
"" created file "%TEMP%\7zSF113.tmp\圆4\Components\logpanel1.dll\logpanel1.cdx"


"" created file "%TEMP%\7zSF113.tmp\圆4\Components\logit3.dll\logit3.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\library.dll\library.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\host.dll\host.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\hhdusbh.sys\hhdusbh.inf" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\hhdusbh.sys-catalog10\hhdusbh_x86.cat" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\hhdusbh.sys-catalog10\hhdusbh_圆4.cat" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\hhdusbh.sys-catalog\hhdusbh_x86.cat" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\hhdusbh.sys-catalog\hhdusbh_圆4.cat" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\freelayout\free_monitoring.dmsdwc" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\freelayout\free_idle.dmsdwc" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\exporters.dll\exporters.cdx"

"" created file "%TEMP%\7zSF113.tmp\圆4\Components\dsc.dll\dsc.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\deflayout\default_monitoring.dmsdwc" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\deflayout\default_idle.dmsdwc" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\custom.dll\custom.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\binding.dll\binding.cdx" "" created file "%TEMP%\7zSF113.tmp\圆4\Components\bcontrol.dll\bcontrol.cdx" Reads the registry for installed applications Possibly tries to detect the presence of a from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show at at at at at at at at at at at at at 49788-1017-000000014002AE44 Source Hybrid Analysis Technology relevance 10/10 Which is directly followed by "cmp dword ptr, eax" and "jg 000000014000344Ch". Which is directly followed by "cmp dword ptr, esi" and "je 0000000140002F22h". Which is directly followed by "cmp dword ptr, ebp" and "je 004022F8h". Which is directly followed by "cmp dword ptr, eax" and "jnle 004026FDh". Which is directly followed by "cmp edx, esi" and "jne 0041A681h". Source Hybrid Analysis Technology relevance 1/10įound strings in conjunction with a procedure lookup that resolve to a known API export symbolįound API call (Target: "setup.exe" Stream UID: "00020635-00002752-2085A62B") "setup.exe" has type "PE32+ executable (GUI) x86-64 for MS Windows"įound potential IP address in from free-usb-analyzer.exe (PID: 3496) ( Show from free-usb-analyzer.exe (PID: 3496) ( Show from free-usb-analyzer.exe (PID: 3496) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show from setup.exe (PID: 2752) ( Show at at at at at at at at 43783-2319-000000018002ED4C "setup.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" "api-ms-win-core-errorhandling-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"

"vcruntime140.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "concrt140.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows" "api-ms-win-core-timezone-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "usbraw.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows" "api-ms-win-crt-multibyte-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "api-ms-win-crt-environment-l1-1-0.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows" "api-ms-win-core-synch-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "api-ms-win-crt-heap-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "api-ms-win-crt-heap-l1-1-0.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows" "api-ms-win-crt-time-l1-1-0.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "api-ms-win-core-rtlsupport-l1-1-0.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"
