File name:

Label Printer Driver-V1.0.10.exe

Full analysis: https://app.any.run/tasks/b57f110e-4ca6-4818-98e2-7c1ead7a9785
Verdict: Malicious activity
Analysis date: May 22, 2025, 14:50:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

AB57CF536ABFB134237E9CBF21B40DFB

SHA1:

0A30BC237FA0230F09628696495E241128074E17

SHA256:

371F5EC09039168595AB4FCEB07CA68BC439C492BA01EF23D63B30206256D1DF

SSDEEP:

98304:vxykG9F1B3rz1Ax8ft4FojxO7YXZhwIhEC6FrYheeSSpZplJqPNbPNLPNfJ2JJF+:qF5xlS9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Executable content was dropped or overwritten

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • rundll32.exe (PID: 744)
      • drvinst.exe (PID: 5936)

    • Adds/modifies Windows certificates

      • certutil.exe (PID: 4868)
      • rundll32.exe (PID: 744)

    • Reads security settings of Internet Explorer

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Creates files in the driver directory

      • drvinst.exe (PID: 5936)

  • INFO

    • Reads the computer name

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • drvinst.exe (PID: 5936)

    • The sample compiled with english language support

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • rundll32.exe (PID: 744)
      • drvinst.exe (PID: 5936)

    • Creates files in the program directory

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Checks supported languages

      • Label Printer Driver-V1.0.10.exe (PID: 7592)
      • drvinst.exe (PID: 5936)

    • Process checks computer location settings

      • Label Printer Driver-V1.0.10.exe (PID: 7592)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 744)
      • rundll32.exe (PID: 7292)

    • Reads the software policy settings

      • rundll32.exe (PID: 744)
      • rundll32.exe (PID: 7292)
      • drvinst.exe (PID: 5936)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 5936)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 5936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:24 06:36:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 806912
InitializedDataSize: 5697024
UninitializedDataSize: -
EntryPoint: 0x8703a
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
17
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start label printer driver-v1.0.10.exe sppextcomobj.exe no specs slui.exe no specs certutil.exe no specs conhost.exe no specs rundll32.exe drvinst.exe rundll32.exe no specs rundll32.exe no specs splwow64.exe no specs rundll32.exe no specs certutil.exe no specs conhost.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs label printer driver-v1.0.10.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
744"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /ia /m "LABEL" /f "C:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.INF"C:\Windows\SysWOW64\rundll32.exe
Label Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
920C:\WINDOWS\splwow64.exe 12288C:\Windows\splwow64.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Print driver host for applications
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\splwow64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1324"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /k /n"LABEL" C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2320"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /ia /m "LABEL" /f "C:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.INF"C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4652\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execertutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4868"C:\Windows\System32\certutil.exe" -addstore "TrustedPublisher" "C:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cer"C:\Windows\SysWOW64\certutil.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5936DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{3723056f-a013-e44d-9b05-82cbee69773b}\labelprinter.inf" "9" "49398086f" "00000000000001E0" "WinSta0\Default" "00000000000001C0" "208" "c:\program files (x86)\printerdriver\labeldriver\driver64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
7012\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execertutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7172"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /k /n"LABEL" C:\Windows\SysWOW64\rundll32.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7220"C:\Windows\System32\certutil.exe" -addstore "TrustedPublisher" "C:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cer"C:\Windows\SysWOW64\certutil.exeLabel Printer Driver-V1.0.10.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
13 364
Read events
13 354
Write events
7
Delete events
3

