AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Customizedlg advanced installer11/8/2022 ![]() Source Hybrid Analysis Technology relevance 1/10įound strings in conjunction with a procedure lookup that resolve to a known API export symbolįound reference to API from ltanalyzer_28r2.exe (PID: 3124) ( Show Stream)įound reference to API from ltanalyzer_28r2.exe (PID: 2120) ( Show Stream) Reads the cryptographic machine from ltanalyzer_28r2.exe (PID: 3124) ( Show from ltanalyzer_28r2.exe (PID: 3124) ( Show from ltanalyzer_28r2.exe (PID: 3124) ( Show from ltanalyzer_28r2.exe (PID: 3124) ( Show from ltanalyzer_28r2.exe (PID: 3124) ( Show from ltanalyzer_28r2.exe (PID: 2120) ( Show from ltanalyzer_28r2.exe (PID: 2120) ( Show from ltanalyzer_28r2.exe (PID: 2120) ( Show from ltanalyzer_28r2.exe (PID: 2120) ( Show at at 62866A57 "u}|}sEEEPMQUREPMQE]UEE}t"M-UUEMEMUUE3QPUREP1EM3RQEPMQa1EU}vUWEMMU0EMM}wr}wUEEMUEMEMUUEEM Mr]UjEPMQUREPE]U0EEMM}uh (Indicator: "qemu") "tREUREPMQR]UExu3QEMu EMUREPMQDREUUEMMuE]L$W|$VStt9u~3tGt!ttu" (Indicator: "qemu") "_^UQEMU:csmu1Exu(My tUz!uExu3]UjhNhbdPd%SVWeExt#MQBtMyuU%u.MtEEMQELMEUtXjMQRLt9jEPt'MUBMQUPMUtxjMQRtYjEPYtGMQREHQURExu"M9tUREQU"Exu]jMQRit>jEPt,MQREPMQR?PEPjMQRjEPwtqMQRt^Et jUREHQPUBPMQ}'UREHQPUBPMQ^EeMd" (Indicator: "qemu") "dQUBExu3vjh hjMAUzuEHQjdR39EMAUB,MQE]U,EHMUBEE}|MMUUEiMDUEEE}?} sZMEM#TDEMTDUUB,MMAUUBuME#MfM EM#EMUUB,MMAUUBuM E#PMQUBMQPEHUBAMM MM}>UUUEE}?vE?MUEMUBAMUQEMHUBMHUEJ H} sWUUBMMQMMQuMEMMEMTDEMTDcUUBMMQMMQuM EPMQM EMEMUEMMUQEMUEEPM MUEMUUJEEEM MMUU}?vE?E1MM}?vE?UEJ H} sZMEM#TDEMTDUUB,MMAUUBuME#MfM EM#EMUUB,MMAUUBuM E#PMQUBMQPEHUBAMMMUU}?vE?EMUEMQPEMHUEBMQEBMUA B} sWMMQEEHEEHuMEMMEMTDEMTDcUUBMMQMMQuM EPMQM (Indicator: "qemu") "hvjjM0jjMEEu}htPQeMuhQSP$E(]tYMFEM EMWW" (Indicator: "qemu") Tries to access unusual system drive letters Spawned process "cmd.exe" with commandline "del "%TEMP%\" """ ( Show Process) Spawned process "cmd.exe" with commandline "cls""" ( Show Process) Spawned process "attrib.exe" with commandline "%TEMP%\" "" ( Show Process) Spawned process "attrib.exe" with commandline "\\?\%APPDATA%\LOGTAG~1\LOGTAG~1.2\install\2858261\LOGTAG~1.MSI" "" ( Show Process) Spawned process "cmd.exe" with commandline ""%TEMP%\" """ ( Show Process) ![]() USBInterfaceCradle_3" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_LOGFILELOCATION="%APPDATA%\" AI_INSTALL="1"" ( Show Process) ![]() Spawned process "" with commandline "/i "%APPDATA%\LogTag Recorders\LogTag Analyzer 2.8.2\install\2858261\LogTag Analyzer2.8.msi" APPDIR="%PROGRAMFILES%\LogTag Recorders\LogTag Analyzer" CLIENTPROCESSID="3124" SECONDSEQUENCE="1" CHAINERUIPROCESSID="3124Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="Feature ![]()
0 Comments
Read More
Leave a Reply. |