ref: 00438F7B
SendMessageW.USER32(00000000,0000100C,000000FF,00000002), ref: 00438F89
_memset.LIBCMT ref: 00438F95
SendMessageW.USER32 ref: 00438FB3

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00439266: __EH_prolog3.LIBCMT ref: 0043926D

Strings

@/L, xrefs: 00438FE7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3MessageSend$ErrorItemLast$_memset
String ID: @/L
API String ID: 693980260-3803013380
Opcode ID: d715b6f868fc3055e897ea1d08517cac3c23765af1e7e563b9ebc0604966d0f7
Instruction ID: adbb50a416dfcfd33e8dcaf3e3114e4bd13b1232064233bf39035550a3ec9bf9
Opcode Fuzzy Hash: d715b6f868fc3055e897ea1d08517cac3c23765af1e7e563b9ebc0604966d0f7
Instruction Fuzzy Hash: F631A271A00214ABEB10EFA5CD46F5DBBB8EF08714F15815AF505AF2D2C7B49D01CB89

Function 00404960 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00405F80: GetLastError.KERNEL32(00000001,7529E860,98A63EB4,?,7591E010,?,?,004AC698,000000FF,T4L,004049B4), ref: 00405FF4
Part of subcall function 00405F80: SetLastError.KERNEL32(?,00000007,00000000,000000FF), ref: 00406042

GetLastError.KERNEL32 ref: 004049C1
SysFreeString.OLEAUT32(?), ref: 004049DF
SysFreeString.OLEAUT32(?), ref: 004049EC
SetLastError.KERNEL32(?), ref: 00404A16
GetLastError.KERNEL32 ref: 00404A25
SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00404A7F

Strings

T4L, xrefs: 00404960
T4L, xrefs: 00404A1E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: T4L$T4L
API String ID: 2425351278-3367740000
Opcode ID: 058cff7a5df4e6d868abe48a367cce014fb2891f3a17672302919ae29e5b005f
Instruction ID: 32c3651e55e86741e28abfdec92bbce572763d66b3ad848a02f8ce83922ad317
Opcode Fuzzy Hash: 058cff7a5df4e6d868abe48a367cce014fb2891f3a17672302919ae29e5b005f
Instruction Fuzzy Hash: 64312AB1508741AFD700CF29C845B16BBE4FF88318F104A2EF855976A1D7B5E819CF8A

Function 00422806 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90librarystringloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00422810
_memmove.LIBCMT ref: 0042282A

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,0000028C), ref: 00422860
__setjmp3.LIBCMT ref: 00422881
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 004228A0
_memmove.LIBCMT ref: 0042292A

Strings

setup.cpp, xrefs: 0042283D
DllGetClassObject, xrefs: 00422895

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString_memmove$AddressH_prolog3_Proc__setjmp3lstrcpy
String ID: DllGetClassObject$setup.cpp
API String ID: 1563037923-408802517
Opcode ID: 66f1c59ac71a33efdcddd3dcdf49953bf7b0f9f938df8a0b2696b01515643e3b
Instruction ID: ecd6348c71aad56a1ed06a8bc105ad6356619fc000b3944777252f3456d37dc4
Opcode Fuzzy Hash: 66f1c59ac71a33efdcddd3dcdf49953bf7b0f9f938df8a0b2696b01515643e3b
Instruction Fuzzy Hash: 1831A471A00209AFDB14EBA5CC41FAE7778BB44704F1440AEF509E7281DBB8AF488B65

Function 004711D1 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 004711F4

Part of subcall function 004710C7: Replicator::operator[].LIBCMT ref: 00471143
Part of subcall function 004710C7: DName::operator+=.LIBCMT ref: 0047114B

DName::operator+.LIBCMT ref: 0047124F
DName::DName.LIBCMT ref: 004712A7

Strings

<ellipsis>, xrefs: 00471291, 00471296
void, xrefs: 0047129F
,<ellipsis>, xrefs: 00471242, 00471247
,..., xrefs: 0047123B
..., xrefs: 0047128A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 8217b5c887c384039c40dde4328477bc28f00afdf0f4efe002ef6c57d57cf4e5
Instruction ID: cbe1d6784aac912a255005b07126b8380ed1ee788e7090444351a289da9a6356
Opcode Fuzzy Hash: 8217b5c887c384039c40dde4328477bc28f00afdf0f4efe002ef6c57d57cf4e5
Instruction Fuzzy Hash: 692166706012459FCB04CF5CE594AE63BE4EB09304B14C2ABE44AEB762CB38D941CB8D

Function 0041C603 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 79librarystringloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041C60D
_memmove.LIBCMT ref: 0041C627

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,0000028C), ref: 0041C65D
__setjmp3.LIBCMT ref: 0041C67E
GetProcAddress.KERNEL32(?,InstallEngineTypelib), ref: 0041C69D
_memmove.LIBCMT ref: 0041C6FF

Strings

setup.cpp, xrefs: 0041C63A
InstallEngineTypelib, xrefs: 0041C692

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString_memmove$AddressH_prolog3_Proc__setjmp3lstrcpy
String ID: InstallEngineTypelib$setup.cpp
API String ID: 1563037923-24250156
Opcode ID: ad1e05325df397600887e60f66f81ba6f3dbdac367ad2acabdb569ca3327d36c
Instruction ID: ba1a2fa3717a30956a3fb256af288c02464c9cae350b84fb67c140e2a21bc26d
Opcode Fuzzy Hash: ad1e05325df397600887e60f66f81ba6f3dbdac367ad2acabdb569ca3327d36c
Instruction Fuzzy Hash: 3421EA71640205EBDF14EB95CC91FAE7778AF44705F00406EF906A7192DF789E488BAD

Function 00439468 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetPropW.USER32(?,This), ref: 00439478
EnableMenuItem.USER32(?,0000F030,00000003), ref: 004394B2
EnableMenuItem.USER32(?,0000F000,00000003), ref: 004394BE
IsWindow.USER32(?), ref: 004394E7
SendMessageW.USER32(?,00000111,00000002,00000000), ref: 00439503
SetPropW.USER32(?,This,?), ref: 00439516
RemovePropW.USER32(?,This), ref: 00439527

Strings

This, xrefs: 00439471, 00439476, 00439512, 00439525

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Prop$EnableItemMenu$MessageRemoveSendWindow
String ID: This
API String ID: 2617454859-1591487769
Opcode ID: 8431ab33346b0fbe61acedda2eb80ad25f733ad79c3b441b84b841987ec0a053
Instruction ID: 49fd111743158434b0272aa931994b9fd5ab21aa3a63de756cb8bcf00940d983
Opcode Fuzzy Hash: 8431ab33346b0fbe61acedda2eb80ad25f733ad79c3b441b84b841987ec0a053
Instruction Fuzzy Hash: E1212432200208BBDF265F25EC48F6B7BA8EB09754F045426FA51972A1E7F4DD819B58

Function 00425464 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042546E
__CxxThrowException@8.LIBCMT ref: 004254D3
GetFileSize.KERNEL32(?,?,00000108,00424345,00000000,00000010,004246AC,?,?,?,?,?,?,00000000), ref: 004254DC
GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004254E9

Strings

dJ, xrefs: 004254B5, 004254B8
dJ, xrefs: 004254FB
lJ, xrefs: 004254A7
lJ, xrefs: 00425505

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorException@8FileH_prolog3_LastSizeThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 4197087271-2563680426
Opcode ID: 6bfd06098663998e1864b7e0b85d982f5376d6feb732abbec76d78eb91649331
Instruction ID: b2082534f39979bccaf32d7e782aa233bb087002ff19d54df1b5e64b96e7a666
Opcode Fuzzy Hash: 6bfd06098663998e1864b7e0b85d982f5376d6feb732abbec76d78eb91649331
Instruction Fuzzy Hash: 2D21B3B1900218EBC710EFA1DC84AEEB7BCBF14314F40426FE925A3281DB749E44CB98

Function 004451AC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58timeCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004451B6
__CxxThrowException@8.LIBCMT ref: 00445218
GetFileTime.KERNEL32(?,@/L,?,?,00000108,004417D5,?,?,?,004AFFB8,80000000,00000001,00000080,00000003,00000000,00000000), ref: 00445222

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

lJ, xrefs: 0044523B
dJ, xrefs: 00445231
dJ, xrefs: 004451FD, 00445200
lJ, xrefs: 004451EB
@/L, xrefs: 004451C3, 0044521E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ThrowTime
String ID: @/L$dJ$dJ$lJ$lJ
API String ID: 2876734416-2881729011
Opcode ID: 9a6b22172f09db23ccca398d4d5466f7a9936bd147720b9bfc22103af92eff08
Instruction ID: 09ae8387e76ab4fe6258251d74e8dc5e22117f4eef0919e0a1f8ca21e18f499a
Opcode Fuzzy Hash: 9a6b22172f09db23ccca398d4d5466f7a9936bd147720b9bfc22103af92eff08
Instruction Fuzzy Hash: C81138B5910208EBDB20EF91CC45EEEB7B8BF14705F10815FE556A3241DB78AA09CF69

Function 004714B1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 004714B9
DName::DName.LIBCMT ref: 004714C3

Part of subcall function 0046F8DF: DName::doPchar.LIBCMT ref: 0046F90D

UnDecorator::getScopedName.LIBCMT ref: 00471503
DName::operator+=.LIBCMT ref: 0047150D
DName::operator+=.LIBCMT ref: 0047151C
DName::operator+=.LIBCMT ref: 00471528
DName::operator+=.LIBCMT ref: 00471535

Strings

void, xrefs: 00471514

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 93ccbd59374ef14a15800b639aa9b87106222d81ce2c256b44972331b3854e2f
Instruction ID: c7e38856e69c193cf3e608dde28ec5eb22488e24ee85ebedf2e190f0a7fcbdf9
Opcode Fuzzy Hash: 93ccbd59374ef14a15800b639aa9b87106222d81ce2c256b44972331b3854e2f
Instruction Fuzzy Hash: B411C272501244ABCB08EF68D946AF97B74EB14308F40809FE00A5B3A2DB78DA45C719

Function 00449616 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 39libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0044961D
GetModuleHandleW.KERNEL32(kernel32.dll,SetFileAttributesW,00000000,00441E05,?,00000000), ref: 00449637
GetProcAddress.KERNEL32(00000000), ref: 0044963A
GetModuleHandleW.KERNEL32(kernel32.dll,SetFileAttributesA), ref: 00449661
GetProcAddress.KERNEL32(00000000), ref: 00449664

Strings

kernel32.dll, xrefs: 0044962F, 0044965C
SetFileAttributesA, xrefs: 00449657
SetFileAttributesW, xrefs: 00449628

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$H_prolog3
String ID: SetFileAttributesA$SetFileAttributesW$kernel32.dll
API String ID: 1623054726-3589348009
Opcode ID: d8697c1983845be022ac2fd6a8baa6782a64e7cfa578b7963039f5216ac1d9a4
Instruction ID: f5a7adeeb259beac87689d7c1297ac4d20245e928a6042eb8aa96612b803b1c2
Opcode Fuzzy Hash: d8697c1983845be022ac2fd6a8baa6782a64e7cfa578b7963039f5216ac1d9a4
Instruction Fuzzy Hash: 84F08C31600308ABCF15BF66CC19E8E7B68AFA0B50B12411AFC0297150DB7DDA45DBAC

Function 00449033 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0044903A
GetModuleHandleW.KERNEL32(kernel32.dll,RemoveDirectoryW,00000000,00442362), ref: 00449054
GetProcAddress.KERNEL32(00000000), ref: 00449057
GetModuleHandleW.KERNEL32(kernel32.dll,RemoveDirectoryA), ref: 0044907B
GetProcAddress.KERNEL32(00000000), ref: 0044907E

Strings

kernel32.dll, xrefs: 0044904C, 00449076
RemoveDirectoryW, xrefs: 00449045
RemoveDirectoryA, xrefs: 00449071

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$H_prolog3
String ID: RemoveDirectoryA$RemoveDirectoryW$kernel32.dll
API String ID: 1623054726-1796459256
Opcode ID: 50ceb3d4d04defea5bae08c69ad30f9a6bbd054d28951227a46f9cc3e051c533
Instruction ID: 177c85f1501f4e119657a32248533c9b0affb9b454dd3b706eb46c5f598a4413
Opcode Fuzzy Hash: 50ceb3d4d04defea5bae08c69ad30f9a6bbd054d28951227a46f9cc3e051c533
Instruction Fuzzy Hash: 07F0A931600304ABCF14BB768C09A8F7A64AF90B50B12452EF80697180DB7CCA41CBAC

Function 00441D3D Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00441D44
GetModuleHandleW.KERNEL32(kernel32.dll,DeleteFileW,00000000,0040E878), ref: 00441D5E
GetProcAddress.KERNEL32(00000000), ref: 00441D61
GetModuleHandleW.KERNEL32(kernel32.dll,DeleteFileA), ref: 00441D85
GetProcAddress.KERNEL32(00000000), ref: 00441D88

Strings

DeleteFileW, xrefs: 00441D4F
kernel32.dll, xrefs: 00441D56, 00441D80
DeleteFileA, xrefs: 00441D7B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc$H_prolog3
String ID: DeleteFileA$DeleteFileW$kernel32.dll
API String ID: 1623054726-1437360270
Opcode ID: 4b1681924df6c003450726dee01bd950833c4300358f64b5df3b8fbc1bd87e85
Instruction ID: 661ce79cb93eaffdecf0edf13d19ed5daf71837a4785dddfabb2fe5da01197a9
Opcode Fuzzy Hash: 4b1681924df6c003450726dee01bd950833c4300358f64b5df3b8fbc1bd87e85
Instruction Fuzzy Hash: 3BF0CDB1A00314ABCF14BF768C15F8E7B74AF90B40B16452AF81197290DB7CEA45CBAC

Function 00438520 Relevance: 13.6, APIs: 9, Instructions: 102windowstringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043852A
SendDlgItemMessageW.USER32(?,00000034,00000031,00000000,00000000), ref: 00438576
GetObjectW.GDI32(00000000,0000005C,?), ref: 00438586
lstrcpyW.KERNEL32(?,?), ref: 004385B2
CreateFontIndirectW.GDI32(?), ref: 004385BF
SendDlgItemMessageW.USER32(?,00000034,00000030,?,00000001), ref: 004385F5
SetDlgItemTextW.USER32(?,0000000C,-00000004), ref: 0043862A
GetDlgItem.USER32(?,0000000C), ref: 0043863D
EnableWindow.USER32(00000000,?), ref: 0043864F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$MessageSend$CreateEnableFontH_prolog3_IndirectObjectTextWindowlstrcpy
String ID:
API String ID: 3548785438-0
Opcode ID: 35739956977d5c24e42256c85f6c1a3fb3544202f2c811fb29d1601fd4175961
Instruction ID: 9b928afee46878dec40976792e43a107672440310506abb88115be7aa064bc6c
Opcode Fuzzy Hash: 35739956977d5c24e42256c85f6c1a3fb3544202f2c811fb29d1601fd4175961
Instruction Fuzzy Hash: 7A414C71500214EFDB14EBA5DC99E9ABBB8FF19308F00846EF656971A1DB74E904CB14

Function 00451288 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 157COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00451292
wsprintfW.USER32 ref: 0045133E
wsprintfW.USER32 ref: 0045134E

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

Count, xrefs: 004512FC
Software\InstallShieldPendingOperation, xrefs: 004512E3
source%d, xrefs: 00451348
dest%d, xrefs: 00451338

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastStringwsprintf$H_prolog3_
String ID: Count$Software\InstallShieldPendingOperation$dest%d$source%d
API String ID: 3447950213-4089646173
Opcode ID: b3fda8f5182cfb88cd5b242456661aa8ffeae84f34dd71114ef13c9ab0267b9c
Instruction ID: 04ab352abc95b7cbce87444a30eeff6c331f2d8b74f57c41ef50cafc384b38ec
Opcode Fuzzy Hash: b3fda8f5182cfb88cd5b242456661aa8ffeae84f34dd71114ef13c9ab0267b9c
Instruction Fuzzy Hash: 0C616E718402299EDB25EF65CC51BEDB7B4AF15304F0041EEE949A3292EB785B88CF58

Function 004480B2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110registryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004480B9

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

LoadTypeLib.OLEAUT32(?,?), ref: 0044812F
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00448149
RegOverridePredefKey.ADVAPI32(80000000,00000000), ref: 004481EB

Part of subcall function 00448BA8: GetVersionExW.KERNEL32(?), ref: 00448BCC

Part of subcall function 0043F607: RegOverridePredefKey.ADVAPI32(80000000,?), ref: 0043F63F

Strings

@/L, xrefs: 004480D9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3$ErrorLastOverridePredefType$LoadRegisterVersion
String ID: @/L
API String ID: 3828359244-3803013380
Opcode ID: c188cd4feb5394c7b68cce33179840294587540a5e910166922f0608f29b2fe4
Instruction ID: a187f700d9e3457ba3fee34f782bd667abac8c0fda7a9e350cb96ee8d41f69a3
Opcode Fuzzy Hash: c188cd4feb5394c7b68cce33179840294587540a5e910166922f0608f29b2fe4
Instruction Fuzzy Hash: D8417170600109EFEF04DF65C884AAE7BB8AF15308F60846FF815DB251DB79D946CB69

Function 0040E72E Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040E735
IsWindow.USER32(00000000), ref: 0040E74C

Strings

DownloadFiles: %s, xrefs: 0040E7E2
P/L, xrefs: 0040E774
J, xrefs: 0040E7E8
@/L, xrefs: 0040E867
T4L, xrefs: 0040E77B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_Window
String ID: @/L$DownloadFiles: %s$P/L$T4L$J
API String ID: 2696129371-3407581839
Opcode ID: b70a025c7d585de13fc4c52d1929fb1800e7577ff4b0f03beed401d53223ad76
Instruction ID: de23dfaef23a451ab727cd009e5c9a7a2e24c9d9a3dbe1c19b831f440d0632a1
Opcode Fuzzy Hash: b70a025c7d585de13fc4c52d1929fb1800e7577ff4b0f03beed401d53223ad76
Instruction Fuzzy Hash: 7F41C575D00208DBCB14EFA1C881A9DB7B8BF04304F24457FE905B7292DB799A09CF99

Function 004043D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
SysFreeString.OLEAUT32(?), ref: 004044BD
SysFreeString.OLEAUT32(?), ref: 004044C8
SetLastError.KERNEL32(?), ref: 004044E8

Strings

T4L, xrefs: 00404415

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: T4L
API String ID: 2425351278-1354015026
Opcode ID: 77a5511f58a867ba2974a95759635336675508833ab717c16b0faf72b683717b
Instruction ID: c1a8e6e27e6d95d5599461cddef750d2e346726b17c2bafc7bb77502d4853971
Opcode Fuzzy Hash: 77a5511f58a867ba2974a95759635336675508833ab717c16b0faf72b683717b
Instruction Fuzzy Hash: 4A413AB1900209EFDB00CF65C944B9EFBB4FF48314F14812AE819A7791E779A925CF99

Function 00404AB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00406060: SysFreeString.OLEAUT32(?), ref: 004060C2
Part of subcall function 00406060: GetLastError.KERNEL32(98A63EB4,?,7591E010,00000000,00000000,?,004ACA98,000000FF,T4L,00404B04), ref: 004060ED
Part of subcall function 00406060: SetLastError.KERNEL32(?,00000004,00000000,000000FF), ref: 0040613E

GetLastError.KERNEL32 ref: 00404B11
SysFreeString.OLEAUT32(?), ref: 00404B2F
SysFreeString.OLEAUT32(?), ref: 00404B3C
SetLastError.KERNEL32(?), ref: 00404B66
GetLastError.KERNEL32 ref: 00404B75
SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00404BCF

Strings

T4L, xrefs: 00404B6E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: T4L
API String ID: 2425351278-1354015026
Opcode ID: be714e4bf5fa390a1e12a13b6dba38f14e6c359a4fb5016913e6aa85f2a16c1e
Instruction ID: 09830f44d83ceb23d2da7353d6a015d3463f55c871dcda439cef5f342e7a354a
Opcode Fuzzy Hash: be714e4bf5fa390a1e12a13b6dba38f14e6c359a4fb5016913e6aa85f2a16c1e
Instruction Fuzzy Hash: E63118B1508245AFD700CF69C845B16BBE4FF88328F10462EF855976A1D7B5E815CF8A

Function 0040CF3D Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 90COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040CF47

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040B22B: __EH_prolog3_GS.LIBCMT ref: 0040B232

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044575F: __EH_prolog3_GS.LIBCMT ref: 00445769

Strings

0x%04x, xrefs: 0040CF76
@/L, xrefs: 0040CF62
.ini, xrefs: 0040CF84
Properties, xrefs: 0040D02D
@/L, xrefs: 0040D04A
FontSize, xrefs: 0040D00F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeString$H_prolog3
String ID: .ini$0x%04x$@/L$@/L$FontSize$Properties
API String ID: 1949661404-2293665164
Opcode ID: 5e0f8e802eaf8be2fa6d8fe13b60ab1dddcff83cf078cfb3d9684dd82f94832a
Instruction ID: 7b5d863ec8f61f1dcf2dbdbf51602eaf4a1d24238f66e5dda1212ad8cbdd6bc2
Opcode Fuzzy Hash: 5e0f8e802eaf8be2fa6d8fe13b60ab1dddcff83cf078cfb3d9684dd82f94832a
Instruction Fuzzy Hash: 693175B1900218EADB04F7A5CC56BED7778AF14348F1400EFF54567182DBB85B48CBA9

Function 0041562E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00415638
__CxxThrowException@8.LIBCMT ref: 004156AE
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 004156C0

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 004156EC, 004156EF
lJ, xrefs: 00415682
lJ, xrefs: 004156D9
dJ, xrefs: 00415690, 00415693

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 839f0476e56ccd1d90a14d53fd8f62815a1306fb0fc324e7fe5e585639e0657e
Instruction ID: 29ade8ddb5b8e31f19fab82f36335d99cdf2997279f3780005d12579531462b7
Opcode Fuzzy Hash: 839f0476e56ccd1d90a14d53fd8f62815a1306fb0fc324e7fe5e585639e0657e
Instruction Fuzzy Hash: DD213BB5900218EBDB24DB91CC81EEE77BCAB54304F10855FE515A7181EB74AA89CA94

Function 00415716 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00415720
__CxxThrowException@8.LIBCMT ref: 00415796
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 004157A8

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 00415778, 0041577B
lJ, xrefs: 004157C1
lJ, xrefs: 0041576A
dJ, xrefs: 004157D4, 004157D7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: b5adcb1151ecb772b90f6adbded70c6202de8a6fbe47926ae69f8d56078054b9
Instruction ID: ebf3c470cbe134efa20adb9b6bb058dd50925e91a06f4d371b6f080ce125d79f
Opcode Fuzzy Hash: b5adcb1151ecb772b90f6adbded70c6202de8a6fbe47926ae69f8d56078054b9
Instruction Fuzzy Hash: 9E213DB5900218EACB14DB91CC82EEE777CAF04304F10855FF515A7181DB74AE85CA64

Function 0043A743 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043A74D
__CxxThrowException@8.LIBCMT ref: 0043A7C3
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 0043A7D5

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

lJ, xrefs: 0043A797
dJ, xrefs: 0043A7A5, 0043A7A8
lJ, xrefs: 0043A7EE
dJ, xrefs: 0043A801, 0043A804