Modification events

(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
Operation:writeName:Name
Value:
szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Value:
(PID) Process:(4868) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Operation:writeName:Blob
Value:
030000000100000014000000100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D20000000010000000D08000030820809308205F1A003020102021001494A3B652F21ACAB4719D06E0A5C65300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3233303831343030303030305A170D3234303831333233353935395A3082011031133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B88231273025060355040A0C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB83127302506035504030C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB830820222300D06092A864886F70D01010105000382020F003082020A02820201009E47275EC7C16A8556100F53A90DFF31D685356A9B7F5A30289DDB78927A054E05AD7E8AE96F3DFCC3EC50F24E9CFADBFEDCA315641997232049EB601AE319A9D94C6DF902B2BCC160BE04A175C9E377F95C568FC1EE221B602251C10D5FF5CB85EDC380003A9FF74565BFB0583E7423FBAEF8DF4C2F8AD6AD618CA6010358DCF20D5154F5C69A768C716DE1FC8BE571296C784390F3589C186FA386F64EA4E22CD3B0E93137F6B50963AB056CB722B4AA4FEE05E2BC10A656D880C5B4F3027607958434B23973A4A12191408CEE1112EE65200875D50237F42C882443BC74EBF145CCE7C7F3DA5B961C22D9C7009969DA0E180B781CF77DF918AF2A626B2EEDE0A8FAE97C6E54691393EC705F735FB06BC2D41286C8F79C7F7B1ECE2B27CFAFCDA6598B6F9A8B22BC652F6DE98C25E6051CFA40A43DCC88346DD8B9A0A250B4E5D358D7BEED070C06D3E96CE7C7F67377D8BF2DAFE35493DE6889491C87B5989E7375D8ED421BE371DA6CD92FE43A185B5FC008C955486CA0C6C544E280F7F8735605CC0FFA7450B2679DA56355617F5B0C74CCB4DE89CAF6D2B84E1AFF5B0C2166095B4169D288AFC4C9F97402F5F4A05F868E99FF456B062F25DF7C7FEDF3C1307DED839F25A9534CFA384DB9B93F911B5AE6F5C6EE26C5722E62CF21AD3DC29CED334C7648320E32AEB68536AB38DC74C2DD1BE1A60234DBA9CE0924B4930203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E04160414EE4524A57CC442763A117A64B64B4628A4663DF7300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F43505330819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201003F87C5A5925095E8843EAF7506E69D316C406658784DAB175607CB878D9563942D6851FA5093B26A44E9882F12A1ADF71B29F3DFC79E187A75EE25BDD4F4803B6D5FAB28993D998B1191D835FBEDD4CCACF3187D269391266701F416432B4A49B9EED30C3BE262833E0285E29ED1AAF2A91DE60782522D899978E33C3254301E0A786F74548E099D4A1B372D267876D5509480FD7775793B2677FD32A0EEFF782A87AA57039D793EB12306F67119B2079B860829989892BAA7AE74D68CFED5ACDFB7BA5408CB3B435294A281002BFA7635B8B211B4EA6BF5E963EDEA3F672C5DC859D666CD686D56AC8D94AD97E841C05F40FAB39C2797F7A635C902341FDD71A28C4F099E0E87E50ECFBDEDBFBE754793D5362FF38499A2E932905EC457CBC3EFE734BBCA2AE6C5E96569D09C11EF4C940CDE2A27C20978B0944CF60C61BED0782B7ECD1CE03E770959CD91525E18737C905676AF1FF286ECF1924F959BA0279C692195006BE75ADEB4F8AF85809B6016E01F5D4AF1BDBC514C2CCEE5F7CCCB3186C2601D2EDF4CBA6F6A44FB484BB8A3AE4FB4D6A67B6FCFEE8BA66B4E7BD8B1CEEE4296E39E6075857E79CD4EDFC02E8D147C85C83F63B1C8D7EB5EDFA14FA4A081A9E927FB7CCA6F6EF680F2EA9892C0F9B9E5CF86124565289ED0EFCC09A29CA71A40D5F09FAC06CE33FEB0723140A7C4C5930478CAB22790AE2D0D926C
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Value:
(PID) Process:(744) rundll32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D
Operation:writeName:Blob
Value:
