File name:

Label Printer Driver-V1.0.10.exe

Full analysis: https://app.any.run/tasks/b57f110e-4ca6-4818-98e2-7c1ead7a9785
Verdict: Malicious activity
Analysis date: May 22, 2025, 14:50:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

AB57CF536ABFB134237E9CBF21B40DFB

SHA1:

0A30BC237FA0230F09628696495E241128074E17

SHA256:

371F5EC09039168595AB4FCEB07CA68BC439C492BA01EF23D63B30206256D1DF

SSDEEP:

98304:vxykG9F1B3rz1Ax8ft4FojxO7YXZhwIhEC6FrYheeSSpZplJqPNbPNLPNfJ2JJF+:qF5xlS9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Adds/modifies Windows certificates

      • certutil.exe (PID: 4868)
      • rundll32.exe (PID: 744)

    • Executable content was dropped or overwritten

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • drvinst.exe (PID: 5936)
      • rundll32.exe (PID: 744)

    • Reads security settings of Internet Explorer

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Creates files in the driver directory

      • drvinst.exe (PID: 5936)

  • INFO

    • Checks supported languages

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • drvinst.exe (PID: 5936)

    • Creates files in the program directory

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • The sample compiled with english language support

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • rundll32.exe (PID: 744)
      • drvinst.exe (PID: 5936)

    • Process checks computer location settings

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 5936)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 744)
      • rundll32.exe (PID: 7292)

    • Reads the software policy settings

      • rundll32.exe (PID: 744)
      • drvinst.exe (PID: 5936)
      • rundll32.exe (PID: 7292)

    • Reads the computer name

      • drvinst.exe (PID: 5936)
      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 5936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:24 06:36:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 806912
InitializedDataSize: 5697024
UninitializedDataSize: -
EntryPoint: 0x8703a
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
17
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start label printer driver-v1.0.10.exe sppextcomobj.exe no specs slui.exe no specs certutil.exe no specs conhost.exe no specs rundll32.exe drvinst.exe rundll32.exe no specs rundll32.exe no specs splwow64.exe no specs rundll32.exe no specs certutil.exe no specs conhost.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs label printer driver-v1.0.10.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
744"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /ia /m "LABEL" /f "C:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.INF"C:\Windows\SysWOW64\rundll32.exe
Label Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
920C:\WINDOWS\splwow64.exe 12288C:\Windows\splwow64.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Print driver host for applications
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\splwow64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1324"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /k /n"LABEL" C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2320"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /ia /m "LABEL" /f "C:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.INF"C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4652\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execertutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4868"C:\Windows\System32\certutil.exe" -addstore "TrustedPublisher" "C:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cer"C:\Windows\SysWOW64\certutil.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5936DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{3723056f-a013-e44d-9b05-82cbee69773b}\labelprinter.inf" "9" "49398086f" "00000000000001E0" "WinSta0\Default" "00000000000001C0" "208" "c:\program files (x86)\printerdriver\labeldriver\driver64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
7012\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execertutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7172"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /k /n"LABEL" C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7220"C:\Windows\System32\certutil.exe" -addstore "TrustedPublisher" "C:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cer"C:\Windows\SysWOW64\certutil.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
13 364
Read events
13 354
Write events
7
Delete events
3