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 530688ce843847ef3b5e972feb6f9f9fb0ec67f1c00cd63f373c6b87473371ba
Instruction ID: cec8f0084c9be4eb951c905ee080aae46aec25b526ee36491d38213f57d09f16
Opcode Fuzzy Hash: 530688ce843847ef3b5e972feb6f9f9fb0ec67f1c00cd63f373c6b87473371ba
Instruction Fuzzy Hash: DC216BB5900218EACB24EB91CC81EEE73BCAB04704F0085AFE555A3141DB74AE49CE94

Function 0043E006 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043E010
__CxxThrowException@8.LIBCMT ref: 0043E088
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 0043E09A

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 0043E06A, 0043E06D
dJ, xrefs: 0043E0C6, 0043E0C9
lJ, xrefs: 0043E05C
lJ, xrefs: 0043E0B3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: b7b8e894d8f89d89f6c48a200bc5eed95eb14a6a7e71ed4e996869ff7b50861e
Instruction ID: e1dbd68a572265f0ecc85e34a384e9eede5618ab68833088d82e4bb60bc65976
Opcode Fuzzy Hash: b7b8e894d8f89d89f6c48a200bc5eed95eb14a6a7e71ed4e996869ff7b50861e
Instruction Fuzzy Hash: 55211BB5900218EBCB64DF91CC85EEEB7BCAB14304F10856FB955A3181DB749E49CE94

Function 0043E0F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043E0FA
__CxxThrowException@8.LIBCMT ref: 0043E172
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 0043E184

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

lJ, xrefs: 0043E146
lJ, xrefs: 0043E19D
dJ, xrefs: 0043E154, 0043E157
dJ, xrefs: 0043E1B0, 0043E1B3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 0841d7052c4b15bdc73bfb04a62b172ef1c838a3a6b2f40665fad4b2791d2242
Instruction ID: 775ab8e83fb4e0760137eb86773a438fb7358c8de11670e13780449baabe43ab
Opcode Fuzzy Hash: 0841d7052c4b15bdc73bfb04a62b172ef1c838a3a6b2f40665fad4b2791d2242
Instruction Fuzzy Hash: 51212CB5900218EBDB54DB92CC81EEFB7BCAF05704F10856FA915A3181DB749E49CE94

Function 0043E1DA Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043E1E4
__CxxThrowException@8.LIBCMT ref: 0043E259
ReadFile.KERNEL32(?,?,?,?,00000000,0000010C), ref: 0043E26B

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

Strings

dJ, xrefs: 0043E23B, 0043E23E
dJ, xrefs: 0043E297, 0043E29A
lJ, xrefs: 0043E284
lJ, xrefs: 0043E22D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Exception@8FileH_prolog3_ReadThrow
String ID: dJ$dJ$lJ$lJ
API String ID: 2465803405-2563680426
Opcode ID: 4e7dc44dc3ff197eda6e15a783cf666d40e56d60e873721424013f9cbd932f6f
Instruction ID: 8a3114d9d7f673727c6ba355215924bceca11f7637ce64c5eabad576f17db6b3
Opcode Fuzzy Hash: 4e7dc44dc3ff197eda6e15a783cf666d40e56d60e873721424013f9cbd932f6f
Instruction Fuzzy Hash: DB212CB5900218EBCB14DF91CC85EEFB7BCAF04304F1085AFA916A3181DB74AA49CF58

Function 0042C627 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042C62E
SetWindowTextW.USER32(00000000,?), ref: 0042C705

Strings

..\..\Shared\Setup\SetupPreRequisite.cpp, xrefs: 0042C684
PrereqEngine: , xrefs: 0042C6BE
P/L, xrefs: 0042C6A8, 0042C6AB
@/L, xrefs: 0042C665
T4L, xrefs: 0042C693

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_TextWindow
String ID: ..\..\Shared\Setup\SetupPreRequisite.cpp$@/L$P/L$PrereqEngine: $T4L
API String ID: 2928184256-3046138960
Opcode ID: 68a4f8a286727cb4533fdacfe7cb15d6e405c1b421d956392f763aeebacd1dd3
Instruction ID: c3ec2bdf6a7a5a4986fd96f18d36534da28e7fd18ae2f263c25a6e9e12bb549a
Opcode Fuzzy Hash: 68a4f8a286727cb4533fdacfe7cb15d6e405c1b421d956392f763aeebacd1dd3
Instruction Fuzzy Hash: 6121F5B0600244AEC715EB61D885BEF7768AB41308F44411FF6416B1D2DBBC6A4AC76C

Function 0044C4A7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

std::exception::exception.LIBCMT ref: 00459F32
__CxxThrowException@8.LIBCMT ref: 00459F47
__CxxThrowException@8.LIBCMT ref: 00459F6B
std::exception::exception.LIBCMT ref: 00459F84
__CxxThrowException@8.LIBCMT ref: 00459F99

Strings

uK, xrefs: 00459F92
|-L, xrefs: 00459F28, 00459F3C, 00459F3F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: |-L$uK
API String ID: 3942750879-472808943
Opcode ID: 222f84c4230ce3889c6ed273af93a17112adc430d284c1d5cb4bb1544bc2eea0
Instruction ID: 789974fd95566fa97475cb8d0a5471cb1fd929a59e2e63bdb17a9d95ebafa182
Opcode Fuzzy Hash: 222f84c4230ce3889c6ed273af93a17112adc430d284c1d5cb4bb1544bc2eea0
Instruction Fuzzy Hash: C0118975900209AEC704EFE5C495ADEB7B8AF04304F54815FE91597642D7789708CF99

Function 00428AD4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

std::exception::exception.LIBCMT ref: 00459F32
__CxxThrowException@8.LIBCMT ref: 00459F47
__CxxThrowException@8.LIBCMT ref: 00459F6B
std::exception::exception.LIBCMT ref: 00459F84
__CxxThrowException@8.LIBCMT ref: 00459F99

Strings

uK, xrefs: 00459F92
|-L, xrefs: 00459F28, 00459F3C, 00459F3F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: |-L$uK
API String ID: 3942750879-472808943
Opcode ID: b381152e977c8d7341d8f794c755a762df2c3e655ea57013d94dce9eb9958b6b
Instruction ID: c08fe74c4ff2020f982ad2ac76490017d19278fe576dccc4cab8603ebb60b3a0
Opcode Fuzzy Hash: b381152e977c8d7341d8f794c755a762df2c3e655ea57013d94dce9eb9958b6b
Instruction Fuzzy Hash: 1D118974900209AECB04EFE5C495ADEB7B8AF04304F50815FA91597642EBB8A708CF99

Function 00431EE8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

std::exception::exception.LIBCMT ref: 00459F32
__CxxThrowException@8.LIBCMT ref: 00459F47
__CxxThrowException@8.LIBCMT ref: 00459F6B
std::exception::exception.LIBCMT ref: 00459F84
__CxxThrowException@8.LIBCMT ref: 00459F99

Strings

uK, xrefs: 00459F92
|-L, xrefs: 00459F28, 00459F3C, 00459F3F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: |-L$uK
API String ID: 3942750879-472808943
Opcode ID: 3c71e6772a25887af338c7b1a9071669af199ba063547484c287422ccb17af9c
Instruction ID: 101c7218b0ad70a17ecada5e6019e606067e8f302c15b8e63c7ed2b541ff5ea4
Opcode Fuzzy Hash: 3c71e6772a25887af338c7b1a9071669af199ba063547484c287422ccb17af9c
Instruction Fuzzy Hash: DA118974800209AEC704EFE5C455FDEB7B8AF04305F50815FE91597642D7789708CF99

Function 00431EBD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

std::exception::exception.LIBCMT ref: 00459F32
__CxxThrowException@8.LIBCMT ref: 00459F47
__CxxThrowException@8.LIBCMT ref: 00459F6B
std::exception::exception.LIBCMT ref: 00459F84
__CxxThrowException@8.LIBCMT ref: 00459F99

Strings

uK, xrefs: 00459F92
|-L, xrefs: 00459F28, 00459F3C, 00459F3F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: |-L$uK
API String ID: 3942750879-472808943
Opcode ID: 222f84c4230ce3889c6ed273af93a17112adc430d284c1d5cb4bb1544bc2eea0
Instruction ID: 526b36643461760f01d76a3ed06622be3f02d2a016b336a421431f81254153db
Opcode Fuzzy Hash: 222f84c4230ce3889c6ed273af93a17112adc430d284c1d5cb4bb1544bc2eea0
Instruction Fuzzy Hash: F9118974800209AEC704EFE5C495EDEB7B8AF04304F50815FE91597692D7789708CFA9

Function 00431F13 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

std::exception::exception.LIBCMT ref: 00459F32
__CxxThrowException@8.LIBCMT ref: 00459F47
__CxxThrowException@8.LIBCMT ref: 00459F6B
std::exception::exception.LIBCMT ref: 00459F84
__CxxThrowException@8.LIBCMT ref: 00459F99

Strings

uK, xrefs: 00459F92
|-L, xrefs: 00459F28, 00459F3C, 00459F3F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: |-L$uK
API String ID: 3942750879-472808943
Opcode ID: 9d2878be798f1f3f03251c0306e5382a7017339454eb9044bcd97a538a89c0c7
Instruction ID: 1b76edc9d4cf2e2a490cf1636d60bb88ce6a17b7841ee013f64fecf17d76aeb7
Opcode Fuzzy Hash: 9d2878be798f1f3f03251c0306e5382a7017339454eb9044bcd97a538a89c0c7
Instruction Fuzzy Hash: EB118974900209AEC704EFE5C455EDEB7B8AF04304F50815FE91597642D7789708CF99

Function 00444840 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 52libraryloadertimeCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetProcessId), ref: 00444861
GetProcAddress.KERNEL32(00000000), ref: 00444868
OpenProcess.KERNEL32(001FFFFF,00000001,?), ref: 00444888
GetProcessTimes.KERNEL32(?,?,?,?,?), ref: 004448A1
CloseHandle.KERNEL32(?), ref: 004448AE

Strings

kernel32.dll, xrefs: 0044485C
GetProcessId, xrefs: 00444857

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: HandleProcess$AddressCloseModuleOpenProcTimes
String ID: GetProcessId$kernel32.dll
API String ID: 4254294609-399901964
Opcode ID: d9dd75881622ae1a5251324709c78a041525cfc1c7e314dbfbf79ae1e38753b5
Instruction ID: 70ec993c6545ce782f9c3288f8f2c7a82e84c3b42845133a85a5c509c0c0755a
Opcode Fuzzy Hash: d9dd75881622ae1a5251324709c78a041525cfc1c7e314dbfbf79ae1e38753b5
Instruction Fuzzy Hash: BF01F7376416556F6F125FA59C04AAB7B9DAE8A7A17090036FD20D3200C738DC0147E8

Function 0043A5E7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0043A5F9
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 0043A609
EncodePointer.KERNEL32(00000000), ref: 0043A612
DecodePointer.KERNEL32(00000000), ref: 0043A620
LCMapStringW.KERNEL32(00000000,?,?,?,?,?), ref: 0043A664

Strings

LCMapStringEx, xrefs: 0043A603
kernel32.dll, xrefs: 0043A5F4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProcString
String ID: LCMapStringEx$kernel32.dll
API String ID: 405835482-327329431
Opcode ID: b1fd236d22805b4a8d86d6e3e0e7ae531a58f2b2358628097268813cc7cb2d51
Instruction ID: 3ebc672357b0c79b86528f874e75da5eadc0ccec512779a76a81e18060f75be9
Opcode Fuzzy Hash: b1fd236d22805b4a8d86d6e3e0e7ae531a58f2b2358628097268813cc7cb2d51
Instruction Fuzzy Hash: 2A01173244221ABB8F025FA1DD09DDA3F6ABB0C350B044426FE55A1120C73AC831ABA9

Function 0043A583 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0043A595
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0043A5A5
EncodePointer.KERNEL32(00000000), ref: 0043A5AE
DecodePointer.KERNEL32(00000000), ref: 0043A5BC
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 0043A5DB

Strings

kernel32.dll, xrefs: 0043A590
InitializeCriticalSectionEx, xrefs: 0043A59F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Pointer$AddressCountCriticalDecodeEncodeHandleInitializeModuleProcSectionSpin
String ID: InitializeCriticalSectionEx$kernel32.dll
API String ID: 131412094-2762503851
Opcode ID: abac890a2fa14da345cc0afd31ad1f666ba2fd5c609074f4cb34cf5d1db72c27
Instruction ID: 98aa1212746d2abb31ba45571c3b63d748fb16505e8d7a7dcc8baac04e696ada
Opcode Fuzzy Hash: abac890a2fa14da345cc0afd31ad1f666ba2fd5c609074f4cb34cf5d1db72c27
Instruction Fuzzy Hash: 41F09071542315BB8F011F61DC08D9A7FA8AB0D7517044436FC12D2220D739CA219BAE

Function 0041C305 Relevance: 12.2, APIs: 8, Instructions: 229stringCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,000000F4,?,?), ref: 0041C30C

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

__setjmp3.LIBCMT ref: 0041C32D
_memmove.LIBCMT ref: 0041C568

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

Part of subcall function 004375D6: __EH_prolog3_GS.LIBCMT ref: 004375DD

Part of subcall function 00418CDA: _longjmp.LIBCMT ref: 00418D00

GetDlgItem.USER32(?,00000009), ref: 0041C3B3
EnableWindow.USER32(00000000), ref: 0041C3BC
GetDlgItem.USER32(?,00000002), ref: 0041C3C8
EnableWindow.USER32(00000000), ref: 0041C3CB
GetTickCount.KERNEL32 ref: 0041C3CD

Part of subcall function 00414870: GetDlgItem.USER32(?,0000012D), ref: 0041489A
Part of subcall function 00414870: SendMessageW.USER32(00000000), ref: 004148A1

Part of subcall function 0041CAE7: __EH_prolog3_GS.LIBCMT ref: 0041CAEE
Part of subcall function 0041CAE7: GetPrivateProfileIntW.KERNEL32(Startup,AllUsers,00000000,-00000004), ref: 0041CB30

Part of subcall function 004378CF: IsWindow.USER32 ref: 004378D4

Part of subcall function 004369B6: ShowWindow.USER32(?,00000000), ref: 004369C1

Part of subcall function 0041448F: __EH_prolog3.LIBCMT ref: 00414496
Part of subcall function 0041448F: IsWindow.USER32(?), ref: 004144B5
Part of subcall function 0041448F: IsWindowVisible.USER32(?), ref: 004144C2
Part of subcall function 0041448F: DestroyWindow.USER32(?), ref: 0041453B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$Item$EnableErrorFreeH_prolog3_LastString$CountDestroyH_prolog3MessagePrivateProfileSendShowTickVisible__setjmp3_longjmp_malloc_memmovelstrcpy
String ID:
API String ID: 2072090708-0
Opcode ID: df01bdd751fb675d00d9871d41e0bb41f61b1f882b333a73dfd5c6ed375c197e
Instruction ID: 50899d2ed20d14522423bfaa138997f549d6c493735f3b94975bc422c530e66e
Opcode Fuzzy Hash: df01bdd751fb675d00d9871d41e0bb41f61b1f882b333a73dfd5c6ed375c197e
Instruction Fuzzy Hash: 3571C374740300ABEB04BB364DA2BEE26565F85709F00547EB50BAB2C3CE7C9D8947AC

Function 00450306 Relevance: 12.2, APIs: 8, Instructions: 163COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(00000003,00000000,00000002,00000000,00000003,00000000,00000000), ref: 0045035F
GetTickCount.KERNEL32 ref: 00450367
ResetEvent.KERNEL32(?), ref: 00450377
QueryPerformanceCounter.KERNEL32(?), ref: 004503CA
GetTickCount.KERNEL32 ref: 004503D8
__alldvrm.LIBCMT ref: 00450445
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045045C
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00450481

Part of subcall function 004506A2: GetTickCount.KERNEL32 ref: 004506B1
Part of subcall function 004506A2: GetTickCount.KERNEL32 ref: 004506DA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CountTick$CounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$EventReset__alldvrm
String ID:
API String ID: 3317835756-0
Opcode ID: d16b528da79db4ddab010a0689fe53a8e0c77fd8337804de8dac239bae16cf7a
Instruction ID: 1de5cc299959bb9d8008332be90f542bea3513a19c7deaf59c50281ee03b1f76
Opcode Fuzzy Hash: d16b528da79db4ddab010a0689fe53a8e0c77fd8337804de8dac239bae16cf7a
Instruction Fuzzy Hash: 3F51AF75A007049FDB20DFA5C885BABB7F5BF84316F00882EE986D6252D778A849CF14

Function 004889A0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 92COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 004889EE
SetLastError.KERNEL32(004AE96C,00000000,00000000,000000FF), ref: 00488A48
GetLastError.KERNEL32(?), ref: 00488A6F
SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00488AC5

Strings

lJ, xrefs: 004889E7
dJ, xrefs: 004889E0
lJ, xrefs: 00488A68
lJ, xrefs: 004889A0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: dJ$lJ$lJ$lJ
API String ID: 1452528299-2128537396
Opcode ID: d8e122d93df5cb0243a794acb8c744d64da17d9641110ae3aa27a5d9149a1d9b
Instruction ID: b45a341a48a650650591193acb68afe1818dbe9b5ef5f27e3f1df00c08abf371
Opcode Fuzzy Hash: d8e122d93df5cb0243a794acb8c744d64da17d9641110ae3aa27a5d9149a1d9b
Instruction Fuzzy Hash: 0E414BB1900208DFDB14DF95C814B9EBBF4FF49318F20465EE825A7390DB79A905CB98

Function 00486570 Relevance: 12.0, APIs: 4, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00492C07,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 00486581
SetLastError.KERNEL32(53746547,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865B1
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865C5
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,98A63EB4,?,000001A4,00000000), ref: 004865F5

Strings

dJ, xrefs: 004865B7
lJ, xrefs: 004865BE
dJ, xrefs: 00486573
lJ, xrefs: 0048657A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: dJ$dJ$lJ$lJ
API String ID: 1452528299-2563680426
Opcode ID: 200ef8c29c30ac6504fc3dfcc34c797f3523c37566ed5c9f370429ceb4e7eaf7
Instruction ID: 769be1a6fd4e13e5598b14c51293e14b84b93e7813666d87a52011dac865fccf
Opcode Fuzzy Hash: 200ef8c29c30ac6504fc3dfcc34c797f3523c37566ed5c9f370429ceb4e7eaf7
Instruction Fuzzy Hash: 32114BB5901240CFDB84CF69D5C87057FE4BF19308B2191AAEC18CB26AE779D854CF49

Function 004404B0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 004404BA

Part of subcall function 0043EB5D: __EH_prolog3.LIBCMT ref: 0043EB64

Part of subcall function 00409FA9: SysFreeString.OLEAUT32(00000000), ref: 00409FB8

Part of subcall function 00416831: __EH_prolog3.LIBCMT ref: 00416838

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

GetLastError.KERNEL32(004AFFB8,80000000,00000001,00000080,00000003,00000000,00000000), ref: 00440599

Part of subcall function 004176D4: __EH_prolog3.LIBCMT ref: 004176DB

Part of subcall function 0043EE10: __EH_prolog3.LIBCMT ref: 0043EE17

Strings

SOFTWARE\InstallShield\Cryptography\Trust, xrefs: 004407EA
|-L, xrefs: 0044052F
ISc(, xrefs: 004406AB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3$ErrorLast$FreeString$H_prolog3_catch_
String ID: ISc($SOFTWARE\InstallShield\Cryptography\Trust$|-L
API String ID: 2869626631-3440964114
Opcode ID: 3ecf85bc6bbb07c81ad1041f008fe502d9f95a8280e2ed4eba4b9f1c59423304
Instruction ID: 8c60fa6b941845c39817024feef3a3d6fdd4788c9263d7afa4f198da3635eca0
Opcode Fuzzy Hash: 3ecf85bc6bbb07c81ad1041f008fe502d9f95a8280e2ed4eba4b9f1c59423304
Instruction Fuzzy Hash: 3DD1D270804618EEDB11EB65CC95BEEBB78AF14309F0041DEE40967292DB386F98DF59

Function 00490100 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 203COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,?,00000000,?), ref: 0049014B
SetLastError.KERNEL32(004C2FA8,?,00000000,?), ref: 0049017D
GetLastError.KERNEL32(?,00000000,?), ref: 0049018D
SetLastError.KERNEL32(004C2FA8,?,00000000,?), ref: 004901B9

Part of subcall function 00494EB0: GetLastError.KERNEL32(98A63EB4,7591E010,00000000,?,?,004ABC58,000000FF,?,004901ED,?,00000000,00000000,004B1A74,00000000), ref: 00494EEE
Part of subcall function 00494EB0: SetLastError.KERNEL32(?,00000000,?,00000000,?,004901ED,?,00000000,00000000,004B1A74,00000000), ref: 00494F4A

Strings

x/L, xrefs: 004902CB, 004902CE
x/L, xrefs: 00490289, 0049028C
ALL, xrefs: 0049026F, 00490293, 004902EE, 00490374

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: ALL$x/L$x/L
API String ID: 1452528299-300393698
Opcode ID: 77f42b1bd8677d11b66f4f2e523c9e19174658048120b00dd2a9d37c1e768aa9
Instruction ID: b426142df9c32a6d7b358cb21288f099e10c7965672089d3627bba96ba26348b
Opcode Fuzzy Hash: 77f42b1bd8677d11b66f4f2e523c9e19174658048120b00dd2a9d37c1e768aa9
Instruction Fuzzy Hash: 6F817B31900258AFCF14DFA4C851BEEBBB8AF14304F1441ABE515B72D1EB786A48CFA5

Function 0042E11C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042E126

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Strings

P/L, xrefs: 0042E176
T4L, xrefs: 0042E147
T4L, xrefs: 0042E17D
T4L, xrefs: 0042E27A
P/L, xrefs: 0042E140

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_
String ID: P/L$P/L$T4L$T4L$T4L
API String ID: 3339191932-3027285444
Opcode ID: e2d4f048723bd054f10c888b1840e2f795b652f25687683406468bc7da83aa47
Instruction ID: 92359c65e40d2edf19a11a822b678bd799faada778dec1b6b0f0137984284bbd
Opcode Fuzzy Hash: e2d4f048723bd054f10c888b1840e2f795b652f25687683406468bc7da83aa47
Instruction Fuzzy Hash: 8341D771D01158DEDB11EF91C945BDEBBBCAF14304F10406FE509A7282DBB81E05DBA9

Function 004550BE Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 103stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0045C169: _malloc.LIBCMT ref: 0045C181

GetLastError.KERNEL32 ref: 00455104

Part of subcall function 004551C9: _wcsstr.LIBCMT ref: 004551D3
Part of subcall function 004551C9: lstrlenW.KERNEL32(?,00000000,?,0045516C,00000000,2.5.4.3,?), ref: 004551E3
Part of subcall function 004551C9: _wcsstr.LIBCMT ref: 004551F5

lstrcpynW.KERNEL32(?,00000000,?,00000000,2.5.4.3,?), ref: 00455146
lstrlenW.KERNEL32(00000000,00000000,1.2.840.113549.1.9.1,?,00000000,2.5.4.10,?,00000000,2.5.4.11,?,00000000,2.5.4.3,?), ref: 004551BE