0F0000000100000020000000DF875AB818C17161B106ED987FFC3F4CC6F066B7E321651E6674A5D08FA37FC2030000000100000014000000100FB4B43CF33304F20EFAA96D1E0D2DD07CA77D20000000010000000D08000030820809308205F1A003020102021001494A3B652F21ACAB4719D06E0A5C65300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3233303831343030303030305A170D3234303831333233353935395A3082011031133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B88231273025060355040A0C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB83127302506035504030C1EE6B996E58D97E8B584E6B19FE794B5E5AD90E69C89E99990E585ACE58FB830820222300D06092A864886F70D01010105000382020F003082020A02820201009E47275EC7C16A8556100F53A90DFF31D685356A9B7F5A30289DDB78927A054E05AD7E8AE96F3DFCC3EC50F24E9CFADBFEDCA315641997232049EB601AE319A9D94C6DF902B2BCC160BE04A175C9E377F95C568FC1EE221B602251C10D5FF5CB85EDC380003A9FF74565BFB0583E7423FBAEF8DF4C2F8AD6AD618CA6010358DCF20D5154F5C69A768C716DE1FC8BE571296C784390F3589C186FA386F64EA4E22CD3B0E93137F6B50963AB056CB722B4AA4FEE05E2BC10A656D880C5B4F3027607958434B23973A4A12191408CEE1112EE65200875D50237F42C882443BC74EBF145CCE7C7F3DA5B961C22D9C7009969DA0E180B781CF77DF918AF2A626B2EEDE0A8FAE97C6E54691393EC705F735FB06BC2D41286C8F79C7F7B1ECE2B27CFAFCDA6598B6F9A8B22BC652F6DE98C25E6051CFA40A43DCC88346DD8B9A0A250B4E5D358D7BEED070C06D3E96CE7C7F67377D8BF2DAFE35493DE6889491C87B5989E7375D8ED421BE371DA6CD92FE43A185B5FC008C955486CA0C6C544E280F7F8735605CC0FFA7450B2679DA56355617F5B0C74CCB4DE89CAF6D2B84E1AFF5B0C2166095B4169D288AFC4C9F97402F5F4A05F868E99FF456B062F25DF7C7FEDF3C1307DED839F25A9534CFA384DB9B93F911B5AE6F5C6EE26C5722E62CF21AD3DC29CED334C7648320E32AEB68536AB38DC74C2DD1BE1A60234DBA9CE0924B4930203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E04160414EE4524A57CC442763A117A64B64B4628A4663DF7300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F43505330819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201003F87C5A5925095E8843EAF7506E69D316C406658784DAB175607CB878D9563942D6851FA5093B26A44E9882F12A1ADF71B29F3DFC79E187A75EE25BDD4F4803B6D5FAB28993D998B1191D835FBEDD4CCACF3187D269391266701F416432B4A49B9EED30C3BE262833E0285E29ED1AAF2A91DE60782522D899978E33C3254301E0A786F74548E099D4A1B372D267876D5509480FD7775793B2677FD32A0EEFF782A87AA57039D793EB12306F67119B2079B860829989892BAA7AE74D68CFED5ACDFB7BA5408CB3B435294A281002BFA7635B8B211B4EA6BF5E963EDEA3F672C5DC859D666CD686D56AC8D94AD97E841C05F40FAB39C2797F7A635C902341FDD71A28C4F099E0E87E50ECFBDEDBFBE754793D5362FF38499A2E932905EC457CBC3EFE734BBCA2AE6C5E96569D09C11EF4C940CDE2A27C20978B0944CF60C61BED0782B7ECD1CE03E770959CD91525E18737C905676AF1FF286ECF1924F959BA0279C692195006BE75ADEB4F8AF85809B6016E01F5D4AF1BDBC514C2CCEE5F7CCCB3186C2601D2EDF4CBA6F6A44FB484BB8A3AE4FB4D6A67B6FCFEE8BA66B4E7BD8B1CEEE4296E39E6075857E79CD4EDFC02E8D147C85C83F63B1C8D7EB5EDFA14FA4A081A9E927FB7CCA6F6EF680F2EA9892C0F9B9E5CF86124565289ED0EFCC09A29CA71A40D5F09FAC06CE33FEB0723140A7C4C5930478CAB22790AE2D0D926C
(PID) Process:(5936) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:6A9761053F3FABF317D2AA28F299FB8ED5F36656
Value:
(PID) Process:(5936) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6A9761053F3FABF317D2AA28F299FB8ED5F36656
Operation:writeName:Blob
Value:
0300000001000000140000006A9761053F3FABF317D2AA28F299FB8ED5F36656190000000100000010000000A048B05F35F582348B960DE18A975D8A04000000010000001000000037C360AAF02A3F8C8A919F9AEBB2D4B90F0000000100000020000000AE5866745D3AA81987A16057F25CF38570783E1A4CDDBA86A151C82C2680AE0620000000010000001508000030820811308205F9A00302010202100415BEF6CACB52FF2AF82977C7DFB953300D06092A864886F70D01010B05003069310B300906035504061302555331173015060355040A130E44696769436572742C20496E632E3141303F060355040313384469676943657274205472757374656420473420436F6465205369676E696E67205253413430393620534841333834203230323120434131301E170D3234303732343030303030305A170D3235303732343233353935395A3082011831133011