Modification events

(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Value:
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Operation:writeName:Blob
Value:
030000000100000014000000100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D20000000010000000D08000030820809308205F1A003020102021001494A3B652F21ACAB4719D06E0A5C65300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3233303831343030303030305A170D3234303831333233353935395A3082011031133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B88231273025060355040A0C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB83127302506035504030C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB830820222300D06092A864886F70D01010105000382020F003082020A02820201009E47275EC7C16A8556100F53A90DFF31D685356A9B7F5A30289DDB78927A054E05AD7E8AE96F3DFCC3EC50F24E9CFADBFEDCA315641997232049EB601AE319A9D94C6DF902B2BCC160BE04A175C9E377F95C568FC1EE221B602251C10D5FF5CB85EDC380003A9FF74565BFB0583E7423FBAEF8DF4C2F8AD6AD618CA6010358DCF20D5154F5C69A768C716DE1FC8BE571296C784390F3589C186FA386F64EA4E22CD3B0E93137F6B50963AB056CB722B4AA4FEE05E2BC10A656D880C5B4F3027607958434B23973A4A12191408CEE1112EE65200875D50237F42C882443BC74EBF145CCE7C7F3DA5B961C22D9C7009969DA0E180B781CF77DF918AF2A626B2EEDE0A8FAE97C6E54691393EC705F735FB06BC2D41286C8F79C7F7B1ECE2B27CFAFCDA6598B6F9A8B22BC652F6DE98C25E6051CFA40A43DCC88346DD8B9A0A250B4E5D358D7BEED070C06D3E96CE7C7F67377D8BF2DAFE35493DE6889491C87B5989E7375D8ED421BE371DA6CD92FE43A185B5FC008C955486CA0C6C544E280F7F8735605CC0FFA7450B2679DA56355617F5B0C74CCB4DE89CAF6D2B84E1AFF5B0C2166095B4169D288AFC4C9F97402F5F4A05F868E99FF456B062F25DF7C7FEDF3C1307DED839F25A9534CFA384DB9B93F911B5AE6F5C6EE26C5722E62CF21AD3DC29CED334C7648320E32AEB68536AB38DC74C2DD1BE1A60234DBA9CE0924B4930203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E04160414EE4524A57CC442763A117A64B64B4628A4663DF7300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F43505330819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201003F87C5A5925095E8843EAF7506E69D316C406658784DAB175607CB878D9563942D6851FA5093B26A44E9882F12A1ADF71B29F3DFC79E187A75EE25BDD4F4803B6D5FAB28993D998B1191D835FBEDD4CCACF3187D269391266701F416432B4A49B9EED30C3BE262833E0285E29ED1AAF2A91DE60782522D899978E33C3254301E0A786F74548E099D4A1B372D267876D5509480FD7775793B2677FD32A0EEFF782A87AA57039D793EB12306F67119B2079B860829989892BAA7AE74D68CFED5ACDFB7BA5408CB3B435294A281002BFA7635B8B211B4EA6BF5E963EDEA3F672C5DC859D666CD686D56AC8D94AD97E841C05F40FAB39C2797F7A635C902341FDD71A28C4F099E0E87E50ECFBDEDBFBE754793D5362FF38499A2E932905EC457CBC3EFE734BBCA2AE6C5E96569D09C11EF4C940CDE2A27C20978B0944CF60C61BED0782B7ECD1CE03E770959CD91525E18737C905676AF1FF286ECF1924F959BA0279C692195006BE75ADEB4F8AF85809B6016E01F5D4AF1BDBC514C2CCEE5F7CCCB3186C2601D2EDF4CBA6F6A44FB484BB8A3AE4FB4D6A67B6FCFEE8BA66B4E7BD8B1CEEE4296E39E6075857E79CD4EDFC02E8D147C85C83F63B1C8D7EB5EDFA14FA4A081A9E927FB7CCA6F6EF680F2EA9892C0F9B9E5CF86124565289ED0EFCC09A29CA71A40D5F09FAC06CE33FEB0723140A7C4C5930478CAB22790AE2D0D926C
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Value:
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Operation:writeName:Blob
Value:
0F0000000100000020000000DF875AB818C17161B106ED987FFC3F4CC6F066B7E321651E6674A5D08FA37FC2030000000100000014000000100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D20000000010000000D08000030820809308205F1A003020102021001494A3B652F21ACAB4719D06E0A5C65300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3233303831343030303030305A170D3234303831333233353935395A3082011031133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B88231273025060355040A0C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB83127302506035504030C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB830820222300D06092A864886F70D01010105000382020F003082020A02820201009E47275EC7C16A8556100F53A90DFF31D685356A9B7F5A30289DDB78927A054E05AD7E8AE96F3DFCC3EC50F24E9CFADBFEDCA315641997232049EB601AE319A9D94C6DF902B2BCC160BE04A175C9E377F95C568FC1EE221B602251C10D5FF5CB85EDC380003A9FF74565BFB0583E7423FBAEF8DF4C2F8AD6AD618CA6010358DCF20D5154F5C69A768C716DE1FC8BE571296C784390F3589C186FA386F64EA4E22CD3B0E93137F6B50963AB056CB722B4AA4FEE05E2BC10A656D880C5B4F3027607958434B23973A4A12191408CEE1112EE65200875D50237F42C882443BC74EBF145CCE7C7F3DA5B961C22D9C7009969DA0E180B781CF77DF918AF2A626B2EEDE0A8FAE97C6E54691393EC705F735FB06BC2D41286C8F79C7F7B1ECE2B27CFAFCDA6598B6F9A8B22BC652F6DE98C25E6051CFA40A43DCC88346DD8B9A0A250B4E5D358D7BEED070C06D3E96CE7C7F67377D8BF2DAFE35493DE6889491C87B5989E7375D8ED421BE371DA6CD92FE43A185B5FC008C955486CA0C6C544E280F7F8735605CC0FFA7450B2679DA56355617F5B0C74CCB4DE89CAF6D2B84E1AFF5B0C2166095B4169D288AFC4C9F97402F5F4A05F868E99FF456B062F25DF7C7FEDF3C1307DED839F25A9534CFA384DB9B93F911B5AE6F5C6EE26C5722E62CF21AD3DC