Strings

1.2.840.113549.1.9.1, xrefs: 004551A4
2.5.4.11, xrefs: 00455176
2.5.4.3, xrefs: 0045515F
2.5.4.10, xrefs: 0045518D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _wcsstrlstrlen$ErrorLast_malloclstrcpyn
String ID: 1.2.840.113549.1.9.1$2.5.4.10$2.5.4.11$2.5.4.3
API String ID: 3960672464-2689139351
Opcode ID: 1acad4ea3fa5b6dd1009c058dfa0264d98b6588c7c5ffd81e4d3376d173ea70e
Instruction ID: f5d2370faaa406121b57e90a4b04f141a1cce7fcf5fbf07f2968b0e51ee89e79
Opcode Fuzzy Hash: 1acad4ea3fa5b6dd1009c058dfa0264d98b6588c7c5ffd81e4d3376d173ea70e
Instruction Fuzzy Hash: D8317031600A05BF8B019F69DCA1EFB3BA9EF89351B11046BFC06C7242DA75DD488768

Function 0049A3D1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100stringCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0049A41A
_memmove.LIBCMT ref: 0049A43A
lstrcmpA.KERNEL32(0000000B,NETSCAPE2.0,?,?,?,?,00000000,?,?,0049A70C,0049A70D), ref: 0049A44F
_memmove.LIBCMT ref: 0049A467
_memmove.LIBCMT ref: 0049A48D

Strings

NETSCAPE2.0, xrefs: 0049A449

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove$lstrcmp
String ID: NETSCAPE2.0
API String ID: 1993653321-1278374441
Opcode ID: a4fa64b6d87acade666cc8a3977ed79d75b3c52297e1fa9762e53d964d4f5fc1
Instruction ID: 3e520c9362377f432e9dd8ed6ead6f72ff7c9741bbdfae2883ad40be41d2d1ca
Opcode Fuzzy Hash: a4fa64b6d87acade666cc8a3977ed79d75b3c52297e1fa9762e53d964d4f5fc1
Instruction Fuzzy Hash: 9531AD71900219EFCF21DFA8D849AAEBBF8FF59314F10086EE540A7101E3B89555CB9A

Function 00421647 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00421651
_memmove.LIBCMT ref: 0042166B

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,0000016F,00000000,0000016B), ref: 004216A1
__setjmp3.LIBCMT ref: 004216C2
_memmove.LIBCMT ref: 00421712

Strings

setup.cpp, xrefs: 0042167E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString_memmove$H_prolog3___setjmp3lstrcpy
String ID: setup.cpp
API String ID: 3036740637-2020632666
Opcode ID: d7b618ac555a883af92fda6e564d1a15298a512bc9806faaaa4f80804c2209e7
Instruction ID: 34987dae8071f6da1c7759080f16604cae73d5b2f35546376972d6297ad30ec1
Opcode Fuzzy Hash: d7b618ac555a883af92fda6e564d1a15298a512bc9806faaaa4f80804c2209e7
Instruction Fuzzy Hash: D321AE71A00214DBDB14EB91DD42FAF7378AB44705F00405EF505E7142EB7C9B098BA9

Function 00421B48 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00421B52
_memmove.LIBCMT ref: 00421B6C

Part of subcall function 004043D0: GetLastError.KERNEL32(98A63EB4,7591DFA0,?,7591E010,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404421
Part of subcall function 004043D0: SetLastError.KERNEL32(?,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?,?), ref: 00404451
Part of subcall function 004043D0: GetLastError.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,?,?,?,004AC3A0,000000FF,?,00403D9D,?), ref: 004044A1
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044BD
Part of subcall function 004043D0: SysFreeString.OLEAUT32(?), ref: 004044C8
Part of subcall function 004043D0: SetLastError.KERNEL32(?), ref: 004044E8

lstrcpyW.KERNEL32(?,-00000004,setup.cpp,?,00000001,?,?,0000028C), ref: 00421BA2
__setjmp3.LIBCMT ref: 00421BC3
_memmove.LIBCMT ref: 00421C11

Strings

setup.cpp, xrefs: 00421B7F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString_memmove$H_prolog3___setjmp3lstrcpy
String ID: setup.cpp
API String ID: 3036740637-2020632666
Opcode ID: 5ff24315c6064dd979eadb27dfc15860c64ea6c8bd52747b95b044732f161898
Instruction ID: c6bc1e970fe75999aa5f31fbcb257421081f06be1b76ed2ef1863a06f5de16f5
Opcode Fuzzy Hash: 5ff24315c6064dd979eadb27dfc15860c64ea6c8bd52747b95b044732f161898
Instruction Fuzzy Hash: 6D210B71A00208DBDB14EB91CC41F9E7378FF44305F0040AEF605EB152EB78AA098B69

Function 004442C5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004442CC

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

UuidToStringW.RPCRT4(?,?), ref: 0044430C

Part of subcall function 00449C16: __EH_prolog3.LIBCMT ref: 00449C1D
Part of subcall function 00449C16: CharUpperW.USER32(00000000,?,?,0000000C,00444337), ref: 00449C3F

RpcStringFreeW.RPCRT4(00000000), ref: 0044433B

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 004442EC
|-L, xrefs: 00444316
4OD, xrefs: 004442D1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$Free$H_prolog3$CharH_prolog3_UpperUuid
String ID: 4OD$@/L$|-L
API String ID: 1620240345-1624138275
Opcode ID: 40a435677d3c8d73a00058b0e5d686fc444c633f1bbc92e9f562c653284d6a3a
Instruction ID: 00656392063dec48de0538246a3a7f9acd77e9e4c82ad09656b3f43602c32f3f
Opcode Fuzzy Hash: 40a435677d3c8d73a00058b0e5d686fc444c633f1bbc92e9f562c653284d6a3a
Instruction Fuzzy Hash: 72113D71A10618DBDB01EFD1C881BDEB7B8BF04305F40402EE506AB195DBB89E09CB98

Function 00461CE4 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 0046227A

Part of subcall function 0046323D: __mtinitlocknum.LIBCMT ref: 0046324F
Part of subcall function 0046323D: __amsg_exit.LIBCMT ref: 0046325B
Part of subcall function 0046323D: EnterCriticalSection.KERNEL32(00000000,?,00464E54,0000000D), ref: 00463268

InterlockedDecrement.KERNEL32(00000000), ref: 0046228D
_free.LIBCMT ref: 004622A3

Part of subcall function 0045D646: RtlFreeHeap.NTDLL(00000000,00000000), ref: 0045D65A
Part of subcall function 0045D646: GetLastError.KERNEL32(00000000), ref: 0045D66C

__lock.LIBCMT ref: 004622BC
___removelocaleref.LIBCMT ref: 004622CB
___freetlocinfo.LIBCMT ref: 004622E4
_free.LIBCMT ref: 004622F7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 556454624-0
Opcode ID: 9df0484432a67de8240ea8c8d9d2ee98c9bba21a710338ad1286fc58c8396b15
Instruction ID: 91b7aee2d9029cf32220af31cd7ca88b65452e6977f58c487dfc33e9b6bf9e1b
Opcode Fuzzy Hash: 9df0484432a67de8240ea8c8d9d2ee98c9bba21a710338ad1286fc58c8396b15
Instruction Fuzzy Hash: 4801C031400B01FAEB306F65DA6A75A73A0AF00719F20859FF454662D1EFBC8980E95F

Function 004747C3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 0047480A
DName::operator+.LIBCMT ref: 00474811
DName::DName.LIBCMT ref: 00474833
DName::operator+.LIBCMT ref: 0047483A
DName::operator+.LIBCMT ref: 00474841

Strings

throw(, xrefs: 00474802, 0047482B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: c6d9eee7e8844c0f360e0b6f1792c4e72cc2738e786b59d9588e4177918acac0
Instruction ID: 1f155977238a1120919fc8ac32a1240b4a1713caf9c2389d332131adb83828ca
Opcode Fuzzy Hash: c6d9eee7e8844c0f360e0b6f1792c4e72cc2738e786b59d9588e4177918acac0
Instruction Fuzzy Hash: 4A018430A0020CAFDF04FB64D892EFE3BA4AB04308F10406AB1059B2A1EB7499458799

Function 004496EA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33timeCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004496F4
SetFileTime.KERNEL32(?,@/L,?,?,00000084,00441A50,?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0044970A

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00416910: __EH_prolog3.LIBCMT ref: 00416917

__CxxThrowException@8.LIBCMT ref: 00449750

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Strings

lJ, xrefs: 00449723
@/L, xrefs: 00449701, 00449706
dJ, xrefs: 00449735, 00449738

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$ExceptionException@8FileH_prolog3_RaiseThrowTime
String ID: @/L$dJ$lJ
API String ID: 2956807928-3790234748
Opcode ID: e048cbcfdae8c7ca85c66ab557d8396e47ebda0bd6044839127891684324d04c
Instruction ID: 4f968d0901fb261016ef6a77dc16ba74f83c660e7ca175533af5cb92d994887a
Opcode Fuzzy Hash: e048cbcfdae8c7ca85c66ab557d8396e47ebda0bd6044839127891684324d04c
Instruction Fuzzy Hash: 1BF01DB5900209EBDB00EF92CC45FDE777CFB14314F00815AF914A7141DB78AA15CB98

Function 00418089 Relevance: 9.2, APIs: 6, Instructions: 245COMMON

Download Yara Rule

APIs

Part of subcall function 00422F30: lstrcmpiW.KERNEL32(?,?,?,00418115,?,?,?,98A63EB4,?,?,?,?,?,004A2661,000000FF), ref: 00422F9F

CharNextW.USER32(00000000), ref: 004181D0
CharNextW.USER32(00000000), ref: 004181ED

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CharNext$lstrcmpi
String ID:
API String ID: 3586774192-0
Opcode ID: 75b86480ff2c86fd2d090e7e758453bfd5abd0492945ca745e44ec5188ac908d
Instruction ID: 6a41891641c1f6e907db44587bebe3775a3a591930b1439f5653ddd4b393185a
Opcode Fuzzy Hash: 75b86480ff2c86fd2d090e7e758453bfd5abd0492945ca745e44ec5188ac908d
Instruction Fuzzy Hash: F191A171900229DADB25CF14CC499EAB7B4EB18714F1500EFEA09A3240DB789ED5CFA9

Function 00480CE0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4), ref: 00480D2C
SetLastError.KERNEL32(004C2FA8,00000000,00000000,000000FF), ref: 00480D86
GetLastError.KERNEL32(00000008,00000006), ref: 00480DCA
SetLastError.KERNEL32(?,00000000,00000000,000000FF), ref: 00480E15

Strings

x/L, xrefs: 00480D1E
@/L, xrefs: 00480CE0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: @/L$x/L
API String ID: 1452528299-2858065147
Opcode ID: e961a0b0f9d055aa17c2c2ff96e24db3c7e7f9ecbe40eb67382e4c2da16102ce
Instruction ID: 87cbe82e4f6a84a4fc0e74222b28a6edac924dc311e6d795d9505ff1b75f8955
Opcode Fuzzy Hash: e961a0b0f9d055aa17c2c2ff96e24db3c7e7f9ecbe40eb67382e4c2da16102ce
Instruction Fuzzy Hash: D2419F71900219EFDB00DF95C944BAEBBF4FF08318F10466AE815AB7D0D7B9A905CB98

Function 004982E0 Relevance: 9.1, APIs: 6, Instructions: 93windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00498366
SelectPalette.GDI32(00000000,?,00000000), ref: 00498389
RealizePalette.GDI32(00000000), ref: 0049839D
CreateDIBitmap.GDI32(00000000,00490AAE,00000004,?,00490AAE,00000000), ref: 004983BF
SelectPalette.GDI32(00000000,00490AAE,00000000), ref: 004983D3
ReleaseDC.USER32(00000000,00000000), ref: 004983DC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Palette$Select$BitmapCreateRealizeRelease
String ID:
API String ID: 1213237138-0
Opcode ID: 5b15afb5b321e723f6070fe6d0f84394cd560d501ca0fa69a53005f137dd0ad7
Instruction ID: ff78eb9a913cebc5bb2bceec31f5aa190bdab4a5028c9e9516796416ac309b9a
Opcode Fuzzy Hash: 5b15afb5b321e723f6070fe6d0f84394cd560d501ca0fa69a53005f137dd0ad7
Instruction Fuzzy Hash: 4E318071200204EFEB208F59CC48B6A7FE8FB09714F04452EF959CB691D7B9E810DB94

Function 00415BA9 Relevance: 9.1, APIs: 6, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00415BB0
GetLastError.KERNEL32(00000004,00415B83,?,00000000,?,00000001), ref: 00415BD2
SetLastError.KERNEL32(?), ref: 00415C05
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00415C26
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000002,00000000,00000000,00000000), ref: 00415C4D
SetLastError.KERNEL32(?), ref: 00415C5B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$ByteCharMultiWide$H_prolog3
String ID:
API String ID: 1573742327-0
Opcode ID: f2d3b0cf66e7c967414c43329dad7f4141967efb014add3b33b19b5fffbd63df
Instruction ID: 0f8399f5b9376ae8944e464de6d227f6b76d96672a4cc19da16e8883afb6f630
Opcode Fuzzy Hash: f2d3b0cf66e7c967414c43329dad7f4141967efb014add3b33b19b5fffbd63df
Instruction Fuzzy Hash: F72135B5600205EFDB149F24D848B9ABBF8FF08305F10852EF9598B660C774EA90CB98

Function 00439345 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0043936D
GetLastError.KERNEL32(?,004392EC,?), ref: 0043937E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLastWindow
String ID:
API String ID: 3412209079-0
Opcode ID: d27f0231de802d445c3b072352a253c743c9f550ff1ce657ff39b1a739ef6d00
Instruction ID: e688a35ebf01f56fabc1fd3875367781bcaad1d41129e3fba9ba954d3712bcce
Opcode Fuzzy Hash: d27f0231de802d445c3b072352a253c743c9f550ff1ce657ff39b1a739ef6d00
Instruction Fuzzy Hash: B7115E752006019FD720AB16C844F2AB7E5AF4C714F15946EF856CB7B0DBB5EC009F49

Function 00464EBE Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00464EBE

Part of subcall function 00469D50: EncodePointer.KERNEL32(00000000,?,00464EC3,0045E4DC,004D1058,00000014), ref: 00469D53
Part of subcall function 00469D50: __initp_misc_winsig.LIBCMT ref: 00469D74

__mtinitlocks.LIBCMT ref: 00464EC3

Part of subcall function 0046338C: InitializeCriticalSectionAndSpinCount.KERNEL32(004D8080,00000FA0,?,?,00464EC8,0045E4DC,004D1058,00000014), ref: 004633AA

__mtterm.LIBCMT ref: 00464ECC
__calloc_crt.LIBCMT ref: 00464EF1
GetCurrentThreadId.KERNEL32 ref: 00464F1A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm
String ID:
API String ID: 1171689812-0
Opcode ID: 9ed9ff9c79525ccba196cb86994961807a4002e0fbb4ecb00196dcfda7a6676b
Instruction ID: 20af4970a0db3dc8a5f1186cb77c2bf6006b431b8befc4f1009f0620512e13c0
Opcode Fuzzy Hash: 9ed9ff9c79525ccba196cb86994961807a4002e0fbb4ecb00196dcfda7a6676b
Instruction Fuzzy Hash: 75F0963251A31119EE297B76BC026572684AF41B39B200B2FF464D61D2FF698941419F

Function 004381E1 Relevance: 9.0, APIs: 6, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003ED), ref: 00438201
EnableWindow.USER32(00000000), ref: 00438204
GetDlgItem.USER32(?,000003ED), ref: 0043821D
EnableWindow.USER32(00000000), ref: 00438220
GetDlgItem.USER32(?,000003ED), ref: 0043822E
SetFocus.USER32(00000000), ref: 00438231

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Item$EnableWindow$Focus
String ID:
API String ID: 864471436-0
Opcode ID: 521c9d7ff4334e20008520358b1e2aea969bce8bddf0d41c56acd09bcfa40655
Instruction ID: 98e4fc65aeec09a17ce24f06ce20b163942264de00335bed607774db40b71a55
Opcode Fuzzy Hash: 521c9d7ff4334e20008520358b1e2aea969bce8bddf0d41c56acd09bcfa40655
Instruction Fuzzy Hash: C7F0A731940704BBDB216BA2EC4DF5BBEADEB95712F014435F216950E0DBB49510CA54

Function 004314E3 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 004314ED

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

Part of subcall function 0042EA79: __EH_prolog3_GS.LIBCMT ref: 0042EA80

Strings

P/L, xrefs: 00431726, 00431729, 0043172D
PrereqEngine: , xrefs: 00431680
|-L, xrefs: 0043161B
@/L, xrefs: 0043150A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_H_prolog3_catch_
String ID: @/L$P/L$PrereqEngine: $|-L
API String ID: 1178870419-2914931958
Opcode ID: a8d650027d0ba58344cb67626ee904bca68d43b86af8dec93370246e911b16fe
Instruction ID: e1fab1a8d7f8bc83cc4d25d4c28cdd714708b1fcc9c5f65e0ec4b13bbffdab30
Opcode Fuzzy Hash: a8d650027d0ba58344cb67626ee904bca68d43b86af8dec93370246e911b16fe
Instruction Fuzzy Hash: 5E71B471A00155AFDB18EFA5CD55BDEB7B8AF04304F0042AFE41AB32A1DB746A44CF64

Function 0043C53C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 180memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043C546
SysAllocString.OLEAUT32(00000000), ref: 0043C567
SysFreeString.OLEAUT32(00000000), ref: 0043C720

Strings

lJ, xrefs: 0043C5A8
, xrefs: 0043C5FC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$AllocFreeH_prolog3_
String ID: $lJ
API String ID: 1289132702-3830903251
Opcode ID: a9f7806fc41fdd3714782a17db6baa41f19a5804f9d96d71a6059d43f9f75229
Instruction ID: ec6441d05a39f0ffc0adcb86b733734612cfa54150e513cac135d75922fbb199
Opcode Fuzzy Hash: a9f7806fc41fdd3714782a17db6baa41f19a5804f9d96d71a6059d43f9f75229
Instruction Fuzzy Hash: 53619170A00214DFCF14EFA8C9816AEB7B5BF09704F14606FE451BB291DB789D46CB99

Function 00424AC0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00424ACA

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Strings

@/L, xrefs: 00424C23
@/L, xrefs: 00424AE4
%20, xrefs: 00424C48
file://, xrefs: 00424AF0, 00424B01, 00424B34

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: %20$@/L$@/L$file://
API String ID: 852442433-164781276
Opcode ID: a74433919bca90608c782c00ed2b8671f920e515b1d50e76437220ef70aef861
Instruction ID: 1528c8e5819f77cde185752bd69a75e8e9a6e4fcefa1701a804399f640097435
Opcode Fuzzy Hash: a74433919bca90608c782c00ed2b8671f920e515b1d50e76437220ef70aef861
Instruction Fuzzy Hash: 3F619E70A00218EEDB14EBA1CC42BDDB7B8EF54718F5041AFE045B71D1DBB86A49CB69

Function 00431267 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00431271

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Part of subcall function 00404580: GetLastError.KERNEL32(98A63EB4,?,?,?,00000000,004ACAC8,000000FF,T4L,004050D6,00000000,00000001,000000FF), ref: 004045BE
Part of subcall function 00404580: SetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 0040461A

Part of subcall function 004034E0: GetLastError.KERNEL32 ref: 0040354B
Part of subcall function 004034E0: SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 004035B4
Part of subcall function 004034E0: SysFreeString.OLEAUT32(?), ref: 004036A6

Part of subcall function 00404640: GetLastError.KERNEL32 ref: 004046A7
Part of subcall function 00404640: SetLastError.KERNEL32(T4L,00000000,00000000,000000FF), ref: 0040470A
Part of subcall function 00404640: GetLastError.KERNEL32(00000000,00000000,000000FF,?,00000000,?,?), ref: 00404792
Part of subcall function 00404640: SysFreeString.OLEAUT32(?), ref: 004047AC
Part of subcall function 00404640: SysFreeString.OLEAUT32(?), ref: 004047BC

Part of subcall function 00448D7A: __EH_prolog3_GS.LIBCMT ref: 00448D81
Part of subcall function 00448D7A: RegQueryValueExW.KERNELBASE(?,?,00000000,00000008,00000000,@/L,0000005C,0041AB68,?,-80000001,?,?), ref: 00448DF6

Strings

T4L, xrefs: 0043146F
T4L, xrefs: 00431298
P/L, xrefs: 004312C2
[], xrefs: 004312B1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3_$QueryValue
String ID: P/L$T4L$T4L$[]
API String ID: 3993292288-649137697
Opcode ID: b6b7e1a41def31ab5f0c4c1ae1c42f3cf733ba18225d35173c3565cd8c40adae
Instruction ID: d76bb1c3bbeafd0692d2ed4f9c8c159ccc08e12f840e244448e537af8664d64f
Opcode Fuzzy Hash: b6b7e1a41def31ab5f0c4c1ae1c42f3cf733ba18225d35173c3565cd8c40adae
Instruction Fuzzy Hash: 6D515C71910258EEDB14EBA5CC41FEDB7B8AF14304F5040AEE509B71D2DBB86A48CF69

Function 0040A206 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040A210

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0040A22E
|-L, xrefs: 0040A26C
\, xrefs: 0040A24B
@/L, xrefs: 0040A3CB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
String ID: @/L$@/L$\$|-L
API String ID: 2488494826-1945259057
Opcode ID: 22d3c388608cdb7a4a68cac10a6beb75f6d18cb14ac02ea7c6156127ef3d3121
Instruction ID: a68700e8c92d30bc852636d4d0c0e4b585e1e741e8c94725aea4fe52d274327e
Opcode Fuzzy Hash: 22d3c388608cdb7a4a68cac10a6beb75f6d18cb14ac02ea7c6156127ef3d3121
Instruction Fuzzy Hash: 2A517B30910218DEDB14EBA1CC51BEEB778BF14304F1441AEE846B72D1DBB86A49CF56

Function 00440F17 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00440F1E
GetLastError.KERNEL32(00000048), ref: 00440F2A

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00457CBF: __EH_prolog3.LIBCMT ref: 00457CC6
Part of subcall function 00457CBF: GetLastError.KERNEL32(0000000C,00440F6F), ref: 00457CDE
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileW), ref: 00457CF5
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457CFC
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileMappingW), ref: 00457DAF
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457DB6
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,MapViewOfFile), ref: 00457E29
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457E30

Part of subcall function 00445FB9: GetModuleHandleW.KERNEL32(Advapi32.lib,IsTextUnicode), ref: 00445FCE
Part of subcall function 00445FB9: GetProcAddress.KERNEL32(00000000), ref: 00445FD5

WideCharToMultiByte.KERNEL32(?,00000240,?,?,?,?,004B6B30,?), ref: 00441005
GetLastError.KERNEL32 ref: 00441012

Strings

@/L, xrefs: 0044102D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc$H_prolog3$ByteCharMultiWide
String ID: @/L
API String ID: 731440430-3803013380
Opcode ID: 4c609ba3b0e932044a52b555b2cfd7786a584a054ad9bd51fc582c23e33af269
Instruction ID: 4ccc9405fa1d0ff21b8dea3ffeff9d778c02987faaa330ebfbda5f0824da2204
Opcode Fuzzy Hash: 4c609ba3b0e932044a52b555b2cfd7786a584a054ad9bd51fc582c23e33af269
Instruction Fuzzy Hash: 2D418BB1801108EFDF00EFE5C986AEE7B74AF15308F50446EF805A7252EBB95A4DC799

Function 00441078 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0044107F
GetLastError.KERNEL32(00000044), ref: 0044108B

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00457CBF: __EH_prolog3.LIBCMT ref: 00457CC6
Part of subcall function 00457CBF: GetLastError.KERNEL32(0000000C,00440F6F), ref: 00457CDE
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileW), ref: 00457CF5
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457CFC
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileMappingW), ref: 00457DAF
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457DB6
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,MapViewOfFile), ref: 00457E29
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457E30

Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileA), ref: 00457D4D
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457D54
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,CreateFileMappingA), ref: 00457DEA
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457DF1
Part of subcall function 00457CBF: GetModuleHandleW.KERNEL32(Kernel32,GetFileSize), ref: 00457E70
Part of subcall function 00457CBF: GetProcAddress.KERNEL32(00000000), ref: 00457E77
Part of subcall function 00457CBF: GetLastError.KERNEL32 ref: 00457E96

MultiByteToWideChar.KERNEL32(?,00000006,?,?,?,?), ref: 00441140
GetLastError.KERNEL32 ref: 0044114D

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

Strings

@/L, xrefs: 00441164

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc$H_prolog3$ByteCharMultiWide
String ID: @/L
API String ID: 2799633331-3803013380
Opcode ID: 1881188cdef8c54d2985bfeb54d225ea168fa36baf11cd68e7946a284e382de6
Instruction ID: 6d174138ddec6eafbbae5650927020fe4c4cdda27c0102c4e703617ed521e5d8
Opcode Fuzzy Hash: 1881188cdef8c54d2985bfeb54d225ea168fa36baf11cd68e7946a284e382de6
Instruction Fuzzy Hash: AD31AB70801109DFDB00EFA5C945BED7BB8EF14308F50446EF805A7362EB795A49CB55

Function 0042C535 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042C53C

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

SetWindowTextW.USER32(?,?), ref: 0042C611

Strings

T4L, xrefs: 0042C572
P/L, xrefs: 0042C56B
%s,%s,%s,%s,%s,%s, xrefs: 0042C5D7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_TextWindow
String ID: %s,%s,%s,%s,%s,%s$P/L$T4L
API String ID: 1521029078-449185663
Opcode ID: 3b0af938fc60b054702839d12fc549c013868f068eec0b6e43668b5e35d989f8
Instruction ID: f4a01a30335409e87c1402612f90d7242f43d1f19d236d3418f45e74084d0199
Opcode Fuzzy Hash: 3b0af938fc60b054702839d12fc549c013868f068eec0b6e43668b5e35d989f8
Instruction Fuzzy Hash: 23316CB0A00219DFDF14DF94D980A9EB7B8FF48309F14402AE906AB305D734FA45CBA9

Function 00442017 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00442021

Part of subcall function 00416831: __EH_prolog3.LIBCMT ref: 00416838

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00424632: __EH_prolog3.LIBCMT ref: 00424639

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00416CE9: __EH_prolog3.LIBCMT ref: 00416CF0

__CxxThrowException@8.LIBCMT ref: 004420E0

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Part of subcall function 004176D4: __EH_prolog3.LIBCMT ref: 004176DB

Strings

, xrefs: 0044209E
lJ, xrefs: 004420B3
dJ, xrefs: 00442079

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3$ErrorLast$FreeString$ExceptionException@8H_prolog3_catch_RaiseThrow
String ID: $dJ$lJ
API String ID: 1995314774-4228904431
Opcode ID: 753f76160d7d9ced7625b30c0a3fc515e5d9e3110751bde230e2d57ecff617d7
Instruction ID: 2cac7d60a1659bea1cbe3e71f3f451ce9cb96ef96a3828fbbf95e3a3f1390ee8
Opcode Fuzzy Hash: 753f76160d7d9ced7625b30c0a3fc515e5d9e3110751bde230e2d57ecff617d7
Instruction Fuzzy Hash: D831D770800258EADB00EBE1C955BDEBB78AF15348F44409FF94577282EBB85B4CC769

Function 0040DF46 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040DF50

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A206: __EH_prolog3_GS.LIBCMT ref: 0040A210

Strings

@/L, xrefs: 0040E031
@/L, xrefs: 0040DF6D
@/L, xrefs: 0040DF8A
., xrefs: 0040DFA8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$H_prolog3
String ID: .$@/L$@/L$@/L
API String ID: 532146472-1829882848
Opcode ID: 8d8bf9e253669bd19405ea7b936eea0e8939afdcffcef25982cd6151cc3b66da
Instruction ID: 3aaa0816592bffb927c1c55b48c1853e7177ff1124f314acb2e9864149553947
Opcode Fuzzy Hash: 8d8bf9e253669bd19405ea7b936eea0e8939afdcffcef25982cd6151cc3b66da
Instruction Fuzzy Hash: 66319E71A0021CEECB14EB95C891FDEB3B8AF05354F1041AEE446732D2DBB81A49CB59

Function 00444685 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044468C

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

@/L, xrefs: 004446B2
InstalledProductName, xrefs: 004446DB
@/L, xrefs: 0044476D
@/L, xrefs: 004446EE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$String$FreeH_prolog3_$AllocH_prolog3
String ID: @/L$@/L$@/L$InstalledProductName
API String ID: 1908522000-464250035
Opcode ID: d53af12adc3711ccc64909a7d02026cb695398372685e0dbfdaa329375a79684
Instruction ID: 4ce88fb489b31431c67c6434e6b4d49d01b104afd3fbd7af1a4c8fd3ffeb4cb2
Opcode Fuzzy Hash: d53af12adc3711ccc64909a7d02026cb695398372685e0dbfdaa329375a79684
Instruction Fuzzy Hash: 55316D7090020CDFDB10EFA5C981FDDBBB8AF54308F60406EE40567182DBB86A49CBA5

Function 00406060 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 004060C2
GetLastError.KERNEL32(98A63EB4,?,7591E010,00000000,00000000,?,004ACA98,000000FF,T4L,00404B04), ref: 004060ED
SetLastError.KERNEL32(?,00000004,00000000,000000FF), ref: 0040613E

Strings

T4L, xrefs: 00406060
T4L, xrefs: 004060E6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString
String ID: T4L$T4L
API String ID: 2425351278-3367740000
Opcode ID: a6b69ad884260e6fe1279f533801e44a3f4ab40c8d68d46f95a94baddbe35e48
Instruction ID: 629e363ae452715e4872db6da9b6f1349ee8222f95c2eceb5ad296e4585bfe0f
Opcode Fuzzy Hash: a6b69ad884260e6fe1279f533801e44a3f4ab40c8d68d46f95a94baddbe35e48
Instruction Fuzzy Hash: E7318CB5100605AFDB14CF05C984B56FBF8FF09724F10422EE81A9BA90DB79E919CB98

Function 00445E5F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00445E69

Part of subcall function 0043B19F: _memset.LIBCMT ref: 0043B1C8

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Part of subcall function 0040B51F: __EH_prolog3_GS.LIBCMT ref: 0040B529
Part of subcall function 0040B51F: GetModuleHandleW.KERNEL32(KERNEL32.DLL,00000274,0043AD95,?,00000000), ref: 0040B54C
Part of subcall function 0040B51F: GetProcAddress.KERNEL32(00000000,GetSystemWindowsDirectoryW), ref: 0040B560

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Strings

Kernel32.dll, xrefs: 00445E84
Z, xrefs: 00445F3E
@/L, xrefs: 00445EBB
d]K, xrefs: 00445F51

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$ErrorLast$AddressH_prolog3HandleModuleProc_memset
String ID: @/L$Kernel32.dll$Z$d]K
API String ID: 1928657999-3552983298
Opcode ID: ea417fe89acf36d76c13eeaa8c77a4de6e93df75265e5ee2f1e517cba61ff8e9
Instruction ID: cf6786969702b16d9ab89bc759fdb6fa891230425e7a63acc45e68e3e3330f35
Opcode Fuzzy Hash: ea417fe89acf36d76c13eeaa8c77a4de6e93df75265e5ee2f1e517cba61ff8e9
Instruction Fuzzy Hash: BE21A03180021C9EDB54EBA1CC92BDD7378AF11348F5080EEE649A7192DFB85B8DCB59

Function 0042E638 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0042E63F

Part of subcall function 0042A559: __EH_prolog3_GS.LIBCMT ref: 0042A560

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Strings

T4L, xrefs: 0042E695
P/L, xrefs: 0042E6F9
T4L, xrefs: 0042E6CE
P/L, xrefs: 0042E6F1

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3_String
String ID: P/L$P/L$T4L$T4L
API String ID: 2608676048-673155060
Opcode ID: 34769bdbd17288f9b187b0de44e4f3ee3bbee69823220b28ae765076dae3336f
Instruction ID: 41ab91050ac571f607761228635aadb25f44560ff2b13d81e0a4351a069aad8b
Opcode Fuzzy Hash: 34769bdbd17288f9b187b0de44e4f3ee3bbee69823220b28ae765076dae3336f
Instruction Fuzzy Hash: 5E210A75E00219DFCB18EFAAD881ADDBBB4FF48304F60812EE415A7242DB749944CF58

Function 00411846 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00411850
IsWindow.USER32(?), ref: 0041186C

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

SendMessageW.USER32(?,00001074,?,?), ref: 00411911
SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 0041191C

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 00411898

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3_MessageSendString$Window
String ID: @/L
API String ID: 2791905285-3803013380
Opcode ID: 3cedaffb465134b779036b10a0e75ce7b998d30634b62b3286c912cf0eed8af3
Instruction ID: 12518d9f41e52af1591d8649f7039d0d8875e44d4071d6e35b2d9060ab8ff554
Opcode Fuzzy Hash: 3cedaffb465134b779036b10a0e75ce7b998d30634b62b3286c912cf0eed8af3
Instruction Fuzzy Hash: A8218374D00218EBCB20EFA1CC81ADEBB78AF59314F10416FE915A3291DB749985CB64

Function 0041075B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00410762

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

GetDlgItem.USER32(?,00000009), ref: 0041080E
EnableWindow.USER32(00000000), ref: 00410815

Strings

P/L, xrefs: 004107BF, 004107C2
T4L, xrefs: 0041077D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last$EnableItemWindow
String ID: P/L$T4L
API String ID: 3351711136-1441100843
Opcode ID: 80099bf43ed76395b9d3c0e38b4b1092d2807debf15ad943e91290ebf2f91982
Instruction ID: 92aafb0a12a64cd0c720c3678079f4b25f9e2631f54a8c95f635e59e36f6dbd3
Opcode Fuzzy Hash: 80099bf43ed76395b9d3c0e38b4b1092d2807debf15ad943e91290ebf2f91982
Instruction Fuzzy Hash: F021C870901104DFCB08EBE4D855ADE77B8AB19308F14406FE101A7292DB789949CBAD

Function 004390E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetPropW.USER32(?,This), ref: 004390F9
GetWindowLongW.USER32(?,000000F4), ref: 0043913B
GetSysColor.USER32(00000005), ref: 0043915C
SetBkColor.GDI32(?,00000000), ref: 00439166
SetPropW.USER32(?,This,?), ref: 004391D8
RemovePropW.USER32(?,This), ref: 004391FD
DefWindowProcW.USER32(?,?,?,?), ref: 0043920F

Strings

This, xrefs: 004390F3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Prop$ColorWindow$LongProcRemove
String ID: This
API String ID: 1744480154-1591487769
Opcode ID: 6daab33f45359e3d3e223e2fa8aa0b52895a46a2103faf114659f214a8c6f608
Instruction ID: 7e6c8b6f070356f6548fe97aad1e5ffc2959d9617391469b22c43f7681fd9779
Opcode Fuzzy Hash: 6daab33f45359e3d3e223e2fa8aa0b52895a46a2103faf114659f214a8c6f608
Instruction Fuzzy Hash: 5701A2391045067BEF285F59DD4C9773B28EB0E321F14191BF926E27E18AB99C408A28

Function 004655CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 004655E3

Part of subcall function 00465CC5: ___AdjustPointer.LIBCMT ref: 00465D0E

_UnwindNestedFrames.LIBCMT ref: 004655FA
___FrameUnwindToState.LIBCMT ref: 0046560C
CallCatchBlock.LIBCMT ref: 00465630

Strings

.ZF, xrefs: 004655EF, 004655E0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID: .ZF
API String ID: 2633735394-309977987
Opcode ID: 2f1fa3ba8d70241b2f2e5c4a20c78a85ef59c472543cd984938a00c080775d32
Instruction ID: 9df4bb594ba8ab9e53586d2ba8fc2de2e45928ed4bf921fec758b8966dfb1063
Opcode Fuzzy Hash: 2f1fa3ba8d70241b2f2e5c4a20c78a85ef59c472543cd984938a00c080775d32
Instruction Fuzzy Hash: 58016D32000509BBCF129F55CC05EDA3B76FF48754F00401AF91861121D739E561DF99

Function 00415C6B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00415C72
__ltow_s.LIBCMT ref: 00415CAA
SetLastError.KERNEL32(00000000,?,00000000,00000001), ref: 00415CD9

Strings

T4L, xrefs: 00415C9E, 00415CB8, 00415CA3, 00415CBB
T4L, xrefs: 00415C88

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last__ltow_s
String ID: T4L$T4L
API String ID: 2344196725-3367740000
Opcode ID: ce8571a7f45c33a6dc205b5f7dfbe96753ea443827b73530ae3ad932b8f79a73
Instruction ID: 75c9b1489ebe3ba8daf5c5e16b76b1339e5cbcf910cdae0d049cc33581855a00
Opcode Fuzzy Hash: ce8571a7f45c33a6dc205b5f7dfbe96753ea443827b73530ae3ad932b8f79a73
Instruction Fuzzy Hash: 6801B175800208EBDB11EF91C841DDEBBB9EF48318F04411EF9156B241DB799648CB98

Function 0041992F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00419956
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00419966

Part of subcall function 0041FFBE: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00419946,?,?), ref: 0041FFD0
Part of subcall function 0041FFBE: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 0041FFE0

Strings

Advapi32.dll, xrefs: 00419951
RegDeleteKeyExW, xrefs: 00419960

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.dll$RegDeleteKeyExW
API String ID: 1646373207-2191092095
Opcode ID: 98a83dec90ec41d81bd412a0a98b450627653b02796f9c1216922e5379c6364e
Instruction ID: 902e33575af748e3db428ed96261716dfc2668b29adcdf146d10b84daccf405a
Opcode Fuzzy Hash: 98a83dec90ec41d81bd412a0a98b450627653b02796f9c1216922e5379c6364e
Instruction Fuzzy Hash: CB01A274225204EBDF214F52EC51BD57FA4EB05740B10003FF446D6360C6B68CC19B9E

Function 004AD020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 004AD033
SysFreeString.OLEAUT32 ref: 004AD04F
SysFreeString.OLEAUT32(00000000), ref: 004AD082
SetLastError.KERNEL32(00000000), ref: 004AD0B2

Strings

@/L, xrefs: 004AD024, 004AD02D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID: @/L
API String ID: 3822639702-3803013380
Opcode ID: bc9d888e813814a8b604d3ef3019b5dff5942de5106ead92d7a24d24495f09ed
Instruction ID: 2f33e07fc9b6c7b70261af2d5168667edc93356a4bb56aae989d04b228a06726
Opcode Fuzzy Hash: bc9d888e813814a8b604d3ef3019b5dff5942de5106ead92d7a24d24495f09ed
Instruction Fuzzy Hash: B1015A7141A010DFCB04AF65EC49A887BE8FB09319B41417BE805E3273DB366C26CB5D

Function 00451DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00451DAA
SetFileAttributesW.KERNEL32(0000000E,?,00000084,00451154,00000000,00000000,?,80000000,00000001,00000080,00000001,00000000,00000000), ref: 00451DC1
__CxxThrowException@8.LIBCMT ref: 00451E04

Strings

dJ, xrefs: 00451DE9, 00451DEC
lJ, xrefs: 00451DD7

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AttributesException@8FileH_prolog3_Throw
String ID: dJ$lJ
API String ID: 5089079-817211891
Opcode ID: 41e7a238c7ecfbe5315c19f18e995ac1ab5d8351cdeecfa97522fa3508601ba9
Instruction ID: 58dc865b074bbdbfdd0d69d1d0f7c95722a4cb58a5495478cdf2ccf39dcc0725
Opcode Fuzzy Hash: 41e7a238c7ecfbe5315c19f18e995ac1ab5d8351cdeecfa97522fa3508601ba9
Instruction Fuzzy Hash: 7CF0E7B5910218EBCB00EF92C849B9E7778FF1130AF40405AE915AB152DB78AA48CB99

Function 00450E91 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00450E9B
GetFileAttributesW.KERNEL32(00000000,00000084,00451BE3,?,000002E0,0048B00C,?,00000001), ref: 00450EAF
__CxxThrowException@8.LIBCMT ref: 00450EF4

Strings

lJ, xrefs: 00450EC7
dJ, xrefs: 00450EC0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AttributesException@8FileH_prolog3_Throw
String ID: dJ$lJ
API String ID: 5089079-817211891
Opcode ID: 1c73e8639b962ad6ca58fddde0dbc2f073ca1687fbcd31334ec6080d6452068c
Instruction ID: ffae53588641cf7c41be7d381b956b5c16ae4c834ca872dedd5057a05e3e7f97
Opcode Fuzzy Hash: 1c73e8639b962ad6ca58fddde0dbc2f073ca1687fbcd31334ec6080d6452068c
Instruction Fuzzy Hash: C2F06DB0810208DBCB10EBA1CC4AB9E7778BF11319F60459AE554A7192DB78AA48CB98

Function 0044A300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,0044A209), ref: 0044A313
GetProcAddress.KERNEL32(00000000), ref: 0044A31A
GetCurrentProcess.KERNEL32(00000000,?,?,?,0044A209), ref: 0044A32A

Strings

kernel32, xrefs: 0044A30E
IsWow64Process, xrefs: 0044A309

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32
API String ID: 4190356694-3789238822
Opcode ID: cd45caf602d2a6247137919ef74e8e603cd873b69f0d460b58ffe72d33558a16
Instruction ID: 3aa68ca420b248d80ddc3eaab1b136185529c8bbfc48f43d21bb5d53c2e2ea19
Opcode Fuzzy Hash: cd45caf602d2a6247137919ef74e8e603cd873b69f0d460b58ffe72d33558a16
Instruction Fuzzy Hash: 89E04F72C52328ABDF109BF19D0DBCE7AACAB05752B114966A801E7140D67899008BA8

Function 0041D0ED Relevance: 7.6, APIs: 5, Instructions: 121COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,00000000,?,?,?,?,004180FA,?,98A63EB4,?,?,?,?,?,004A2661), ref: 0041D128
CharNextW.USER32(?,?,?,00000000,?,?,?,?,004180FA,?,98A63EB4), ref: 0041D1AE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: e90fe34de0c56ef539260235f840a89aeb828c0f6892347de83d64bf835d2955
Instruction ID: 5b03f7e7b6dc4165ddfde88aad88aea70e2b03ac8d79821d352ebacc75d9c403
Opcode Fuzzy Hash: e90fe34de0c56ef539260235f840a89aeb828c0f6892347de83d64bf835d2955
Instruction Fuzzy Hash: AB41D6B5A00206EFCB108F68C8845AAB7F5FF683457A4456FE985D7304E7789D80CB58

Function 00480F50 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,7529E860), ref: 00480F9C
SetLastError.KERNEL32(004C2F90,00000000,00000000,000000FF), ref: 00480FFC
GetLastError.KERNEL32(00000000,00000000,000000FF), ref: 0048102A
SetLastError.KERNEL32(?,?,00000000,000000FF), ref: 00481078

Strings

l4L, xrefs: 00480F8E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: l4L
API String ID: 1452528299-2060195098
Opcode ID: 79fc543036252c0c8e3de6248878ec804bba5005fc6c93011606ff59a977e6ee
Instruction ID: f820ac7b94b0dd66d1845ddc3e8f71694ff784bb10c4c77703a22b291f2c1c09
Opcode Fuzzy Hash: 79fc543036252c0c8e3de6248878ec804bba5005fc6c93011606ff59a977e6ee
Instruction Fuzzy Hash: CD414E759002089FDB10DF95C954B9EBBB4FF48328F20462EE815A7790DBB9A905CF98

Function 004142CB Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004142EF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004142FD
GetTickCount.KERNEL32 ref: 00414307
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414326
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041434F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CountTick
String ID:
API String ID: 404621862-0
Opcode ID: f4bc687d1110c110fb7360082256821c0f0a303b3c03fa378aa55a52a6154090
Instruction ID: 2883a0e806b46b5af5fe376a5d6804c938433d3231752d4f6cc73808c672cf93
Opcode Fuzzy Hash: f4bc687d1110c110fb7360082256821c0f0a303b3c03fa378aa55a52a6154090
Instruction Fuzzy Hash: D0215871200305AFEB258F25C881F6B77B9EF84715F10461EA9128B2A1C739AC55CBA4

Function 00415D9D Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00415DA4
GetLastError.KERNEL32(00000004,00416E97,?,?,?,00000000), ref: 00415DCC
SetLastError.KERNEL32(00000000), ref: 00415DF1
SysStringLen.OLEAUT32(00000000), ref: 00415E0E
SetLastError.KERNEL32(?,00000000,00000000,00000001), ref: 00415E3A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3String
String ID:
API String ID: 2160793888-0
Opcode ID: d517fdbc2243c532d8e67b05f02769ec25b5c23ea0d15799a9168d4e0643caa1
Instruction ID: 396adce6e6fbb270940b12cd01ddca4a5a44da954095b05863c7fa30c8363c18
Opcode Fuzzy Hash: d517fdbc2243c532d8e67b05f02769ec25b5c23ea0d15799a9168d4e0643caa1
Instruction Fuzzy Hash: C3216A75600606DFCB00DF25C948B9ABBB5FF84325F04C65AEC14973A2CBB4E960CB94

Function 00464511 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

__amsg_exit.LIBCMT ref: 0046453E
__lock.LIBCMT ref: 0046454E
InterlockedDecrement.KERNEL32(?), ref: 0046456B
_free.LIBCMT ref: 0046457E
InterlockedIncrement.KERNEL32(0055D748), ref: 00464596

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock_free
String ID:
API String ID: 1231874560-0
Opcode ID: 782937fa79cac46c835b847dfa571ed9465c5c9dd96271b5550134f1aa65a5b8
Instruction ID: bf1fdb13fa441d3b5f7d7b808489ece3e24e0431c18f9873cc060b2ebeaba5c1
Opcode Fuzzy Hash: 782937fa79cac46c835b847dfa571ed9465c5c9dd96271b5550134f1aa65a5b8
Instruction Fuzzy Hash: DE01C031901621ABDF21AB96980676E7764BF81728F05011FE911A7381EB3C6941CFCF

Function 00461CE9 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00464D84: __getptd_noexit.LIBCMT ref: 00464D85
Part of subcall function 00464D84: __amsg_exit.LIBCMT ref: 00464D92

__calloc_crt.LIBCMT ref: 00462332

Part of subcall function 00469F4C: __calloc_impl.LIBCMT ref: 00469F5B
Part of subcall function 00469F4C: Sleep.KERNEL32(00000000,?,00464DC4,00000001,000003BC), ref: 00469F72

__lock.LIBCMT ref: 00462368
___addlocaleref.LIBCMT ref: 00462374
__lock.LIBCMT ref: 00462388
InterlockedIncrement.KERNEL32(?), ref: 00462398

Part of subcall function 0045D506: __getptd_noexit.LIBCMT ref: 0045D506

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl
String ID:
API String ID: 2144732038-0
Opcode ID: 3b804aec16b2c4d5b431872ab7c0007534d1df999f4367e51c0938a159ff34e9
Instruction ID: 6c1296e15dd3d7cec33572ec4da61334e12c45d9ee9fb5c6581632bde4754d6d
Opcode Fuzzy Hash: 3b804aec16b2c4d5b431872ab7c0007534d1df999f4367e51c0938a159ff34e9
Instruction Fuzzy Hash: 23014C31500741FAEB20BFB6D906B5C7BA0AF44729F20455FF8549B2D2EBBC49809B5B