060B2B0601040182373C0201031302434E311A3018060B2B0601040182373C0201020C09E6B996E58D97E79C81311A3018060B2B0601040182373C0201010C09E696B0E982B5E58EBF311D301B060355040F0C1450726976617465204F7267616E697A6174696F6E311B30190603550405131239313433303532324D41345050365933304A310B300906035504061302434E3112301006035504080C09E6B996E58D97E79C813112301006035504070C09E982B5E998B3E5B882312B3029060355040A132248554E414E205A494A49414E4720454C454354524F4E49435320434F202E2C4C5444312B30290603550403132248554E414E205A494A49414E4720454C454354524F4E49435320434F202E2C4C544430820222300D06092A864886F70D01010105000382020F003082020A0282020100AF0835F680974FB9C481131315CCC090D4FADCB0C5E422352CE6B923A34BFF94AB3993C5DB35C96C17A8DAB3D79A0C6635EB1F6B444683889642358EEA2BA07AC98B82F5734A5B1D7123E9B64D8C3A9F15DB3859C33675399B259FCF3433273D63F5039EEA5BE302885E5ED995BB0BC386089AEAE607B147545022118032E69ECE9881B9EBBBED0C79ED00FB3024A1E705E11D76EBB83DC280162F7ECCE27BE7D0BDB1002A583A44956F7A408EE2F7F76AA6E304317E81F8FC4ECE0F1574B9F952288DABF52504F4C79E0E41FDE903FE2372571D6792E8B236F7F2F10BC1216E608987DBD4550322A6E9C6BE931F67B0490822E05EF2508BFEB16078C9B216C352B9BDF267CEE4C8AB320953EBDAD42FEF113BC71397656A20906AC300950FE4D76C1F299F478E1D3D95C7CD7466323E6A2AEA06E4AD8EAEF4901DD6EC5FF4DC443D17BE249D4DD75EC047050EBC8062ADC3B3201F118EBF198A9A6107CAEF3660C2B3CA1D76D4083E435C23CB0C3F1516986CFD64F727BD2FFAFC5AADA44865B4D113D01BC9C1ACFCA81960D1BF94A651B7D7DF028333FB9D7900B30BF506B6240EAB92725EF5D75FA9FEC631B4B4FD9C26F08FB256D516564F69EC0F20C81B32FA93DC7687D595A195CA2DFA05B625F1D411397364ED78C43DE947E655789C59107263F79BFBDE26B651B55038AFC3C0EA411A2CB049D3928CCEC1B43D510B0203010001A3820202308201FE301F0603551D230418301680146837E0EBB63BF85F1186FBFE617B088865F44E42301D0603551D0E0416041441398FC64D57EE38E0CD5DF181F04260A82BE66C303D0603551D20043630343032060567810C01033029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F435053300E0603551D0F0101FF04040302078030130603551D25040C300A06082B060105050703033081B50603551D1F0481AD3081AA3053A051A04F864D687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C3053A051A04F864D687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63726C30819406082B06010505070101048187308184302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305C06082B060105050730028650687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274547275737465644734436F64655369676E696E6752534134303936534841333834323032314341312E63727430090603551D1304023000300D06092A864886F70D01010B050003820201006F3B7FC5722463714523471B016261104E452D1BB483C1781CD5AE86EE6CADDD199C74EEB6F4A244B7306F8A665412EF8487FAF978A94C75EBE3BCBEE3DE95C680DFAF714368B61582B16FC6F80BA2CFCFDFC0812A6051DD5B9E2DA7B706A26522AF70A57A15CBFDAF8F9C302E03513406F00E74C79856189B47F3E5894A92BC35505DB77DD1F73F8929C1BC157BA0D664B0B7E4C0AAAA8F4E1807E91AC4EA8985CCD660F57C6E4752FED4B3BC6E43907C0F735631792B627C786EC45B8976F585E12246A7012B4DFD17E8FD7D53D1F7C904FF969C16E8EC67DB8B7468D82E3132399D16C93130DE68BA89B740CEAFC749313EB71668D6D7A25BD383EC4A34D014FA5C82B4EC0C9105C2F3B131C578581B2D9188AB7941654FFF4F20CB79C6B2FA37C9304158747CC35765FB1FB4F0EAB3685EACA22731DEDD33B2B284529CC09194AD620E03D103DD31C7D914DF1642BA13B07390FFB8E93DB721D046205E64382556793D364F55B1B6C07DC2B46A90AA28024F65458F4850E2849497B61D99A458FB414B908E913D861BE895F1AB62643141840EE1DDC33A53B1800C74024248C58B9DB2104C2F04D40E2A3086AA9986C1DDC30B22C5A778DBC322229FC302FE6DE4066E5C1B6A1886420D16EB012BBD829BBC7894EA150B0A874117594BAEE24F05E21A22E1CCC2CE0DBAA2FE1155719956660827C5176EC1328DC24A627B
Executable files
13
Suspicious files
15
Text files
13
Unknown types
0