29CED334C7648320E32AEB68536AB38DC74C2DD1BE1A60234DBA9CE0924B4930203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E04160414EE4524A57CC442763A117A64B64B4628A4663DF7300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F43505330819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201003F87C5A5925095E8843EAF7506E69D316C406658784DAB175607CB878D9563942D6851FA5093B26A44E9882F12A1ADF71B29F3DFC79E187A75EE25BDD4F4803B6D5FAB28993D998B1191D835FBEDD4CCACF3187D269391266701F416432B4A49B9EED30C3BE262833E0285E29ED1AAF2A91DE60782522D899978E33C3254301E0A786F74548E099D4A1B372D267876D5509480FD7775793B2677FD32A0EEFF782A87AA57039D793EB12306F67119B2079B860829989892BAA7AE74D68CFED5ACDFB7BA5408CB3B435294A281002BFA7635B8B211B4EA6BF5E963EDEA3F672C5DC859D666CD686D56AC8D94AD97E841C05F40FAB39C2797F7A635C902341FDD71A28C4F099E0E87E50ECFBDEDBFBE754793D5362FF38499A2E932905EC457CBC3EFE734BBCA2AE6C5E96569D09C11EF4C940CDE2A27C20978B0944CF60C61BED0782B7ECD1CE03E770959CD91525E18737C905676AF1FF286ECF1924F959BA0279C692195006BE75ADEB4F8AF85809B6016E01F5D4AF1BDBC514C2CCEE5F7CCCB3186C2601D2EDF4CBA6F6A44FB484BB8A3AE4FB4D6A67B6FCFEE8BA66B4E7BD8B1CEEE4296E39E6075857E79CD4EDFC02E8D147C85C83F63B1C8D7EB5EDFA14FA4A081A9E927FB7CCA6F6EF680F2EA9892C0F9B9E5CF86124565289ED0EFCC09A29CA71A40D5F09FAC06CE33FEB0723140A7C4C5930478CAB22790AE2D0D926C
(PID) Process:(5936) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:6A9761053F3FABF317D2AA28F299FB8ED5F36656
Value:
(PID) Process:(5936) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6A9761053F3FABF317D2AA28F299FB8ED5F36656
Operation:writeName:Blob
Value:
0300000001000000140000006A9761053F3FABF317D2AA28F299FB8ED5F36656190000000100000010000000A048B05F35F582348B960DE18A975D8A04000000010000001000000037C360AAF02A3F8C8A919F9AEBB2D4B90F0000000100000020000000AE5866745D3AA81987A16057F25CF38570783E1A4CDDBA86A151C82C2680AE0620000000010000001508000030820811308205F9A00302010202100415BEF6CACB52FF2AF82977C7DFB953300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3234303732343030303030305A170D3235303732343233353935395A3082011831133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B882312B3029060355040A132248554E414E205A494A49414E4720454C454354524F4E49435320434F202E2C4C5444312B30290603550403132248554E414E205A494A49414E4720454C454354524F4E49435320434F202E2C4C544430820222300D06092A864886F70D01010105000382020F003082020A0282020100AF0835F680974FB9C481131315CCC090D4FADCB0C5E422352CE6B923A34BFF94AB3993C5DB35C96C17A8DAB3D79A0C6635EB1F6B444683889642358EEA2BA07AC98B82F5734A5B1D7123E9B64D8C3A9F15DB3859C33675399B259FCF3433273D63F5039EEA5BE302885E5ED995BB0BC386089AEAE607B147545022118032E69ECE9881B9EBBBED0C79ED00FB3024A1E705E11D76EBB83DC280162F7ECCE27BE7D0BDB1002A583A44956F7A408EE2F7F76AA6E304317E81F8FC4ECE0F1574B9F952288DABF52504F4C79E0E41FDE903FE2372571D6792E8B236F7F2F10BC1216E608987DBD4550322A6E9C6BE931F67B0490822E05EF2508BFEB16078C9B216C352B9BDF267CEE4C8AB320953EBDAD42FEF113BC71397656A20906AC300950FE4D76C1F299F478E1D3D95C7CD7466323E6A2AEA06E4AD8EAEF4901DD6EC5FF4DC443D17BE249D4DD75EC047050EBC8062ADC3B3201F118EBF198A9A6107CAEF3660C2B3CA1D76D4083E435C23CB0C3F1516986CFD64F727BD2FFAFC5AADA44865B4D113D01BC9C1ACFCA81960D1BF94A651B7D7DF028333FB9D7900B30BF506B6240EAB92725EF5D75FA9FEC631B4B4FD9C26F08FB256D516564F69EC0F20C81B32FA93DC7687D595A195CA2DFA05B625F1D411397364ED78C43DE947E655789C59107263F79BFBDE26B651B55038AFC3C0EA411A2CB049D3928CCEC1B43D510B0203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E0416041441398FC64D57EE38E0CD5DF181F04260A82BE66C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F435053300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C30819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201006F3B7FC5722463714523471B016261104E452D1BB483C1781CD5AE86EE6CADDD199C74EEB6F4A244B7306F8A665412EF8487FAF978A94C75EBE3BCBEE3DE95C680DFAF714368B61582B16FC6F80BA2CFCFDFC0812A6051DD5B9E2DA7B706A26522AF70A57A15CBFDAF8F9C302E03513406F00E74C79856189B47F3E5894A92BC35505DB77DD1F73F8929C1BC157BA0D664B0B7E4C0AAAA8F4E1807E91AC4EA8985CCD660F57C6E4752FED4B3BC6E43907C0F735631792B627C786EC45B8976F585E12246A7012B4DFD17E8FD7D53D1F7C904FF969C16E8EC67DB8B7468D82E3132399D16C93130DE68BA89B740CEAFC749313EB71668D6D7A25BD383EC4A34D014FA5C82B4EC0C9105C2F3B131C578581B2D9188AB7941654FFF4F20CB79C6B2FA37C9304158747CC35765FB1FB4F0EAB3685EACA22731DEDD33B2B284529CC09194AD620E03D103DD31C7D914DF1642BA13B07390FFB8E93DB721D046205E64382556793D364F55B1B6C07DC2B46A90AA28024F65458F4850E2849497B61D99A458FB414B908E913D861BE895F1AB62643141840EE1DDC33A53B1800C74024248C58B9DB2104C2F04D40E2A3086AA9986C1DDC30B22C5A778DBC322229FC302FE6DE4066E5C1B6A1886420D16EB012BBD829BBC7894EA150B0A874117594BAEE24F05E21A22E1CCC2CE0DBAA2FE1155719956660827C5176EC1328DC24A627B
Executable files
13
Suspicious files
15
Text files
13
Unknown types
0