Function 00495190 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,0049569A,98A63EB4), ref: 004951A0
SetLastError.KERNEL32(?), ref: 004951D0
GetLastError.KERNEL32 ref: 004951E4
SetLastError.KERNEL32(?), ref: 00495214

Strings

x/L, xrefs: 004951D6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: x/L
API String ID: 1452528299-3369456940
Opcode ID: 2c0356588e6b2b73322a8590bf25a31072e6d38a63a135457447cc9c1b18425d
Instruction ID: a06e00c6071701050331629b83cba3710f8a47ae2c54fb01fb9eb1a37d996d6d
Opcode Fuzzy Hash: 2c0356588e6b2b73322a8590bf25a31072e6d38a63a135457447cc9c1b18425d
Instruction Fuzzy Hash: 20214BB4501281CFDB94DF29C9C87043FE5BB09324B2183A9AC288F2EAD7B5C855DF44

Function 00449C69 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00449C73

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00433E81: __EH_prolog3_GS.LIBCMT ref: 00433E88

Part of subcall function 00408EF3: __EH_prolog3.LIBCMT ref: 00408EFA
Part of subcall function 00408EF3: GetLastError.KERNEL32(00000004,0040AAE9,?,004492B4,00000098,?,00000000,?,?,?,0040A496,004C2FA0,00000000,00000002,0000003A,00000001), ref: 00408F1C
Part of subcall function 00408EF3: SetLastError.KERNEL32(?,00000000,004492B4,00000098,00000000,?,004492B4,00000098,?,00000000,?,?,?,0040A496,004C2FA0,00000000), ref: 00408F5D

Part of subcall function 00413C81: __EH_prolog3_GS.LIBCMT ref: 00413C88

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 00449E13
@/L, xrefs: 00449F27
@/L, xrefs: 00449E63

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$FreeH_prolog3String
String ID: @/L$@/L$@/L
API String ID: 888054269-1531812684
Opcode ID: 0967a79a6c875069f9bb98af31d8a3bdd0ef66026f9d38307025a5e17ff3938b
Instruction ID: 25368a2cf1d057b32843f9f1438c65d892e9a7fe7a3782f85ba25ed49c8d758e
Opcode Fuzzy Hash: 0967a79a6c875069f9bb98af31d8a3bdd0ef66026f9d38307025a5e17ff3938b
Instruction Fuzzy Hash: B3815E7180021CAADB14EBA0CC81FDEB778AF14308F54419EE555B7192EBB85F89CBA5

Function 0044E60F Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044E619
GetLastError.KERNEL32 ref: 0044E85F

Strings

@/L, xrefs: 0044E724
@/L, xrefs: 0044E841

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: @/L$@/L
API String ID: 1018228973-2149722323
Opcode ID: c0fba4a04b3eb5e47eed062ff1890e3c260f7a324c3430feb1ed01e8bdc5bde2
Instruction ID: 96d107957e89ee672848440bf88a5f81ff19480339046cbe6f3af3f1dd4e001a
Opcode Fuzzy Hash: c0fba4a04b3eb5e47eed062ff1890e3c260f7a324c3430feb1ed01e8bdc5bde2
Instruction Fuzzy Hash: 0D81E771800158DEDF15EF65C985BEDBBB8BF14304F4440EFE849A7282DB789A88CB65

Function 00490930 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 004909A4
__wcsnicmp.LIBCMT ref: 00490A65

Strings

.gif, xrefs: 0049099E
.bmp, xrefs: 00490A5F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: __wcsnicmp
String ID: .bmp$.gif
API String ID: 1038674560-4134359634
Opcode ID: d5ee4679ab97b95a357d9a7390bc0dde59ce169020835a5af1e112e83ac73baa
Instruction ID: 23337b657ad670b4955280bc9165c19bba8a9d854e1dc5dde6e5a49d25f5db86
Opcode Fuzzy Hash: d5ee4679ab97b95a357d9a7390bc0dde59ce169020835a5af1e112e83ac73baa
Instruction Fuzzy Hash: 20518F72A00200DFDB14DF29C984B5A7BF1FF58314F10456EE95A8B392D73AE905CB95

Function 004421BF Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 151COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004421C6

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00441E34: __EH_prolog3_GS.LIBCMT ref: 00441E3E

Strings

@/L, xrefs: 00442351
*.*, xrefs: 0044223A, 004422BB
@/L, xrefs: 004421F9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$H_prolog3_
String ID: *.*$@/L$@/L
API String ID: 2324316964-697157344
Opcode ID: b89772573b62145f0777bee0590159fd1788d493a0302619d7666249e8ea5885
Instruction ID: 89f30ae774d1c92cc3312d47f784a4ea73d75d711fb3758fd06acb861d4ef3b0
Opcode Fuzzy Hash: b89772573b62145f0777bee0590159fd1788d493a0302619d7666249e8ea5885
Instruction Fuzzy Hash: 9E51CAB1D10108ABEB00EFA5C542BDDBBB8AF15348F54005FF9056B291D7FA4A45C7DA

Function 004140D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004140DA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414258

Strings

@/L, xrefs: 0041419D
@/L, xrefs: 004142A5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: @/L$@/L
API String ID: 2661724416-2149722323
Opcode ID: 010051b95e52cc9f31f9e3f2c4232809ef80d1b7be815cddf62bbc1fd090fe65
Instruction ID: 7f8b69b7c0cfc839a46880284997a531e60b82fb44abd950f79b84a05636c143
Opcode Fuzzy Hash: 010051b95e52cc9f31f9e3f2c4232809ef80d1b7be815cddf62bbc1fd090fe65
Instruction Fuzzy Hash: 3F514B71A00218EFDB14DFA5DC41BDDB7B9BB58704F1084AEE509B7281DB74AA88CF64

Function 004248A5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004248AF

Part of subcall function 00415AF8: __EH_prolog3_GS.LIBCMT ref: 00415AFF
Part of subcall function 00415AF8: GetLastError.KERNEL32(0000003C,00487419,?,?,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B2A
Part of subcall function 00415AF8: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B5B

Strings

@/L, xrefs: 00424A44
@/L, xrefs: 00424AAA
@/L, xrefs: 00424981

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: @/L$@/L$@/L
API String ID: 1018228973-1531812684
Opcode ID: b55943291a1b722df0f903709b589127d1e89bf95f8151ed7b0178f66e6176d3
Instruction ID: 47cef3b0f5a60dd72e808ae00f6117344c4aae0cf94f65d0ddd0526fbf07d1bc
Opcode Fuzzy Hash: b55943291a1b722df0f903709b589127d1e89bf95f8151ed7b0178f66e6176d3
Instruction Fuzzy Hash: 4251B770A403289EDB24DFA4CC96BDE7774AF44314F94029FE559721D2DBB81AC4CB19

Function 00441457 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044145E
GetLastError.KERNEL32 ref: 00441519

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00441E34: __EH_prolog3_GS.LIBCMT ref: 00441E3E

Part of subcall function 0044238A: __EH_prolog3.LIBCMT ref: 00442391

Strings

@/L, xrefs: 00441497
@/L, xrefs: 004415B2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: @/L$@/L
API String ID: 852442433-2149722323
Opcode ID: bf9afd445f15f19953a741b8cdb128b51578d59a9891685d1b54b30155036a61
Instruction ID: ca7dc6c868d018f54e1714aac4ffb2e93b6abd56c175b53e8142f67364613833
Opcode Fuzzy Hash: bf9afd445f15f19953a741b8cdb128b51578d59a9891685d1b54b30155036a61
Instruction Fuzzy Hash: 9D41B9B1801208ABEB01FFA5C942ADE7B689F11348F54005FFC0A57292EB799749C7DA

Function 004494E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004494EB

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00446730: FindResourceExW.KERNEL32(?,00000006,?,?,?,00000000,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 0044674F

SetDlgItemTextW.USER32(?,?,?), ref: 004495F1

Strings

@/L, xrefs: 00449554
@/L, xrefs: 00449519

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FindH_prolog3_ItemResourceText
String ID: @/L$@/L
API String ID: 3193201603-2149722323
Opcode ID: 61775e02b86d4fc196a0079a0078e1fc1635a5cb9fdb3f55c74c0a56bf59e588
Instruction ID: 83d4a2b31712f25d30c36e18ce140b205fce767b9fc0766cb3e08890c8e9a973
Opcode Fuzzy Hash: 61775e02b86d4fc196a0079a0078e1fc1635a5cb9fdb3f55c74c0a56bf59e588
Instruction Fuzzy Hash: 8441FBB2D04219EBEF11DFE1C881ADF7BB8BF14354F24402EE911A3242EB759909DB55

Function 004411E1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004411E8

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004470DB: __EH_prolog3.LIBCMT ref: 004470E2

GetLastError.KERNEL32 ref: 00441246

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

Strings

@/L, xrefs: 0044122A
@/L, xrefs: 004412CB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3$ErrorLast
String ID: @/L$@/L
API String ID: 1123136255-2149722323
Opcode ID: c0066bf9f0f1ec94e96a2fbe5f40eeae9e5905034624bfd7144c070f86690cf8
Instruction ID: 89c8dd2ae1046a31f8cf59a7c06f84b172a8825f62a3a02bc19f017da8567411
Opcode Fuzzy Hash: c0066bf9f0f1ec94e96a2fbe5f40eeae9e5905034624bfd7144c070f86690cf8
Instruction Fuzzy Hash: 0831BBB1401104ABEB40FF66C942ADE7B689F11358F54006FFC169B2A2EF794B4AC7D9

Function 0040CBA2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0040CBA9

Strings

@/L, xrefs: 0040CCAB
@/L, xrefs: 0040CBF6
@/L, xrefs: 0040CBC0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: @/L$@/L$@/L
API String ID: 1329019490-1531812684
Opcode ID: 88ebc016f4f5e857a3e10250d7fd51b172b204ab61d1e185377d75d2130865dd
Instruction ID: ab691274893ebf0844c0e0d1ad410fcec29b29683fd2bd70487116ea5d299ff9
Opcode Fuzzy Hash: 88ebc016f4f5e857a3e10250d7fd51b172b204ab61d1e185377d75d2130865dd
Instruction Fuzzy Hash: 66316FB0904208DBEF14DF95CA95A9E77B8EF54704F10413FF805AB285E778AE058B69

Function 00448201 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044820B

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

Part of subcall function 0043EA24: __EH_prolog3.LIBCMT ref: 0043EA2B

GetLastError.KERNEL32(00000000,?), ref: 00448336

Part of subcall function 00456844: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00456862

Part of subcall function 0043F4EF: __EH_prolog3_GS.LIBCMT ref: 0043F4F6

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Part of subcall function 0045694B: __EH_prolog3.LIBCMT ref: 00456952

Strings

@/L, xrefs: 0044822F
MODULEPATH, xrefs: 00448297, 00448302

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3$FreeH_prolog3_String$CreateFile
String ID: @/L$MODULEPATH
API String ID: 2148655774-1165621402
Opcode ID: 5e5df2846205fcb4b8809396a015955ad357ccb4a0fd4ef940c2332eb31618b3
Instruction ID: a39fe0fc4e1563b36d0505ab6326b35323791632e0ca0553d56d5292fb730f37
Opcode Fuzzy Hash: 5e5df2846205fcb4b8809396a015955ad357ccb4a0fd4ef940c2332eb31618b3
Instruction Fuzzy Hash: DE41A670501248DEDB01EFA1C861AED7778AF28348F4440AFFD1597182EF789B49CB59

Function 0045264F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00452656

Part of subcall function 00452135: __EH_prolog3.LIBCMT ref: 0045213C
Part of subcall function 00452135: GetLastError.KERNEL32(00000004,00452674,00000004,00000001,0000003C,00452BE2,?,00000000,00000000,00000000,00452D7F,00000000,00000001), ref: 00452164
Part of subcall function 00452135: SetLastError.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00452190

_Find_unchecked1.LIBCPMT ref: 0045269B
SysStringLen.OLEAUT32(004522F2), ref: 0045274C

Strings

;, xrefs: 00452694

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$Find_unchecked1String
String ID: ;
API String ID: 637338078-1661535913
Opcode ID: 4b5f2109a4cfafca856feffcd59ac57aade2a2f942d3a31ace33901e6914069a
Instruction ID: 158181cd351aca08523b2fc94ea085efbae1f9dd9860d670ed74b22edaea46a9
Opcode Fuzzy Hash: 4b5f2109a4cfafca856feffcd59ac57aade2a2f942d3a31ace33901e6914069a
Instruction Fuzzy Hash: 1531C531904208ABDF14EF65C941BEE77B5EF19305F10801BEC51A7392EBB89A4DCB59

Function 00461C77 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsnlen.LIBCMT ref: 00461C8A

Strings

U, xrefs: 00461C93

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _wcsnlen
String ID: U
API String ID: 3628947076-3372436214
Opcode ID: b9cef963797d3e89b00ae17040699aaf0b65a0a6e5ac53caffa627e3ce68c861
Instruction ID: bfaf07546c89a384e350f226fff88b7f7ebcadbe1a641ab05e700740bab58351
Opcode Fuzzy Hash: b9cef963797d3e89b00ae17040699aaf0b65a0a6e5ac53caffa627e3ce68c861
Instruction Fuzzy Hash: F02105322042086EEB049BA59C41FBF33ECDB45365F14046BF909C62A1FB78DD40869E

Function 00414905 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041490F
CreateDialogIndirectParamW.USER32(?,00000000,?,?,?), ref: 00414A10

Strings

MS Sans Serif, xrefs: 00414967
@/L, xrefs: 00414976

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CreateDialogH_prolog3_IndirectParam
String ID: @/L$MS Sans Serif
API String ID: 2249790658-1405392024
Opcode ID: e74a179f1cde51984c56fb91bc04bde9db33032d3706bad77dfb32ba41f80360
Instruction ID: 52fb60251a7ffe828c46daecbe5eb3af03773a261b3c7b63d1d1446236159fcf
Opcode Fuzzy Hash: e74a179f1cde51984c56fb91bc04bde9db33032d3706bad77dfb32ba41f80360
Instruction Fuzzy Hash: B9317E70900219DFDB10EFA5C941BEDBBB4BF14318F10009EF85473282DB385A48DBA5

Function 0040D57E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040D588
DialogBoxIndirectParamW.USER32(?,00000000,?,?,?), ref: 0040D67E

Strings

@/L, xrefs: 0040D5E7
MS Sans Serif, xrefs: 0040D5D8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: DialogH_prolog3_IndirectParam
String ID: @/L$MS Sans Serif
API String ID: 1500191164-1405392024
Opcode ID: 651f1df24f56bfd1744395bf788dab6bf8e9b69c0575406befba744741c2f046
Instruction ID: 6c97f12c2579d663ac2fa2d2ae49c1a787b4e135a5e0fd399ed3c0006abe2c68
Opcode Fuzzy Hash: 651f1df24f56bfd1744395bf788dab6bf8e9b69c0575406befba744741c2f046
Instruction Fuzzy Hash: 1B316D70800219EBDF10EFA5C845BADBBB4BF14318F1040AEF85577282DB799A18DFA5

Function 0040A3F4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040A3FB

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Strings

@/L, xrefs: 0040A4D5
@/L, xrefs: 0040A419
\, xrefs: 0040A45A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_
String ID: @/L$@/L$\
API String ID: 3339191932-1296846978
Opcode ID: 13cb6acd5d0ee773631869928c03776bd5578a3885ba8edb4803c8e51d73591f
Instruction ID: 306ac0c9b03c69df38530ff60417970c5a4f7d0040f34b3fa8105968ae412025
Opcode Fuzzy Hash: 13cb6acd5d0ee773631869928c03776bd5578a3885ba8edb4803c8e51d73591f
Instruction Fuzzy Hash: 15317371500208EADB15EFA5C955EDEB378AF14348F14412FF412B72C2DBB85A0ACF5A

Function 00448902 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00448909

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040A0F0: SysStringLen.OLEAUT32(?), ref: 0040A0FD
Part of subcall function 0040A0F0: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 0040A117

RegEnumValueW.ADVAPI32(@/L,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000105,00000058,0044855C,?), ref: 004489A2

Part of subcall function 00409574: __EH_prolog3_GS.LIBCMT ref: 0040957B
Part of subcall function 00409574: GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
Part of subcall function 00409574: SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

@/L, xrefs: 0044895E
@/L, xrefs: 00448938, 004489DF, 0044899F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_String$AllocCloseEnumHandleModuleValue
String ID: @/L$@/L
API String ID: 705673673-2149722323
Opcode ID: 47444105dc51eae271228f2752207a39b4515bd285bde9af11e42b8b431dadd8
Instruction ID: b9e9197ec95c8b87ec65736cad70f42ce84a11fb00f895f772036ee2ffec2f11
Opcode Fuzzy Hash: 47444105dc51eae271228f2752207a39b4515bd285bde9af11e42b8b431dadd8
Instruction Fuzzy Hash: E2316DB0C00248DFDB05EF95C856BEEBBB8FF14308F10416EE401A7292DBB85A49CB65

Function 00450160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0045016A

Part of subcall function 00416A04: __EH_prolog3.LIBCMT ref: 00416A0B
Part of subcall function 00416A04: InterlockedIncrement.KERNEL32(004D9B10), ref: 00416A9F

Part of subcall function 0044F463: _memset.LIBCMT ref: 0044F47A

lstrcmpA.KERNEL32(?,00000000,?,?,?,?,00000000,80400100,rrs,00007530,00000000,00000000,00000000,00000000,000000B4), ref: 00450217

Part of subcall function 0044F4A5: WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 0044F4C9

Strings

rrs, xrefs: 0045017A
D, xrefs: 00450243

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ByteCharH_prolog3H_prolog3_IncrementInterlockedMultiWide_memsetlstrcmp
String ID: D$rrs
API String ID: 961569304-3346118193
Opcode ID: a5b8ea0d6aa923d3b3bb1d2961d6e4b1d039563022ae69027cf7a2d00be23436
Instruction ID: 5cb9f4cd0249b3b6b3f79495009f76f2e98c5ccf60ddb58ea5ad4a801079376a
Opcode Fuzzy Hash: a5b8ea0d6aa923d3b3bb1d2961d6e4b1d039563022ae69027cf7a2d00be23436
Instruction Fuzzy Hash: DA216F34801129AADF21EF62CC45AEF7B34EF01369F10029AFC1577192DB395F19CAA9

Function 0043804C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00438056

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

SendMessageW.USER32(?,00001061,00000000,00000007), ref: 004380BC

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

SendMessageW.USER32(?,00001061,00000001,00000007), ref: 00438130

Strings

d, xrefs: 004380AC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeH_prolog3_LastMessageSendString
String ID: d
API String ID: 2693188226-2564639436
Opcode ID: ef9d1edcb89efa8c6e2d08d9f3294f9fdf307bd875bec6154d271783c0280ab1
Instruction ID: 405798b49a4cc02314469e73b4382bd3cd167c32690a2220d85af05d06923347
Opcode Fuzzy Hash: ef9d1edcb89efa8c6e2d08d9f3294f9fdf307bd875bec6154d271783c0280ab1
Instruction Fuzzy Hash: 07210A70A04218EFDB14DFA5C895F9DB7B8FF08308F1080AEE509A7291DB74AA48CF54

Function 00494FF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00495037
_memset.LIBCMT ref: 00495044

Part of subcall function 0049A110: GetDC.USER32(?), ref: 0049A119
Part of subcall function 0049A110: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0049A12A
Part of subcall function 0049A110: GetDeviceCaps.GDI32(00000000,0000000E), ref: 0049A131
Part of subcall function 0049A110: ReleaseDC.USER32(?,00000000), ref: 0049A139

Strings

d, xrefs: 0049506F
d, xrefs: 00495076

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CapsDevice_memset$Release
String ID: d$d
API String ID: 2582967517-195624457
Opcode ID: 81cb2d8101b08f121c4dd023ed4d4fc32ade68db69279e4716fbfcd15e893a97
Instruction ID: 00c04b6f922662b8a3f5af3b6c4a2b3da97842220d81aa921867386ebda7a6af
Opcode Fuzzy Hash: 81cb2d8101b08f121c4dd023ed4d4fc32ade68db69279e4716fbfcd15e893a97
Instruction Fuzzy Hash: 6C21F4B1600244EFEB54DF59C885B4ABBE8FB08714F1041AAED149B386D3BAA914CB94

Function 0046E05A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcscmp.LIBCMT ref: 0046E071
_wcscmp.LIBCMT ref: 0046E082

Strings

ACP, xrefs: 0046E06B
OCP, xrefs: 0046E07C

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _wcscmp
String ID: ACP$OCP
API String ID: 856254489-711371036
Opcode ID: ca9c36cde701db761c56a17ca6b61ff62fb5d8a893e5a8574136ea2a0162ba68
Instruction ID: 8fd82268f2c603b1ab4c91f5e2b21b46746a279726691612bceae8c778f09206
Opcode Fuzzy Hash: ca9c36cde701db761c56a17ca6b61ff62fb5d8a893e5a8574136ea2a0162ba68
Instruction Fuzzy Hash: AC016536644215A6D720691ADC82BDB37D89F04755F144417FE04DA2C1F7A9E54046DF

Function 00485600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00485645

Part of subcall function 0040B827: __EH_prolog3.LIBCMT ref: 0040B82E
Part of subcall function 0040B827: GetLastError.KERNEL32(00000004,00416939,00000008,004238F4,dJ,00000001,?,00000000), ref: 0040B847

__CxxThrowException@8.LIBCMT ref: 00485666

Part of subcall function 0045A466: RaiseException.KERNEL32(?,?,00459FCC,00000000,?,?,?,?,00459FCC,00000000,004D0E78,?), ref: 0045A4B7

Strings

dJ, xrefs: 004856A1
lJ, xrefs: 0048568B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: DirectoryErrorExceptionException@8H_prolog3LastRaiseSystemThrow
String ID: dJ$lJ
API String ID: 2288906325-817211891
Opcode ID: f79db7bb528015d6b8d7cdc9d10a8cd1d78b0dfc3e3fb013d10bf4576eda0776
Instruction ID: 04f0ae1ddffe1d4c74c414f1cdde0518e1659f42c00016f295f9005a1c702405
Opcode Fuzzy Hash: f79db7bb528015d6b8d7cdc9d10a8cd1d78b0dfc3e3fb013d10bf4576eda0776
Instruction Fuzzy Hash: 2E2163719042189ACB50EF95CC89BDEB7B8EB08714F4042ABF419A3290DF785A84CB98

Function 0043C2FD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0043C304

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Strings

lJ, xrefs: 0043C31F
dJ, xrefs: 0043C385, 0043C388
, xrefs: 0043C33B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: $dJ$lJ
API String ID: 852442433-4228904431
Opcode ID: 4e08dc72f6f433598c2d630cb571a7c0a89000b7201d609497b44856bd249132
Instruction ID: cccd1857e250a2a10cb6b794379f302050849049fab3bff43cad3f7dbb8eaa59
Opcode Fuzzy Hash: 4e08dc72f6f433598c2d630cb571a7c0a89000b7201d609497b44856bd249132
Instruction Fuzzy Hash: 6C11C470900314EADB14EBA5C885B9E7674EF04714F10401FF905BB1C1CBB85D49C799

Function 00401BE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46registryCOMMON