Dropped files

PID
Process
Filename
Type
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\hhzj.cerbinary
MD5:362E81E515C53D13544B42A72B75DC26
SHA256:A0FC1EC8199DBB804895C96E449630A3A3C08340A62238A968F921497805F356
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.infbinary
MD5:75BC8BC73DCD4B206A686E10FF4EE1E2
SHA256:EFDEA87C044A102167B261CD56691B10B0FD67C15D8EE200152663BC15C675DA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\LabelPrinter.initext
MD5:D36310C944F0CDA27D1EC61025BDE7E6
SHA256:3F43CB2450B1ECDE86FEBF8194BAA833E0243BEAB4B3E300885036F4876FB3FA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.infbinary
MD5:75BC8BC73DCD4B206A686E10FF4EE1E2
SHA256:EFDEA87C044A102167B261CD56691B10B0FD67C15D8EE200152663BC15C675DA
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LABELCORE.dllexecutable
MD5:0EFDCA877E44F3F977B277702292CDF6
SHA256:C2FAEBF15BCD20A9853280533A105B0E2E6281A41D962256B06D63259E322001
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver64\printer.catbinary
MD5:F579569390F1E32B09F50ECD4C5897E4
SHA256:7657DCBB1D42750A7847AAA7B7233526CD24BC246F44A6DEFE77B9A6130F8E61
744rundll32.exeC:\Windows\INF\setupapi.dev.logtext
MD5:37804ADE6388049A3CB5D47B4EF48BA8
SHA256:1C512BE1BBA16E76C7F79A2DD79419206841233C8BC711C80C123FE54A9A2918
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.gpdtext
MD5:AA4A7A42700573965A2CBD263DE8DD77
SHA256:ECB9399E5193F8A79B45EBE21167A4AD838C783099D6ACF9D50BBC0D4C2FB845
7592Label Printer Driver-V1.0.10.exeC:\Program Files (x86)\PrinterDriver\LabelDriver\Driver32\LabelPrinter.initext
MD5:D36310C944F0CDA27D1EC61025BDE7E6
SHA256:3F43CB2450B1ECDE86FEBF8194BAA833E0243BEAB4B3E300885036F4876FB3FA
744rundll32.exeC:\Windows\INF\ntprint.PNFbinary
MD5:847C360668BF02CD56C0A82A22139911
SHA256:32E47364B8C87AD6CFECCA552B4EB0690946933041FA75C888D860914945D67F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
664
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
664
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 20.106.86.13
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.140
  • 20.190.160.67
  • 40.126.32.76
  • 20.190.160.64
  • 20.190.160.17
  • 20.190.160.130
  • 20.190.160.22
  • 20.190.160.4
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Label Printer Driver-V1.0.10.exe