Dropped files

PID
Process
Filename
Type
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.initext
MD5:D36310C944F0CDA27D1EC61025BDE7E6
SHA256:3F43CB2450B1ECDE86FEBF8194BAA833E0243BEAB4B3E300885036F4876FB3FA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.gpdtext
MD5:5F00D9B11AC18358C1D58B94EE696E5F
SHA256:B025A70173D1420670D4AFC47FB9AED915845B1C67090666670BF4DACB51EF98
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.infbinary
MD5:75BC8BC73DCD4B206A686E10FF4EE1E2
SHA256:EFDEA87C044A102167B261CD56691B10B0FD67C15D8EE200152663BC15C675DA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cerbinary
MD5:362E81E515C53D13544B42A72B75DC26
SHA256:A0FC1EC8199DBB804895C96E449630A3A3C08340A62238A968F921497805F356
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.gpdtext
MD5:AA4A7A42700573965A2CBD263DE8DD77
SHA256:ECB9399E5193F8A79B45EBE21167A4AD838C783099D6ACF9D50BBC0D4C2FB845
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LABELUI.dllexecutable
MD5:48099E3C97368906B278B60DA9C5AC0C
SHA256:ED13A749F02097B17D2C13350104EDC24613FA0FB80C93254FFCCD73768EB1FC
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.initext
MD5:D36310C944F0CDA27D1EC61025BDE7E6
SHA256:3F43CB2450B1ECDE86FEBF8194BAA833E0243BEAB4B3E300885036F4876FB3FA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.infbinary
MD5:75BC8BC73DCD4B206A686E10FF4EE1E2
SHA256:EFDEA87C044A102167B261CD56691B10B0FD67C15D8EE200152663BC15C675DA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LABELCORE.dllexecutable
MD5:F873540853AC745EF0C0FF04895DC401
SHA256:FE9C381F197BF13633BEAE91E59E464BB39F4C167D5959721A6AD2F217F11AC2
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LABELUI.DLLexecutable
MD5:1075A786A9D4DEF338DC10BC0EA9D9FE
SHA256:B934B931363F982CD005380F9E22D66A40E94291E2C437E6160E0F386613E03A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
664
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
664
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 20.106.86.13
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.140
  • 20.190.160.67
  • 40.126.32.76
  • 20.190.160.64
  • 20.190.160.17
  • 20.190.160.130
  • 20.190.160.22
  • 20.190.160.4
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Label Printer Driver-V1.0.10.exe