Download Yara Rule

APIs

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

RegQueryValueExW.ADVAPI32(00000000,DoVerboseLogging,00000000,?,?,?), ref: 00401C3D
RegCloseKey.ADVAPI32(00000000), ref: 00401C5D

Strings

SOFTWARE\InstallShield\22.0\Professional, xrefs: 00401BED
DoVerboseLogging, xrefs: 00401C29

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Close$HandleModuleQueryValue
String ID: DoVerboseLogging$SOFTWARE\InstallShield\22.0\Professional
API String ID: 2971604672-398011643
Opcode ID: 8cc20be989dc51849c091718715fdedceaf8bed04bd78701e6e68f63824f9245
Instruction ID: 1cc1df9e7d31757cdd2194b6cee3a3b915efef72443f0914441939a2da38a891
Opcode Fuzzy Hash: 8cc20be989dc51849c091718715fdedceaf8bed04bd78701e6e68f63824f9245
Instruction Fuzzy Hash: 5801D475D85229EBEF10DF90C845BEFBBBCAB00305F10006AE905B2180D3B85B48CBE9

Function 0040E35C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040E363
__itow_s.LIBCMT ref: 0040E39A
SetLastError.KERNEL32(?,?,00000000,00000001), ref: 0040E3C9

Strings

T4L, xrefs: 0040E379

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last__itow_s
String ID: T4L
API String ID: 3681815494-1354015026
Opcode ID: 93d8a98974931669597e84cf0fe73a075055e349f5b6a5ed09eafe4503104574
Instruction ID: f1ef69440b21ec92f15213ddb203a28be4cea890c84e1ea6b4a8fdf8eb887722
Opcode Fuzzy Hash: 93d8a98974931669597e84cf0fe73a075055e349f5b6a5ed09eafe4503104574
Instruction Fuzzy Hash: E101B175800208ABD710FF92D841EAEB7B8FF44704F10442EF945AB281DB799949CB88

Function 004108FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,0040E8EA,?,?,00000000,?,?,?,?,?,?), ref: 0041090E
GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 0041091E

Strings

Advapi32.dll, xrefs: 00410909
RegCreateKeyTransactedW, xrefs: 00410918

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.dll$RegCreateKeyTransactedW
API String ID: 1646373207-2994018265
Opcode ID: c83e1466f133f5e565ba8414087bb2036b09d6c06009ef89a88353506975e311
Instruction ID: c05c990c2d585fc2824dd3440cc7b36747f037b6809ac8df7c296296ccd00d78
Opcode Fuzzy Hash: c83e1466f133f5e565ba8414087bb2036b09d6c06009ef89a88353506975e311
Instruction Fuzzy Hash: 30F0373211020AEFEF124FA6DC04BDA7FA5AB09751F04442AFA14A1060C2BAC4E0EB98

Function 00401820 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401830
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00401840

Strings

Advapi32.dll, xrefs: 0040182B
RegOpenKeyTransactedW, xrefs: 0040183A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 1646373207-3913318428
Opcode ID: 352e823b9f780ac13da28e5b479450b2374df0ed46c6a572c3d5d0b2c78ddd51
Instruction ID: d0bb64c75dc60e8bd2f98a84e8563cd39cd9bd73ca4ad5fc3a144f34ce47f663
Opcode Fuzzy Hash: 352e823b9f780ac13da28e5b479450b2374df0ed46c6a572c3d5d0b2c78ddd51
Instruction Fuzzy Hash: F4F05B33100219ABDF215FA5DC04FD77BA5EB04751F04843BF910911B0C7B6C5A0D7A4

Function 00409574 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040957B
GetLastError.KERNEL32(00000038,0040DDFB,004492A1,?,004AFFA0), ref: 00409582
SetLastError.KERNEL32(00000000), ref: 004095D6

Strings

|-L, xrefs: 00409592

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_
String ID: |-L
API String ID: 3339191932-4259979122
Opcode ID: 24f43d2936b3ad16fab0b86d5cca8314c2428bcf3ba4f71db9654ee6d5e40029
Instruction ID: 714b6096e22ced05593d0ab476309d218eb8cdadfdafa15c31b76b9f64aaa364
Opcode Fuzzy Hash: 24f43d2936b3ad16fab0b86d5cca8314c2428bcf3ba4f71db9654ee6d5e40029
Instruction Fuzzy Hash: D8F0DC31500205DBDB15EB62C854B6DB3B8AF84309F00446EE042671D2CB7DEC4ACB48

Function 00408FDF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00408FE6
GetLastError.KERNEL32(00000004,00409224,00000000,?,0043A706,00000000,00000000,?,00409F4E,?,00000000,?,00000001,00000048,00409E02,004C2FA0), ref: 00409008
SetLastError.KERNEL32(?,00000000,?,0043A706,?,00409F4E,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000), ref: 00409044

Strings

|-L, xrefs: 0040901C

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3
String ID: |-L
API String ID: 3502553090-4259979122
Opcode ID: ea055b06ae94e280d7ba610d09059c28fdaebb8ea6135063e608ee3838a4fbef
Instruction ID: 7135aa5b5c6711000976b1a5063b62f77656cbc11f1e0439027cdd843273076e
Opcode Fuzzy Hash: ea055b06ae94e280d7ba610d09059c28fdaebb8ea6135063e608ee3838a4fbef
Instruction Fuzzy Hash: E3014675500616EFCB01DF06C944A59BBF4FF48715B01862AF8189BB62C7B8EA60DFC8

Function 00445FB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.lib,IsTextUnicode), ref: 00445FCE
GetProcAddress.KERNEL32(00000000), ref: 00445FD5

Strings

IsTextUnicode, xrefs: 00445FC4
Advapi32.lib, xrefs: 00445FC9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.lib$IsTextUnicode
API String ID: 1646373207-3723215607
Opcode ID: 1e844ae8459809b4531c415c7125214c5ae695be30b9232cf70e5085d4d845a9
Instruction ID: 5890916d41243b8dae1628dc5aed9f08788239c8a3b298eb17c7d36771733127
Opcode Fuzzy Hash: 1e844ae8459809b4531c415c7125214c5ae695be30b9232cf70e5085d4d845a9
Instruction Fuzzy Hash: 62E0ED32200326A7AF308FA59C05AAB3B6C9B027183094027FD1597241CA3DD8449BAE

Function 0040E23E Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040E245

Part of subcall function 00402CE0: GetLastError.KERNEL32(98A63EB4,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402D30
Part of subcall function 00402CE0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,00000000,7591DFA0,?,?,004AC418,000000FF,T4L,00401EE2,InstallShield.log,?), ref: 00402DA8

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Strings

P/L, xrefs: 0040E25E, 0040E28B
@/L, xrefs: 0040E24A, 0040E25D
T4L, xrefs: 0040E27F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3_
String ID: @/L$P/L$T4L
API String ID: 2549205776-2391459764
Opcode ID: 03acca1fd10c74d24323e4ac8bcb1e2e1618de5294f8b1fd4570b5cc9c8217b9
Instruction ID: 0cce9d4a209e61f97a9b47e53ff479a0c066b02d32d24b5715c309192cc3a6ce
Opcode Fuzzy Hash: 03acca1fd10c74d24323e4ac8bcb1e2e1618de5294f8b1fd4570b5cc9c8217b9
Instruction Fuzzy Hash: 3DF03A306102049BDB15AF52CC82B9E73B8EF44319F50402EF801BB2C2CBBC69098B9C

Function 00444817 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetProcessId), ref: 00444824
GetProcAddress.KERNEL32(00000000), ref: 0044482B

Strings

kernel32.dll, xrefs: 0044481F
GetProcessId, xrefs: 0044481A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetProcessId$kernel32.dll
API String ID: 1646373207-399901964
Opcode ID: f2698d3107329d0d2acceb1f59049789d40aba2147da7d285d87ccfc0c815085
Instruction ID: ee93fd962a4e704cc6191df0c74bc4abb2c3d25071bdf5bb63bce5f2597ed56f
Opcode Fuzzy Hash: f2698d3107329d0d2acceb1f59049789d40aba2147da7d285d87ccfc0c815085
Instruction Fuzzy Hash: 49D012312843086BAE006FF6BC09E567F5C9A91B513040436B81CC1051DA7BD450966C

Function 00445E1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetProcessId), ref: 00445E28
GetProcAddress.KERNEL32(00000000), ref: 00445E2F

Strings

kernel32.dll, xrefs: 00445E23
GetProcessId, xrefs: 00445E1E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetProcessId$kernel32.dll
API String ID: 1646373207-399901964
Opcode ID: 94e73091009f22638df0306b64ebb9fe43951cfe0381b593e4467f811eb0770e
Instruction ID: 461e5980d865bde67dc41995be2e1f9ad7d80831c0895847c5d1f89e5c21943c
Opcode Fuzzy Hash: 94e73091009f22638df0306b64ebb9fe43951cfe0381b593e4467f811eb0770e
Instruction Fuzzy Hash: D3B092B02D2306568E041BB99C0EE547E645662B033201A297412C20D4CAA94040472C

Function 00485FB0 Relevance: 6.3, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,?,?,?,?,00000000,004AAFB9,000000FF,?,00485F4A,?,00000000), ref: 00485FF3
SetLastError.KERNEL32(?,?,00485F4A,?,00000000), ref: 0048602C
MultiByteToWideChar.KERNEL32(00000000,00000000,004C2BD0,?,00000000,00000000,?,00485F4A,?,00000000), ref: 00486052
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,00485F4A,?,00000000), ref: 0048609E
SetLastError.KERNEL32(?,?,00485F4A,?,00000000), ref: 004860AC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$ByteCharMultiWide
String ID:
API String ID: 3361762293-0
Opcode ID: f0bbbf2a11e0f237163f922194f58a55702dddeddcada36f90401c58c9216d03
Instruction ID: cf214800c4b9537dc2f9a1ef72162d9cd2e773d5810633010d7e9cd007b42dfc
Opcode Fuzzy Hash: f0bbbf2a11e0f237163f922194f58a55702dddeddcada36f90401c58c9216d03
Instruction Fuzzy Hash: B6317571600605EFD724CF28D844B5ABBF4FF09710F114A2EE90ADBBA0D7B5A910CB98

Function 00465D53 Relevance: 6.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00465DD7
_memmove.LIBCMT ref: 00465E1E
___AdjustPointer.LIBCMT ref: 00465E6C
_memmove.LIBCMT ref: 00465E75

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AdjustPointer_memmove
String ID:
API String ID: 1721217611-0
Opcode ID: 5ec70329cea0efc6a358138fbd6af21413d18b2ba913e20929ada165ba88d450
Instruction ID: 6aded0b91f3f85af59e5abbe13635e53dafb30375726ec01a782a00c5a4f43ea
Opcode Fuzzy Hash: 5ec70329cea0efc6a358138fbd6af21413d18b2ba913e20929ada165ba88d450
Instruction Fuzzy Hash: EF41C531104B025FEF245F16D941B6B33A59F10714F24442FF8449A2D1FB7ADD50C65B

Function 00409E2B Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00409E32
_strlen.LIBCMT ref: 00409E62
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181,?,004C2BD0), ref: 00409E7E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00409EB0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ByteCharMultiWide$H_prolog3__strlen
String ID:
API String ID: 708778256-0
Opcode ID: ac1a092213b0e12e2b2330b3df8748c6dd9e04ce5d2326068d47697538889179
Instruction ID: c16194bb0586814343e66e998a05e2ed2fd8b15da2402ce4b41418a516c6c1c6
Opcode Fuzzy Hash: ac1a092213b0e12e2b2330b3df8748c6dd9e04ce5d2326068d47697538889179
Instruction Fuzzy Hash: 57315F71900218ABDB15EFA9CC91AEFB778EF48314F14012EF905A72C3DB789D058B69

Function 00404F90 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,00000000,7591DFA0,7591E010), ref: 00405053
SysFreeString.OLEAUT32(?), ref: 0040506F
SysFreeString.OLEAUT32(?), ref: 0040507A
SetLastError.KERNEL32(?), ref: 0040509A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: 7d9971b677ed3547416a1e96bdc9c8d55c6c6ae2ced54b5d5e6be12a684c2120
Instruction ID: dc07c803cd88c785bac4382bc7a008622eb629c4022d0baeaf30a320184b776a
Opcode Fuzzy Hash: 7d9971b677ed3547416a1e96bdc9c8d55c6c6ae2ced54b5d5e6be12a684c2120
Instruction Fuzzy Hash: 48418C31600609ABCF10DF24C944B9E77A8FF05718F10863AF816A72D1DB39E909CF99

Function 0041448F Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00414496
IsWindow.USER32(?), ref: 004144B5
IsWindowVisible.USER32(?), ref: 004144C2
DestroyWindow.USER32(?), ref: 0041453B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Window$DestroyH_prolog3Visible
String ID:
API String ID: 447219068-0
Opcode ID: 6535ce3da3dfe8c8fae5c6415aa38829919470400cb8e8467b52c3ae6c7187e0
Instruction ID: 10d8122a03d87b9e53297850a7b574bfc71cfa9d350298393abf2021dee12dc4
Opcode Fuzzy Hash: 6535ce3da3dfe8c8fae5c6415aa38829919470400cb8e8467b52c3ae6c7187e0
Instruction Fuzzy Hash: 65313C70A0020AEFDB04DFA5C988AAEBBB9BF85308F54846DE545DB250DB35D942CB64

Function 00481210 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00481237
SysFreeString.OLEAUT32(?), ref: 00481253
SysFreeString.OLEAUT32(?), ref: 0048125E
SetLastError.KERNEL32(?), ref: 0048127C

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: 7adbb34e08a17aaf52537097f738b590045160d32ca0d2bdc0408e8aa6d56d3d
Instruction ID: aa51ca18b2d1fff8e3d27f6db536b0836a09aaf9c92cd217795a71d3ef195011
Opcode Fuzzy Hash: 7adbb34e08a17aaf52537097f738b590045160d32ca0d2bdc0408e8aa6d56d3d
Instruction Fuzzy Hash: B941A2719002549FDB21EF28C484B56BBE4AF05354F19C4EAE848DB3B2C739EC95CB88

Function 004558E0 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000004), ref: 004558F6
GetLastError.KERNEL32(?,?,?,?,?,?,00455889,?,?,?), ref: 004558FC
IsBadReadPtr.KERNEL32(?,00000000), ref: 0045591C
_memmove.LIBCMT ref: 0045594D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Read$ErrorLast_memmove
String ID:
API String ID: 1328700803-0
Opcode ID: 3207ce5ba6cb4ab9fd59824205a66bb5143604768caefe5826d07507a8d42612
Instruction ID: 37118492d2d27c06ff67bb7b1bfe15760d817bb993575a2f60638aa9d941978f
Opcode Fuzzy Hash: 3207ce5ba6cb4ab9fd59824205a66bb5143604768caefe5826d07507a8d42612
Instruction Fuzzy Hash: F131C47160061AFBCB119F65CC85AABBBA8FF05755B00002BFC00D7252DB79E869CBA4

Function 00411DB8 Relevance: 6.1, APIs: 4, Instructions: 94windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00411DE0
GetTickCount.KERNEL32 ref: 00411E21
SendDlgItemMessageW.USER32(00000000,000003EC,0000000C,00000000,-00000004), ref: 00411E5D
SendDlgItemMessageW.USER32(00000000,000003ED,0000000C,00000000,-00000004), ref: 00411E96

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ItemMessageSend$CountTickWindow
String ID:
API String ID: 373309326-0
Opcode ID: bda43ab3aa73ed3b6580bfb436eff82d05a1d0117a080dd23e6f6f8dd1455ca2
Instruction ID: 4915500c2b095ac1a06dae2888b7d95e742b2d67e67b059be9a7b7c69c46ba4f
Opcode Fuzzy Hash: bda43ab3aa73ed3b6580bfb436eff82d05a1d0117a080dd23e6f6f8dd1455ca2
Instruction Fuzzy Hash: 91316B71A00208AFDB15EFA5DC85FDEBBB9AF49704F00002AF506E72A0DB34A945CB58

Function 004185B0 Relevance: 6.1, APIs: 4, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32 ref: 004185E5
SysAllocStringLen.OLEAUT32(00000000,?), ref: 0041863D
SysStringLen.OLEAUT32 ref: 00418652
SysFreeString.OLEAUT32 ref: 0041868F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$AllocFree
String ID:
API String ID: 344208780-0
Opcode ID: 0f87246907ec6dad1821d0284ee8a40f15c2a80fcf2c218f651bc4d8811b3553
Instruction ID: e2a93df44556aa96fba24b739c68fcf8784a70e1de55fb2db12a4582bbdcab65
Opcode Fuzzy Hash: 0f87246907ec6dad1821d0284ee8a40f15c2a80fcf2c218f651bc4d8811b3553
Instruction Fuzzy Hash: FF218175A00209FBDB109FA5DC45B9E7BACEF44304F10842EFA48D6251EA3ADA94CB58

Function 00446730 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

FindResourceExW.KERNEL32(?,00000006,?,?,?,00000000,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 0044674F
FindResourceExW.KERNEL32(?,00000006,00000000,?,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 00446787
FindResourceExW.KERNEL32(?,00000006,00000000,00000400,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 004467B4
FindResourceExW.KERNEL32(?,00000006,00000000,00000000,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 004467DE

Part of subcall function 004466BC: __EH_prolog3_GS.LIBCMT ref: 004466C3
Part of subcall function 004466BC: LoadResource.KERNEL32(?,?,00000038,004467F9,?,?,?,?,?,?,0040D4B6,004C2FA0,?,00000002,?), ref: 004466DA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Resource$Find$H_prolog3_Load
String ID:
API String ID: 4133745404-0
Opcode ID: 2a14182a8ac0c3ba1b6ee19d6025a79b9e32e148616e5c35e7273d5272ec49e1
Instruction ID: c04375f7cb1f775b0624f4cd81cbfe2b65d1f622a7719965cbfa827d9e203ade
Opcode Fuzzy Hash: 2a14182a8ac0c3ba1b6ee19d6025a79b9e32e148616e5c35e7273d5272ec49e1
Instruction Fuzzy Hash: AE219FBA501218BAFF205F55CC05EEB3BBCEF02394F018066FD14E6250E636DA119B65

Function 00456844 Relevance: 6.1, APIs: 4, Instructions: 88fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00456862
GetFileSize.KERNEL32(00000000,00000000), ref: 00456878
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00456896
CloseHandle.KERNEL32(00000000), ref: 004568A2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: File$CloseCreateHandleReadSize
String ID:
API String ID: 3919263394-0
Opcode ID: fdbe7ea60a04a2aa99c2c8901891f117a30f6abd793104fa4f390d1af85b99e6
Instruction ID: 5cc11132e6fe83f1aaf8af0a023e13796a0c4990fab693f4363b781b69500085
Opcode Fuzzy Hash: fdbe7ea60a04a2aa99c2c8901891f117a30f6abd793104fa4f390d1af85b99e6
Instruction Fuzzy Hash: 2521F1712002047FEB116F728C95BBF7A9EEF45395F50052AFD02972C2DAB8AC0586A8

Function 004863B0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0048642A
SetLastError.KERNEL32(?), ref: 00486475

Strings

x/L, xrefs: 00486416
lJ, xrefs: 004863B0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: lJ$x/L
API String ID: 1452528299-2084575886
Opcode ID: 680b3210779487154902a057d0c53d623c99271879db3dc87b7e9dae6b5aa421
Instruction ID: 3a501fbf316c0f788db0ef6a65775761f0142b598b54e12e26dc5a84000f79ba
Opcode Fuzzy Hash: 680b3210779487154902a057d0c53d623c99271879db3dc87b7e9dae6b5aa421
Instruction Fuzzy Hash: 4041C2B0605A46EFE349DF75C5597C6FBA0BF1A308F00835AD46C8B291DBB92128CBD1

Function 00412638 Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00412642
lstrcpyA.KERNEL32(?,00000000), ref: 004126AF

Part of subcall function 0040CF3D: __EH_prolog3_GS.LIBCMT ref: 0040CF47

lstrcpyA.KERNEL32(?,00000000,?), ref: 004126E4

Part of subcall function 00489C10: wsprintfA.USER32 ref: 00489C9A
Part of subcall function 00489C10: GetLastError.KERNEL32 ref: 00489CF2
Part of subcall function 00489C10: SetLastError.KERNEL32(?,?,00000000,000000FF), ref: 00489D40
Part of subcall function 00489C10: lstrcpyA.KERNEL32(000000D0,?), ref: 00489D89

lstrcpyA.KERNEL32(?,00000000,00000174,004127F5,?), ref: 00412692

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLastlstrcpy$FreeH_prolog3_String$wsprintf
String ID:
API String ID: 2054042452-0
Opcode ID: e2fe78531564187412f5e0d5137fc88091f709716f3cab77cda37fafe312e2d8
Instruction ID: 011a801ff203930292c958755fb28e9b1da450eb53cdd22da8326c7ef5194b1d
Opcode Fuzzy Hash: e2fe78531564187412f5e0d5137fc88091f709716f3cab77cda37fafe312e2d8
Instruction Fuzzy Hash: 21216271901118EBCB01EBA1C951AEDB7B8BF14344F1441AFF506A7291DF38AF49CB54

Function 00405F80 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,7529E860,98A63EB4,?,7591E010,?,?,004AC698,000000FF,T4L,004049B4), ref: 00405FF4
SetLastError.KERNEL32(?,00000007,00000000,000000FF), ref: 00406042

Strings

T4L, xrefs: 00405FED
T4L, xrefs: 00405F80

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: T4L$T4L
API String ID: 1452528299-3367740000
Opcode ID: 34e76b3064816e2e363bd4b779f942a68d86df45ac07e1a49613212acc1760b3
Instruction ID: 9bed8527b8b7e85d28746ae17e32732ee4bb0f1d43bb12fc2b8a4590157dc814
Opcode Fuzzy Hash: 34e76b3064816e2e363bd4b779f942a68d86df45ac07e1a49613212acc1760b3
Instruction Fuzzy Hash: 28218E71500701AFDB10CF15C904B66BBF4FB49328F20866EE8169B790D7BAE906CF98

Function 00404580 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(98A63EB4,?,?,?,00000000,004ACAC8,000000FF,T4L,004050D6,00000000,00000001,000000FF), ref: 004045BE
SetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 0040461A

Strings

T4L, xrefs: 004045B7
T4L, xrefs: 00404580

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID: T4L$T4L
API String ID: 1452528299-3367740000
Opcode ID: 028d496f95f1f2086f3ede9ab10eddeccf2bf6aa6fe664a70430d69ee2f9d859
Instruction ID: b61b599f1261bc151d4a2ec42bda8dabf60b11823f162ddbf0e1926f641f9eca
Opcode Fuzzy Hash: 028d496f95f1f2086f3ede9ab10eddeccf2bf6aa6fe664a70430d69ee2f9d859
Instruction Fuzzy Hash: 601149B6504704AFD7248F15C804B56BBF4FF89728F10466EE81A87790D7BAA516CB88

Function 00495D80 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00495DA3
IntersectRect.USER32(?,?,?), ref: 00495DB8
GetWindowTextW.USER32(?,?,00000104), ref: 00495DCF
InvalidateRect.USER32(?,?,00000000), ref: 00495DFB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Rect$Window$IntersectInvalidateText
String ID:
API String ID: 1165118807-0
Opcode ID: 1b682eccdefb00082ca9042ab887f519d3585eac787215dceb92691bfc60fa50
Instruction ID: ca9be610bba992bcdc185148715d49844e0133e9df47b6330c6477a6a45c1c88
Opcode Fuzzy Hash: 1b682eccdefb00082ca9042ab887f519d3585eac787215dceb92691bfc60fa50
Instruction Fuzzy Hash: 3C11A176501108ABCF10DBA5EC88EFEB77CEB49304F1440AAF915D7240E674AF4ACBA4

Function 00411EFB Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F22B: FindWindowExW.USER32(000000FD,00000000,IsPrqHook,-00000004), ref: 0040F272

SendMessageW.USER32(00000000,0000000C,00000000,?), ref: 00411F1E
SendMessageW.USER32(00000000,00000111,00000002,00000000), ref: 00411F2E

Part of subcall function 0041075B: __EH_prolog3_GS.LIBCMT ref: 00410762

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: MessageSend$FindH_prolog3_Window
String ID:
API String ID: 1301945986-0
Opcode ID: f18b38117d297aae988f310ef4ccb808226c6ddcca8c2facf53a6d4395670db9
Instruction ID: dfbab758616002f1ff868f44dc3689de48fde5ebc6277f01b98288258da681dd
Opcode Fuzzy Hash: f18b38117d297aae988f310ef4ccb808226c6ddcca8c2facf53a6d4395670db9
Instruction Fuzzy Hash: 3901F531248200BFE7215B51EC89FAABBA89B59724F10807BF305961F2C7B8C889871C

Function 00499AE0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,00000002,?,00000000,00000001,?,0049A1B2,?,?,00000000,004998EA,?,?,004998EA,?), ref: 00499B10
LoadResource.KERNEL32(?,00000000,?,0049A1B2,?,?,00000000,004998EA,?,?,004998EA,?,?,dJ,004965B3), ref: 00499B23
LockResource.KERNEL32(00000000,?,0049A1B2,?,?,00000000,004998EA,?,?,004998EA,?,?,dJ,004965B3), ref: 00499B30
FreeResource.KERNEL32(00000000,?,dJ,004965B3), ref: 00499B42

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 3a0cf0862210317286b67ccb168a98852f4257cb1d1efde4b4a153c91b036992
Instruction ID: 4dceb09cefd9136a32908159ec1a6e11458e6988946edec7068333866bc89a09
Opcode Fuzzy Hash: 3a0cf0862210317286b67ccb168a98852f4257cb1d1efde4b4a153c91b036992
Instruction Fuzzy Hash: 05016D76200214ABD7109F5AEC88EBB7BACFB89725F00053EF909C3201D779E8418BA4

Function 004106D7 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00410714
IsDialogMessageW.USER32(?), ref: 00410728
TranslateMessage.USER32(?), ref: 00410736
DispatchMessageW.USER32(?), ref: 00410740

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: 37cf7d44ff71bf57da638d2a31faa7f3f316511d44e19188df922172d013981b
Instruction ID: ef94ecf8d492ccd34105d437e9f6e7a53292830c9c4a75a06970bb969660babd
Opcode Fuzzy Hash: 37cf7d44ff71bf57da638d2a31faa7f3f316511d44e19188df922172d013981b
Instruction Fuzzy Hash: 7B015E71905264AEDF258BA1AC08FE77FECAB0E704F044067E465D21E1D2A8E9C4CB6D

Function 004392D9 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00439345: IsWindow.USER32(?), ref: 0043936D
Part of subcall function 00439345: GetLastError.KERNEL32(?,004392EC,?), ref: 0043937E

IsDialogMessageW.USER32(?,?), ref: 004392FF
TranslateMessage.USER32(?), ref: 0043930D
DispatchMessageW.USER32(?), ref: 00439317
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00439326

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Message$DialogDispatchErrorLastTranslateWindow
String ID:
API String ID: 2045501086-0
Opcode ID: 452d320890ea895eb21c39f3c21b5f362dd9ceae528e9c8bff2af433555e6cdb
Instruction ID: a29a9e6365f9f5463b6136a44f19e38ddad78f2a771dc12c71ba474efaa5af2b
Opcode Fuzzy Hash: 452d320890ea895eb21c39f3c21b5f362dd9ceae528e9c8bff2af433555e6cdb
Instruction Fuzzy Hash: A10167B2900205AFDB209FB5DC08A6B7BFCDF5D704F004437E921D2150E778E8058A75

Function 0041253F Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00412563
GetObjectW.GDI32(00000000,0000005C,?), ref: 00412570

Part of subcall function 004125AD: GetLocaleInfoW.KERNEL32(?,00001004,?,00000014), ref: 004125E1
Part of subcall function 004125AD: TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 004125FC

CreateFontIndirectW.GDI32(?), ref: 00412587
SendMessageW.USER32(?,00000030,00000000,00000000), ref: 00412597

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: InfoMessageSend$CharsetCreateFontIndirectLocaleObjectTranslate
String ID:
API String ID: 2681337867-0
Opcode ID: 5bac568def4fb8f6399d480c1c020f0039d80205d477515377b8e8dbfbd3dd76
Instruction ID: 4b400925af5f4f3dea7770fe6560f858ec8ba7793cf19f7153a0348d9465aa54
Opcode Fuzzy Hash: 5bac568def4fb8f6399d480c1c020f0039d80205d477515377b8e8dbfbd3dd76
Instruction Fuzzy Hash: 25014F71A05318ABDF10DFA5DC89F9E7BB9AB19700F004029B605AB281D6B49914CB58

Function 00464E0B Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00464E4F

Part of subcall function 0046323D: __mtinitlocknum.LIBCMT ref: 0046324F
Part of subcall function 0046323D: __amsg_exit.LIBCMT ref: 0046325B
Part of subcall function 0046323D: EnterCriticalSection.KERNEL32(00000000,?,00464E54,0000000D), ref: 00463268

InterlockedIncrement.KERNEL32(?), ref: 00464E5C
__lock.LIBCMT ref: 00464E70
___addlocaleref.LIBCMT ref: 00464E8E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 153627126-0
Opcode ID: ca9532e855b8e9cfb49d2282fd7e0ce366c0fa5dd99d25c45af14bab4dc4fccd
Instruction ID: cfaf24bed7775fabcf69b5f8c6870cb7b7f7cb6e127d1a2c1ec12c5ec58681f1
Opcode Fuzzy Hash: ca9532e855b8e9cfb49d2282fd7e0ce366c0fa5dd99d25c45af14bab4dc4fccd
Instruction Fuzzy Hash: 15012171500B409FDB20AF66D80575ABBF0BF50329F20890FE5A5972A1DB78A640CF5A

Function 0041480A Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00414833
IsDialogMessageW.USER32(?,?), ref: 00414847
TranslateMessage.USER32(?), ref: 00414855
DispatchMessageW.USER32(?), ref: 0041485F

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: d9b35cbb2f76d0bbad690ed724c4705ddf6aba1bbd01c1938827c2e7ddfc1215
Instruction ID: b5c1efe96b76b106ce1e22c38196cde2ee867dc7df8cedafc31724231bce7c88
Opcode Fuzzy Hash: d9b35cbb2f76d0bbad690ed724c4705ddf6aba1bbd01c1938827c2e7ddfc1215
Instruction Fuzzy Hash: 8DF06235A04296ABDB60AFB7AC0CDFBBFBCDBC5B01B004067A461D2151E6689446CB78

Function 004301D4 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000113,00000113,00000001), ref: 004301EC
PeekMessageW.USER32(?,00000000,00000000,00000000,04270001), ref: 00430202
TranslateMessage.USER32(?), ref: 00430210
DispatchMessageW.USER32(?), ref: 0043021A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: Message$Peek$DispatchTranslate
String ID:
API String ID: 1795658109-0
Opcode ID: c9655ed3ab55fc17ed093dd39af45d67eaa3e2fe43e73219ab276254281691f0
Instruction ID: 00882ce5cda7ca4ff11e02b86652fa535bfc858a5f3d0f213e65b363a0b21e68
Opcode Fuzzy Hash: c9655ed3ab55fc17ed093dd39af45d67eaa3e2fe43e73219ab276254281691f0
Instruction Fuzzy Hash: 13F01271A0020E7BDB105BB69C9DD9B7FBCDB89F44B004525B521D2145E668E9068678

Function 004525F9 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00452612
SysFreeString.OLEAUT32(00000003), ref: 0045261E
_free.LIBCMT ref: 0045262E
_free.LIBCMT ref: 00452640

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: FreeString_free
String ID:
API String ID: 2157979973-0
Opcode ID: 885f7a036933098c6bd05cd0720d6cd5f0772c77fc0e4d6d597938a08ec789e2
Instruction ID: 8eaf5657c2ebb0a3b13a4a4b11e247605b84b600caf6c3e8d720e6c2d7b118d4
Opcode Fuzzy Hash: 885f7a036933098c6bd05cd0720d6cd5f0772c77fc0e4d6d597938a08ec789e2
Instruction Fuzzy Hash: 34F09076500522EFC7228F56E5C4806FB64FF09752711822BF46883622CB719CA6CFD8

Function 004551C9 Relevance: 6.0, APIs: 4, Instructions: 35stringCOMMON

Download Yara Rule

APIs

_wcsstr.LIBCMT ref: 004551D3
lstrlenW.KERNEL32(?,00000000,?,0045516C,00000000,2.5.4.3,?), ref: 004551E3
_wcsstr.LIBCMT ref: 004551F5
lstrlenW.KERNEL32(-00000002,?,0045516C,00000000,2.5.4.3,?), ref: 00455207

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _wcsstrlstrlen
String ID:
API String ID: 4267858634-0
Opcode ID: 3aec2ca963c9b7e1c144ff86f5cb53c6bb9697f2919f41e82765c6a2c07b6413
Instruction ID: 1c6dd6d82ba22761ad199179ee60fccfcd3ddb863ceebba75b673429a678ec36
Opcode Fuzzy Hash: 3aec2ca963c9b7e1c144ff86f5cb53c6bb9697f2919f41e82765c6a2c07b6413
Instruction Fuzzy Hash: AAF02E32506625AB8F116F65DC108AF3F54EF01361710442BFC1597561DB36A9158BDC

Function 00415D19 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00415D20
GetLastError.KERNEL32(00000004,00416784,?,00000000), ref: 00415D44
SetLastError.KERNEL32(?), ref: 00415D71
SetLastError.KERNEL32(00000000), ref: 00415D91

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3
String ID:
API String ID: 3502553090-0
Opcode ID: eee85745f461b2685e9c6e98c369fc658d764571e3073be2b14e754d92e0c381
Instruction ID: e63c4c50e2579be7de9a440d7405d9f157185e8486bff636422b039b726b374f
Opcode Fuzzy Hash: eee85745f461b2685e9c6e98c369fc658d764571e3073be2b14e754d92e0c381
Instruction Fuzzy Hash: B401C2759002108FCB44DF55D985B9ABBA0EB04319F05C8AAAC189F2A6C7B8D954CFA8

Function 00452040 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00452047
GetLastError.KERNEL32(00000004,0045276D,?,00000001,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0045206B
SetLastError.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00452098
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 004520B8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3
String ID:
API String ID: 3502553090-0
Opcode ID: 3cb0793151528fdbf7fb8d638dbfa040aa64544f51633d55e62f5a859fcba6c1
Instruction ID: b5f215745daadf949085b08d572f8bfc25a3b09c1719a62bdf3109cbad5f2366
Opcode Fuzzy Hash: 3cb0793151528fdbf7fb8d638dbfa040aa64544f51633d55e62f5a859fcba6c1
Instruction Fuzzy Hash: 5301C5759002108FCB04DF55C995B8ABBA4AB04319F05C4AAAC149F367CBB8E914CFA8

Function 004124C2 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 004124CB
GetDlgItem.USER32(0000012D,00000001), ref: 004124E4
SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 004124F4
SendMessageW.USER32(00000000,00000402,?,00000000), ref: 00412511

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: MessageSend$ItemWindow
String ID:
API String ID: 591194657-0
Opcode ID: 19d25f7fca834f18e6b0410cbb92cbaff4a1532f9ab004e36beba6a5779aa618
Instruction ID: 9ccfd2c52fb01912edb6e4708ad4e45fa94897539c7573ce4834a409b11aa6f5
Opcode Fuzzy Hash: 19d25f7fca834f18e6b0410cbb92cbaff4a1532f9ab004e36beba6a5779aa618
Instruction Fuzzy Hash: 32F02731200110BBD7101B62BC48EBA3FACEB4AB91F044037F608E10A0C7B8CC50D7AC

Function 00401A60 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,004050EA,00000000,00000000,00000001,000000FF,98A63EB4,00000000,7591DFA0,7591E010), ref: 00401A6F
SysFreeString.OLEAUT32(?), ref: 00401A8B
SysFreeString.OLEAUT32(?), ref: 00401A96
SetLastError.KERNEL32(?), ref: 00401AB4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction ID: e40d49c18025afc5c80985eda0a655243877ccc1a9f4a8e9248b552b5c85207f
Opcode Fuzzy Hash: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction Fuzzy Hash: 48F0F435500512EFD7009F1AE948A40FBB5FF49329B15826AE41893A31CB35F8B4CFC8

Function 00401AC0 Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
SysFreeString.OLEAUT32(?), ref: 00401AEB
SysFreeString.OLEAUT32(?), ref: 00401AF6
SetLastError.KERNEL32(?), ref: 00401B14

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction ID: 7fc7d01df612ee2857e001765975f3cb69b0a7a7fc946f931921def550923789
Opcode Fuzzy Hash: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction Fuzzy Hash: CFF0F435500512EFD7009F1AE948A40FBB5FF49329B15826AE41893A31CB75F8B4DFC8

Function 00401B20 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00401B2F
SysFreeString.OLEAUT32(?), ref: 00401B4B
SysFreeString.OLEAUT32(?), ref: 00401B56
SetLastError.KERNEL32(?), ref: 00401B74

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorFreeLastString
String ID:
API String ID: 3822639702-0
Opcode ID: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction ID: 7ff14be3607078348ba789317abafe8b5ff7d169440c0dd3e9125ab5b768bd65
Opcode Fuzzy Hash: de7331677c6d3e50590d67bc66852f29b8a5aae7ee1625df25b9102005008d99
Instruction Fuzzy Hash: 5CF0F435400512EFD7009F1AE948A40FBB5FF49329B15826AE41893A31DB31F8B4CFD8

Function 0049A110 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 0049A119
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0049A12A
GetDeviceCaps.GDI32(00000000,0000000E), ref: 0049A131
ReleaseDC.USER32(?,00000000), ref: 0049A139

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 81fe86409a3509f52eef9bca38f0944fefe36bd2c16e41e9ed11b2d4ab1f9fbc
Instruction ID: cd4101a6f1a76049ecf921f76eabf7e4af3ed02cb3c39424fa35d776e82c472e
Opcode Fuzzy Hash: 81fe86409a3509f52eef9bca38f0944fefe36bd2c16e41e9ed11b2d4ab1f9fbc
Instruction Fuzzy Hash: F7E04F3290022C7FEB202BB7AC89D9B7F5CEB492B4B024432FE1CAB251D5719C4189E0

Function 0044858D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00448597

Part of subcall function 004018F0: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00401914
Part of subcall function 004018F0: RegCloseKey.ADVAPI32(00000000), ref: 00401977

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00415AF8: __EH_prolog3_GS.LIBCMT ref: 00415AFF
Part of subcall function 00415AF8: GetLastError.KERNEL32(0000003C,00487419,?,?,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B2A
Part of subcall function 00415AF8: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B5B

Strings

@/L, xrefs: 00448638
@/L, xrefs: 00448763

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$CloseHandleModule
String ID: @/L$@/L
API String ID: 2716975270-2149722323
Opcode ID: cfbe7f742089f2b47ff7128bed6ec6584c3d6c5db0612d44991558f0e78e9928
Instruction ID: 8e69237ed864376c65912f9c3754bb558fe83421bbc0e0d8af205d7dba7a4078
Opcode Fuzzy Hash: cfbe7f742089f2b47ff7128bed6ec6584c3d6c5db0612d44991558f0e78e9928
Instruction Fuzzy Hash: 97717C71900258EEDB14EFA5CC51BDDB7B8AF14308F50809EE509B3282DBB85A89CF65

Function 004440CF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141timeCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004440D6
CompareFileTime.KERNEL32(?,00000000,?,?,PSTORES.EXE,00000000,00000000,?,?,0000006C,0044A131,?,?,?), ref: 0044422E

Strings

PSTORES.EXE, xrefs: 004441E1, 004441EE

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: CompareFileH_prolog3Time
String ID: PSTORES.EXE
API String ID: 2703394530-1209905799
Opcode ID: 29c7b6ff1ac3780e10fac1545eeaa9c8dd8d4ebb63912ea0e3e7ec1ea8e39cae
Instruction ID: efd3a5696b197fd5aa3610a333a78fe280904bfb249b72705f77cdf15a1aafa2
Opcode Fuzzy Hash: 29c7b6ff1ac3780e10fac1545eeaa9c8dd8d4ebb63912ea0e3e7ec1ea8e39cae
Instruction Fuzzy Hash: 6E512072C0025DAAEF11DFE4D881AEEBBB8BF58344F14015BE511B7241EB38AA45CB65

Function 00406170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00406243

Strings

invalid string position, xrefs: 00406272, 0040627C
string too long, xrefs: 00406286

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 1b41b78947c8c005a98c42b1ebc94502f8c0780efa345ae93ac7d387fba3585d
Instruction ID: 40c0a5eb907a7e396cb5b2c860bb526351c5f4fef81689f650615db782ea9671
Opcode Fuzzy Hash: 1b41b78947c8c005a98c42b1ebc94502f8c0780efa345ae93ac7d387fba3585d
Instruction Fuzzy Hash: CD31D8333043108BD721AE5CE940F5BF7A5EB91721F110A7FE5469B2C2C7B59860C7A9

Function 00406630 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004066F9

Strings

invalid string position, xrefs: 0040672C, 00406736
string too long, xrefs: 00406740

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 64848c1ca52122e1e000f17b0e8b8f2014c6846dc759819f29c4771c32755776
Instruction ID: 109d5573d350601dc0c970750d02d2488746e1b4dc6d2f9e7dccea131a2ba069
Opcode Fuzzy Hash: 64848c1ca52122e1e000f17b0e8b8f2014c6846dc759819f29c4771c32755776
Instruction Fuzzy Hash: 0B31CD32304314DBC7249F5CE88082BF3AAFFD17653120A3FE442D7291DB76A86587A9

Function 0044E0D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044E0E0

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Strings

@/L, xrefs: 0044E123
@/L, xrefs: 0044E166

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: @/L$@/L
API String ID: 852442433-2149722323
Opcode ID: ed5379940178be49badfea8b8f8e8d9a06512ed1fb2711c2931064dced040e6b
Instruction ID: b69bbfbd7b42d283a4daad3c19d690c11e806ee203c84158451cc76e75080c08
Opcode Fuzzy Hash: ed5379940178be49badfea8b8f8e8d9a06512ed1fb2711c2931064dced040e6b
Instruction Fuzzy Hash: 7A418071900208EFDB14EFA6C855FDE7B78BF14308F5040AEF905A7192DBB85A49CBA5

Function 00448A02 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00448A0C

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044858D: __EH_prolog3_GS.LIBCMT ref: 00448597

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00415AF8: __EH_prolog3_GS.LIBCMT ref: 00415AFF
Part of subcall function 00415AF8: GetLastError.KERNEL32(0000003C,00487419,?,?,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B2A
Part of subcall function 00415AF8: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415B5B

Strings

@/L, xrefs: 00448B71
@/L, xrefs: 00448AAB

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3_$H_prolog3
String ID: @/L$@/L
API String ID: 532146472-2149722323
Opcode ID: 2419057007edd413de4a836e8799e11adfe51261b0266193b7f58eeb3e85fc13
Instruction ID: c198f020e0f6971eb8d2e7a6f59e3ad4d3f9eca9fb277e50bd290411dd41f504
Opcode Fuzzy Hash: 2419057007edd413de4a836e8799e11adfe51261b0266193b7f58eeb3e85fc13
Instruction Fuzzy Hash: 78418F7090024CEFDB04EFA5CC51BEEB7B8AF14308F5440AEF505A7191DBB45A49CBA6

Function 0040D72B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040D735

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 0040CCC9: __EH_prolog3_GS.LIBCMT ref: 0040CCD0

Strings

@/L, xrefs: 0040D88E
@/L, xrefs: 0040D76A

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: @/L$@/L
API String ID: 1018228973-2149722323
Opcode ID: f3214826c7d32e25d99a4d5f2d29509cf46ea502949dd92aabe24327828c2162
Instruction ID: f3e96a9b1c5ee94a017cf984c8580acd192ed533c3d2df712af9e4e8c3a6aa76
Opcode Fuzzy Hash: f3214826c7d32e25d99a4d5f2d29509cf46ea502949dd92aabe24327828c2162
Instruction Fuzzy Hash: 61416F71D00218DADB14EBE5C895BEDB7B8AF14308F1440AFE509B72C2DB785A48CB69

Function 00449F68 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00449F6F

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 004438E6: __EH_prolog3.LIBCMT ref: 004438ED

Strings

@/L, xrefs: 0044A014
@/L, xrefs: 00449F9D

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3Last$H_prolog3_
String ID: @/L$@/L
API String ID: 2324316964-2149722323
Opcode ID: ade7a60338f3bd49de118d58ac8de6da686e881a088ed4ee298b643c0f545a3f
Instruction ID: 9f8a72cd5f7d63d8783f7abdd9ec31e3226587671b933641772cc610fabe3d4d
Opcode Fuzzy Hash: ade7a60338f3bd49de118d58ac8de6da686e881a088ed4ee298b643c0f545a3f
Instruction Fuzzy Hash: 0441A6B1C00158DBDF00EFA6C9817EEBBB8AF04358F54006EF845A7281DB795A09D7D6

Function 0044131C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00441323

Part of subcall function 004470DB: __EH_prolog3.LIBCMT ref: 004470E2

GetLastError.KERNEL32 ref: 0044135E

Part of subcall function 004496BE: __EH_prolog3.LIBCMT ref: 004496C5

Strings

@/L, xrefs: 004413A4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3$ErrorH_prolog3_Last
String ID: @/L
API String ID: 3513993312-3803013380
Opcode ID: 222134549b8e4e9134974aed2c2e0e4dda34bcfb680ef0454b9a934d3a7205bd
Instruction ID: a6822faebea23b31cebb3d8e97a84fd46868757d8b2f4636a6489de74076ca61
Opcode Fuzzy Hash: 222134549b8e4e9134974aed2c2e0e4dda34bcfb680ef0454b9a934d3a7205bd
Instruction Fuzzy Hash: EE31E6B5801108AAEB01FFA5C842AEE7768AF15318F04405FFC1567292EB7C5A09C7AA

Function 0045C1D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

Strings

M, xrefs: 0045C1D6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: __getptd_noexit
String ID: M
API String ID: 3074181302-1509087228
Opcode ID: 693cf8f50c2d2ef4c46e0acadafdf68216ba883b9e85146a0b5cf68e6333c65e
Instruction ID: 77f910a3bbcbed8837b8a63f03d3c0a7090191525537260bdd11675789150c04
Opcode Fuzzy Hash: 693cf8f50c2d2ef4c46e0acadafdf68216ba883b9e85146a0b5cf68e6333c65e
Instruction Fuzzy Hash: 40216131D00705AFCB216FE6888255E37549F5237AF21469BFD21462A3E77C984C876A

Function 0044E35B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044E362

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0044E43B
@/L, xrefs: 0044E3D3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
String ID: @/L$@/L
API String ID: 2488494826-2149722323
Opcode ID: 77acab1a6253d5b494f7dae62fd435813c880bea41e745796b3b9121a54829a3
Instruction ID: ef1481e25266d948b6393c43e92c709b4072b6a1098b695b46d643c63a6a53be
Opcode Fuzzy Hash: 77acab1a6253d5b494f7dae62fd435813c880bea41e745796b3b9121a54829a3
Instruction Fuzzy Hash: 54319271900208EFCB04EF95C856BDDBB74BF14308F50815EF915A72D1DBB8AA19CB99

Function 004545AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004545B6
GetLastError.KERNEL32 ref: 0045460F

Strings

ROOT, xrefs: 004545DD

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: ROOT
API String ID: 1018228973-543233263
Opcode ID: 564af1a1619fe349ecf5ce2da780116f0326d412402e566de566ce6dc1a1be14
Instruction ID: a72e30c33b607e7bd9919abcdf31c524bed39c0f9cea080ab8243733349ca363
Opcode Fuzzy Hash: 564af1a1619fe349ecf5ce2da780116f0326d412402e566de566ce6dc1a1be14
Instruction Fuzzy Hash: A531C430E00224ABDB24EB658C55F9DB6749F8670AF1440DFA909A7393DB784F88CF59

Function 00431055 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0043106C

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Strings

[System64Folder], xrefs: 00431094
T4L, xrefs: 0043123B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$DirectorySystem
String ID: T4L$[System64Folder]
API String ID: 860285823-4082943317
Opcode ID: 1ba3f65331bed5be072a06162f17bbc58e248f79e9251b40d56254d15f487bee
Instruction ID: 55b16e076b15962c49218c018806c6a9882c7b4b7a85711e0ed8c2afdfe64067
Opcode Fuzzy Hash: 1ba3f65331bed5be072a06162f17bbc58e248f79e9251b40d56254d15f487bee
Instruction Fuzzy Hash: 05311A71910128DADF65EB61CD99BDDB778AB14308F4001EAA109B21E1DF782FC8CF69

Function 00430E6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00430E7B

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Strings

[WindowsFolder], xrefs: 00430EA3
T4L, xrefs: 0043123B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$DirectoryWindows
String ID: T4L$[WindowsFolder]
API String ID: 1506654308-1112927461
Opcode ID: d653501083c682cb5f133983cb950390cc15faabdc82f48431fc670538260353
Instruction ID: 89b35e97953c36c0c500aaf3bfe67ea3c299e85a7021995bbacd034d1468cab1
Opcode Fuzzy Hash: d653501083c682cb5f133983cb950390cc15faabdc82f48431fc670538260353
Instruction Fuzzy Hash: D5311C71910128DADF65EB61CD99BDDB778AF18304F4001EAA109A21A1DF782FC8CF69

Function 00430F62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00430F6E

Part of subcall function 00403FB0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,?,004AC2D8,000000FF), ref: 00403FF3
Part of subcall function 00403FB0: SetLastError.KERNEL32(?,004C2D7C,00000000,?,?,?,?,?,004AC2D8,000000FF), ref: 00404068

Strings

[SystemFolder], xrefs: 00430F96
T4L, xrefs: 0043123B

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$DirectorySystem
String ID: T4L$[SystemFolder]
API String ID: 860285823-3915026093
Opcode ID: d85bc712955c71c23521c499b533fd27064a0b42d8b4105f579b829e1c78fda2
Instruction ID: 03b926b1d8abf5e6845447af4a1ad5e08f5469e5b1756e0fac373cf0d5041f61
Opcode Fuzzy Hash: d85bc712955c71c23521c499b533fd27064a0b42d8b4105f579b829e1c78fda2
Instruction Fuzzy Hash: 1B313D71900159DADF65EB51CD99BDDB378AB14304F4002EEA109A21E1DF782FC8CF69

Function 00419797 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041979E

Strings

0x%04lx.ini, xrefs: 004197EE
@/L, xrefs: 004197DA

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_
String ID: 0x%04lx.ini$@/L
API String ID: 2427045233-110886449
Opcode ID: 3871efbdb603b29ee88f3fbb5cb8359bb8cb663b86de198b21e60d6e5f705e1b
Instruction ID: 493ed48cb11b0250d8142db40f5bd4adf23257ef61bfc5648db907530d0ebf84
Opcode Fuzzy Hash: 3871efbdb603b29ee88f3fbb5cb8359bb8cb663b86de198b21e60d6e5f705e1b
Instruction Fuzzy Hash: 91219E71910104DFCB04FBA5C856AEDBBB8AF14304F04405EF906A7292DB78AE49CBE5

Function 0044575F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00445769

Part of subcall function 0044BDFA: __EH_prolog3.LIBCMT ref: 0044BE01

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044DA4D: __EH_prolog3_GS.LIBCMT ref: 0044DA57

Strings

@/L, xrefs: 0044576E
@/L, xrefs: 004457B3

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3H_prolog3_Last
String ID: @/L$@/L
API String ID: 211087501-2149722323
Opcode ID: fa0682c73637d3e8c9c215619933149f0ed1f2ddfabead287c43fbcb15e647b5
Instruction ID: 8d5e652a65a50ad8ac5bece7f761bf68b3ca9c2509dd4a4a4be9517cf999955c
Opcode Fuzzy Hash: fa0682c73637d3e8c9c215619933149f0ed1f2ddfabead287c43fbcb15e647b5
Instruction Fuzzy Hash: 3E219370801218EAEB00FF66C8567DDBB78AF15348F1000DEE80D67292DB785B4ACBE5

Function 0044CC27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044CC2E

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0044CC62
@/L, xrefs: 0044CCB8

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
String ID: @/L$@/L
API String ID: 2488494826-2149722323
Opcode ID: c90d8369b79694e24c303f80739b47aa86ce62df5aca47eac6c294a493072ddc
Instruction ID: ce2954d176dfd5a42872c9ebec34d82cf022e2d7bfc5e458ef6bc6c89f734795
Opcode Fuzzy Hash: c90d8369b79694e24c303f80739b47aa86ce62df5aca47eac6c294a493072ddc
Instruction Fuzzy Hash: 44217C71900208DFDB00EF94C886F9D7BB4BF04318F54805EF904AB292DBB5AE0ACB95

Function 004460D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004460DE

Part of subcall function 0041525D: __EH_prolog3_GS.LIBCMT ref: 00415264

OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,0000003B), ref: 00446146

Strings

@/L, xrefs: 00446122

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$OpenProcess
String ID: @/L
API String ID: 613148867-3803013380
Opcode ID: 8930d67b3fcf0d77178d0e0d54e02d373bc18db8bf80d3bae97aceb46a325378
Instruction ID: 6809ac3c39ce62b057447d065c9653654fb4517ad2bd6b8c19d1012d270cbf6f
Opcode Fuzzy Hash: 8930d67b3fcf0d77178d0e0d54e02d373bc18db8bf80d3bae97aceb46a325378
Instruction Fuzzy Hash: DD117CB1D00218DADB10EBE2CC56EDEBB78EF45304F50001FE911AB1D2DBB86A06CA59

Function 004266DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004266E1

Strings

T4L, xrefs: 00426703
P/L, xrefs: 004266FC

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_
String ID: P/L$T4L
API String ID: 2427045233-1441100843
Opcode ID: 87057e83cf87df46517fde2c43e6b5b0270849f5c5455f35a03d1bd60b0c8c0a
Instruction ID: 99304e9055aefa7189c6e55fa4fe9fd6751d5f7ff057b6dc98898bdbee2aa1aa
Opcode Fuzzy Hash: 87057e83cf87df46517fde2c43e6b5b0270849f5c5455f35a03d1bd60b0c8c0a
Instruction Fuzzy Hash: 4F118B71A00125DBDB14FF61EA415FEB779BF90308F91401FE815A7181DB787A05CB99

Function 00410833 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041083D

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Part of subcall function 0040D268: __EH_prolog3_GS.LIBCMT ref: 0040D272

Strings

P/L, xrefs: 00410851
T4L, xrefs: 00410858

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: P/L$T4L
API String ID: 1018228973-1441100843
Opcode ID: 1f2b01d8d094cda858db44b3f0613bd6e44da77160557bbbc2a9e009e3dc0354
Instruction ID: 963d95273410679da268312169dcb892db7bd5f4b88bf4ef2fcf12df25607736
Opcode Fuzzy Hash: 1f2b01d8d094cda858db44b3f0613bd6e44da77160557bbbc2a9e009e3dc0354
Instruction Fuzzy Hash: A0115171D00218DFCF14EFA5C895ADD77B8AF05308F1440AEE545A7292DB789A4CCB99

Function 00459607 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0045960E

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Part of subcall function 00408E82: __EH_prolog3.LIBCMT ref: 00408E89
Part of subcall function 00408E82: GetLastError.KERNEL32(00000004,00409E1B,004C2FA0,00000000,0043A706,?,?,00000001), ref: 00408EAB
Part of subcall function 00408E82: SetLastError.KERNEL32(?,00000000), ref: 00408EE3

Part of subcall function 0044C09C: __EH_prolog3_GS.LIBCMT ref: 0044C0A6

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0045962E
@/L, xrefs: 00459665

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3_String$H_prolog3
String ID: @/L$@/L
API String ID: 386487564-2149722323
Opcode ID: a978219c0c86109b85af20e2acac22a7486913d8cd19ce94f529b0760dd4b102
Instruction ID: d2098a5b4ba5c155357ea3c8ccd13fe06b891eb86d38cb2fc70f06973266867b
Opcode Fuzzy Hash: a978219c0c86109b85af20e2acac22a7486913d8cd19ce94f529b0760dd4b102
Instruction Fuzzy Hash: 3F114F71500218DBCB11EFA1C952BEE77B8AF14359F50406FF905A7182DFB89A0EC7A9

Function 0040E3E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0040E3EE

Part of subcall function 00413CE7: __EH_prolog3_GS.LIBCMT ref: 00413CEE

Part of subcall function 00403F50: GetLastError.KERNEL32 ref: 00403F6F
Part of subcall function 00403F50: SetLastError.KERNEL32(?), ref: 00403F9F

Part of subcall function 00404200: GetLastError.KERNEL32 ref: 0040421F
Part of subcall function 00404200: SetLastError.KERNEL32(?), ref: 0040424F

Strings

@/L, xrefs: 0040E481
T4L, xrefs: 0040E432

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_
String ID: @/L$T4L
API String ID: 852442433-842787045
Opcode ID: 189de923b5731c57b67700263a07bbfb5ec848b38d539debeb01787c76b193a8
Instruction ID: aa833aaa5e159750d8e343903cd048e7ec7178dce6d6d96115b1263ee4b86a9a
Opcode Fuzzy Hash: 189de923b5731c57b67700263a07bbfb5ec848b38d539debeb01787c76b193a8
Instruction Fuzzy Hash: F62137B5600246AFC749DF79C480A89FBA8BF1C304F10826FE51DC7202DBB46615CB98

Function 004267A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004267AE

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Strings

P/L, xrefs: 004267DF
T4L, xrefs: 004267E6

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3_
String ID: P/L$T4L
API String ID: 2549205776-1441100843
Opcode ID: 5d71adc4a69efa1c4e7f1c7a72b91f46334501242766fc6e634b6ed9963733bf
Instruction ID: 99f1321e1eb8a844e503e0274bc59d6c221d7a79c315cb59c7afcdddbe6a1c2e
Opcode Fuzzy Hash: 5d71adc4a69efa1c4e7f1c7a72b91f46334501242766fc6e634b6ed9963733bf
Instruction Fuzzy Hash: E8014C76D01224DACB14EEA5CD06B9D767CEF80314F55411FF814AB2C2DBB45F098B58

Function 0040E66A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040E671

Strings

T4L, xrefs: 0040E69B
P/L, xrefs: 0040E6B2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_
String ID: P/L$T4L
API String ID: 2427045233-1441100843
Opcode ID: 671a34622b4cc8dc29eb0f103c3bb7e49eef69770c2f160eb7e1f24a4d18657e
Instruction ID: ab0f8c1c0b55e7c4a036ef254d1e4539c3e857128e00ce9911648e7891446c31
Opcode Fuzzy Hash: 671a34622b4cc8dc29eb0f103c3bb7e49eef69770c2f160eb7e1f24a4d18657e
Instruction Fuzzy Hash: 6F115E70814159DEDF11EBA1CC45BED7BB8BB10308F54442FE501731D2CBB96A4ACBA9

Function 00424095 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00423C2C: __EH_prolog3.LIBCMT ref: 00423C33
Part of subcall function 00423C2C: SysStringLen.OLEAUT32(?), ref: 00423C64

SysStringLen.OLEAUT32(?), ref: 004240AF

Part of subcall function 00417173: GetLastError.KERNEL32 ref: 0041718A
Part of subcall function 00417173: SysFreeString.OLEAUT32(?), ref: 00417197
Part of subcall function 00417173: SetLastError.KERNEL32(?), ref: 004171B1
Part of subcall function 00417173: GetLastError.KERNEL32 ref: 004171C0
Part of subcall function 00417173: SysFreeString.OLEAUT32(?), ref: 004171DD
Part of subcall function 00417173: SetLastError.KERNEL32(?), ref: 004171ED

Part of subcall function 00425270: SysStringLen.OLEAUT32(00000000), ref: 00425280

SysStringLen.OLEAUT32(?), ref: 004240EA

Strings

., xrefs: 004240C9

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: String$ErrorLast$Free$H_prolog3
String ID: .
API String ID: 4143273375-248832578
Opcode ID: 78a252f80f559568b17f0b1fbccfa005552cfa31a7088b8e877c1b98359391f2
Instruction ID: 81ab4b0a7bffd0d075c4cd32ae9a8de5e4199f8fb8b483f49167c83de80620a0
Opcode Fuzzy Hash: 78a252f80f559568b17f0b1fbccfa005552cfa31a7088b8e877c1b98359391f2
Instruction Fuzzy Hash: 1D01A235614224BBCF10EB64EC45FDD7B68EB05328F108617B621A22D1CAB89A84CB58

Function 0040912E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00409135
SetLastError.KERNEL32(00000001,00000000,0043A706,?,?,00000001), ref: 004091A8

Strings

@/L, xrefs: 00409154

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID: @/L
API String ID: 1018228973-3803013380
Opcode ID: f3ba4dabe57ca79f92caaee907b91a709a4a96ca60966b8a7d5d385bf99e15bd
Instruction ID: 291f87a9b9d090ea03861c90a7dd1aae1d6288a807f080f12fe15fb5645a109e
Opcode Fuzzy Hash: f3ba4dabe57ca79f92caaee907b91a709a4a96ca60966b8a7d5d385bf99e15bd
Instruction Fuzzy Hash: EC01D234600204DBD710EF52C940E9E7BB4EF84344F10406FF8016B392DBB9AD06DB98

Function 00441DB1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00441DB8
GetFileAttributesW.KERNEL32(?,00000000,0044233A), ref: 00441DD3

Strings

@/L, xrefs: 00441DF0

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: AttributesFileH_prolog3
String ID: @/L
API String ID: 1973727094-3803013380
Opcode ID: 8e5eadd99c46bf8b0759466d6055c2ddbc85000e3db247a5f5ebae6812f20338
Instruction ID: c77139917c78a6c914c31a06a4d91c7786a85743202fde0c9b4111bd2d566082
Opcode Fuzzy Hash: 8e5eadd99c46bf8b0759466d6055c2ddbc85000e3db247a5f5ebae6812f20338
Instruction Fuzzy Hash: 130184B5500108ABDB00AF66C55268E3BACAF04358F54406FFC499B261DB79CA45CB99

Function 00444363 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0044436A

Part of subcall function 00448D7A: __EH_prolog3_GS.LIBCMT ref: 00448D81
Part of subcall function 00448D7A: RegQueryValueExW.KERNELBASE(?,?,00000000,00000008,00000000,@/L,0000005C,0041AB68,?,-80000001,?,?), ref: 00448DF6

Strings

Software\Microsoft\Internet Explorer, xrefs: 004443B7
Version, xrefs: 004443A2

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3H_prolog3_QueryValue
String ID: Software\Microsoft\Internet Explorer$Version
API String ID: 120832868-2486530099
Opcode ID: 935af105a3f34fd7b500136501f505a3ca7e55754b12084212923ea7f2258a87
Instruction ID: a89cf1324f751ed43803e79ba480f0b812e60ae89e9ddf8a08daddec77b2df58
Opcode Fuzzy Hash: 935af105a3f34fd7b500136501f505a3ca7e55754b12084212923ea7f2258a87
Instruction Fuzzy Hash: 1501AD75E40208BBFB00EAA5C807BEDBA78DB00B05F50005AF9106A1D2C7B90B0887D6

Function 0040E1C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0040E1C8

Part of subcall function 004053A0: GetLastError.KERNEL32(98A63EB4,?,?,?,?,004AC278,000000FF), ref: 004053E2
Part of subcall function 004053A0: SetLastError.KERNEL32(?,00000000,00000000,000000FF,?,?,?,?,004AC278,000000FF), ref: 0040543E

Part of subcall function 0040E2CD: __EH_prolog3.LIBCMT ref: 0040E2D4
Part of subcall function 0040E2CD: GetLastError.KERNEL32(00000004,0040E20C,00000000,00000001,?), ref: 0040E2F6
Part of subcall function 0040E2CD: SetLastError.KERNEL32(?), ref: 0040E322

Part of subcall function 00401AC0: GetLastError.KERNEL32(?,?,0040E566), ref: 00401ACF
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AEB
Part of subcall function 00401AC0: SysFreeString.OLEAUT32(?), ref: 00401AF6
Part of subcall function 00401AC0: SetLastError.KERNEL32(?), ref: 00401B14

Strings

T4L, xrefs: 0040E1DC
P/L, xrefs: 0040E22E

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
String ID: P/L$T4L
API String ID: 2488494826-1441100843
Opcode ID: 3093ca6c4966a3abc2c46a8df837fbfac39e1e3f60d78798ed7314813f98a481
Instruction ID: b992d5ae3fd7f433ae5757d41275618a758aef5e49e6271f058b08e2c547c471
Opcode Fuzzy Hash: 3093ca6c4966a3abc2c46a8df837fbfac39e1e3f60d78798ed7314813f98a481
Instruction Fuzzy Hash: 07011E74910208DBDB14EF52CD41BDDB378BF14318F50402EF8017B282CBB86A09CB98

Function 00440988 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0044098F

Part of subcall function 004090B1: __EH_prolog3_GS.LIBCMT ref: 004090B8

RegCreateKeyW.ADVAPI32(80000001,-00000004,00000000), ref: 004409C7

Strings

SOFTWARE\InstallShield\Cryptography\Trust, xrefs: 004409A5

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: H_prolog3_$Create
String ID: SOFTWARE\InstallShield\Cryptography\Trust
API String ID: 1416351300-595016613
Opcode ID: 74c09a9062affea11a1e435f9f85e384c1148eaf05a43ee6cfe7887486a8cd84
Instruction ID: 3cd6430252965c13d4c24e4f9f2fcb288a12c78750ad77f026ad94d326b7ffd1
Opcode Fuzzy Hash: 74c09a9062affea11a1e435f9f85e384c1148eaf05a43ee6cfe7887486a8cd84
Instruction Fuzzy Hash: 21F0F971800108EFEB14EB91C956FAC7774FF1131AF51041AE941671A2DBB8BE0ACB99

Function 00474D37 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 00474D6B
DName::DName.LIBCMT ref: 00474D77

Strings

{flat}, xrefs: 00474D61

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: 7868612376cb64d86b8e79777ddb747b19d4f69378e9652fbce4eb8a3706dd82
Instruction ID: ac390ed55f030b9492ff35e4992d161fba4c56a2d28e640b3beaf338bbc4769d
Opcode Fuzzy Hash: 7868612376cb64d86b8e79777ddb747b19d4f69378e9652fbce4eb8a3706dd82
Instruction Fuzzy Hash: 53F0A9702002489FD711CB68E4A5BF53BA49B45715F08C097E6DC0F3A6C778D8908B9E

Function 0041A199 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041A1A0

Part of subcall function 00408F6D: __EH_prolog3.LIBCMT ref: 00408F74
Part of subcall function 00408F6D: GetLastError.KERNEL32(00000004,004091E9,00000000,?,00000000,00000000), ref: 00408F96
Part of subcall function 00408F6D: SetLastError.KERNEL32(?,00000000,?), ref: 00408FCF

Part of subcall function 0040B91E: __EH_prolog3_GS.LIBCMT ref: 0040B925

Part of subcall function 00401B80: GetLastError.KERNEL32(?,00000000,00409F66,00000000,?,00000000,?,00000001,00000048,00409E02,004C2FA0,?,00000000,00000000,0000003C,00409181), ref: 00401B8F
Part of subcall function 00401B80: SysFreeString.OLEAUT32(00000000), ref: 00401BAB
Part of subcall function 00401B80: SysFreeString.OLEAUT32(0000002C), ref: 00401BB6
Part of subcall function 00401B80: SetLastError.KERNEL32(?), ref: 00401BD4

Strings

@/L, xrefs: 0041A1C3
data1.hdr, xrefs: 0041A1B4

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast$FreeH_prolog3_String$H_prolog3
String ID: @/L$data1.hdr
API String ID: 386487564-2701889144
Opcode ID: 5356534c9385acdc3935019c9be7c9b922634323dbc80b946c44293bced6f0ee
Instruction ID: 44fac2e72bb5965a96635464470d8abd2e796e271420e83698ce917d9ad6b625
Opcode Fuzzy Hash: 5356534c9385acdc3935019c9be7c9b922634323dbc80b946c44293bced6f0ee
Instruction Fuzzy Hash: 78F01C71910208DBD710EB91C942FEDB3B8EF54309F50406EF901A7181DFB86A0EDB98

Function 004507A3 Relevance: 5.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00450759,?,?,?), ref: 004507A9
GetLastError.KERNEL32(?,?,00450759,?,?,?), ref: 004507B3
SetLastError.KERNEL32(00000000,?,?,00450759,?,?,?), ref: 004507F5
SetLastError.KERNEL32(00000000,?,?,00450759,?,?,?), ref: 004507FF

Memory Dump Source

Source File: 00000000.00000002.2757070442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2757019390.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757172408.00000000004AE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757234907.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.00000000004DC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000509000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2757282902.0000000000519000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Sterownik do drukarki TPCL-drv_2021.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: a21cb247fca51b386554ee18f0614d98c54971491a8e4dfaacd9066de977b60b
Instruction ID: 9492eaaf6a766964385fe8987e04b40be5ef2b8f0ac12adeb4bc4a161b648c8e
Opcode Fuzzy Hash: a21cb247fca51b386554ee18f0614d98c54971491a8e4dfaacd9066de977b60b
Instruction Fuzzy Hash: FAF0903910161597EB242F22C84DB6E7F59AB05316F10442BEC25812A2CB79A899DAAD

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x0409.ini (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\0x08548.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISS8518.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\ISSetup.dll (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat8459.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\dat846A.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.cab (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\data1.hdr (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\lay8458.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\layout.bin (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set84AA.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\set8558.tmp

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.exe (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ilg (copy)

C:\Program Files (x86)\InstallShield Installation Information\{06216D8D-027A-4116-B2E6-32328FA688BC}\setup.ini

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\Driver Wizard.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\PnP Recovery.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA TEC\TPCL Printer Driver\TECDRVIn.lnk

C:\TEC_DRV\Common\Def8579.tmp

Windows Analysis Report
Sterownik do drukarki TPCL-drv_2021.3_M-0_E (1).exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.
Tactics:	Impact
Data Sources:	Cloud Storage: Cloud Storage Modification, Command: Command Execution, File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre