Windows Analysis Report
ElitechLogWin V6.4.6.exe

Overview

General Information

Sample name: ElitechLogWin V6.4.6.exe
Analysis ID: 1529178
MD5: 652fe95cae571a325a6280df4447331c
SHA1: 50881a81da3d08a290765d540642faa3399c06e0
SHA256: fb04a9a86ca842cc76ea7a75a2ef18e85821370893f854f432e8965d1a919433
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Found stalling execution ending in API Sleep call
Yara detected Generic Downloader
Contains functionality to dynamically determine API calls
Contains functionality to read device registry values (via SetupAPI)
Creates files inside the driver directory
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables driver privileges
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Queries device information via Setup API
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: ElitechLogWin V6.4.6.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B97004A400E30DCF940971EFA7A0C13C6B0A4B66 Jump to behavior
Source: ElitechLogWin V6.4.6.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_w2K_x86\i386\CH341PT.pdb3 source: drvinst.exe, 00000008.00000003.1927322790.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp, OLDDDF2.tmp.4.dr
Source: Binary string: e:\j\workspace\cp210x_vcp_driver-windows-build_sandbox\src\sandbox\fixedfunction\host\windows\driver\silabser\objfre_wnet_amd64\amd64\silabser.pdb source: CP210xVCPInstaller_x64.exe, 00000009.00000003.1957349330.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000A.00000003.1973908241.000001C02884A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000A.00000003.1970931813.000001C0287DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: is-69FOL.tmp.1.dr
Source: Binary string: {code:getAppFileDir}\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.00000000022FD000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch341ser\ch341ser_v37\objfre_wnet_AMD64\amd64\CH341S64.pdb source: DRVSETUP64.exe, 00000004.00000003.1913621464.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1932688011.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1928286134.000001C92D260000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch341ser\ch341ser_v37\objfre_w2K_x86\i386\CH341SER.pdb source: DRVSETUP64.exe, 00000004.00000003.1942142456.0000000000653000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sfxcab.pdb source: is-R21KT.tmp.1.dr, is-V65L8.tmp.1.dr
Source: Binary string: C:\ElitechLogWin\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.000000000230C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: e:\j\workspace\cp210x_vcp_driver-windows-build_sandbox\src\sandbox\fixedfunction\host\windows\driver\silabenm\objfre_wnet_amd64\amd64\silabenm.pdb source: drvinst.exe, 0000000A.00000003.1971221732.000001C0287AB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: boxstub.pdb source: is-77COG.tmp.1.dr
Source: Binary string: _std_v172\objfre_wnet_AMD64\amd64\DRVSETUP64.pdb source: DRVSETUP64.exe, DRVSETUP64.exe, 00000004.00000002.1968326299.0000000001001000.00000020.00000001.01000000.00000009.sdmp, DRVSETUP64.exe, 00000004.00000000.1885279785.0000000001001000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: _std_v172\objfre_wnet_AMD64\amd64\DRVSETUP64.pdbL source: DRVSETUP64.exe, 00000004.00000002.1968326299.0000000001001000.00000020.00000001.01000000.00000009.sdmp, DRVSETUP64.exe, 00000004.00000000.1885279785.0000000001001000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: sfxcab.pdbU source: is-R21KT.tmp.1.dr, is-V65L8.tmp.1.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: is-69FOL.tmp.1.dr
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_wnet_AMD64\amd64\CH341PORTSA64.pdb source: drvinst.exe, 00000008.00000003.1932743043.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1929076727.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_wnet_AMD64\amd64\CH341PTA64.pdb source: DRVSETUP64.exe, 00000004.00000003.1913001707.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1932535299.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1926138994.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_w2K_x86\i386\CH341PT.pdb source: drvinst.exe, 00000008.00000003.1927322790.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp, OLDDDF2.tmp.4.dr
Source: Binary string: 6{code:getAppFileDir}\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.1674913728.00000000031A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ElitechLogWin\DL.pdbq02 source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.000000000231A000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: DpInst.pdbH source: CP210xVCPInstaller_x64.exe, 00000009.00000000.1942248903.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp, CP210xVCPInstaller_x64.exe, 00000009.00000002.1999488611.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_w2K_x86\i386\CH341PORTS.pdb source: DRVSETUP64.exe, 00000004.00000003.1963986822.0000000000647000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1965732385.000000000065C000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1962380309.0000000000647000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1943093884.0000000000652000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1948228673.000000000065C000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1957944621.0000000000647000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_wnet_AMD64\amd64\CH341PORTSA64.pdbL source: drvinst.exe, 00000008.00000003.1932743043.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1929076727.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DpInst.pdb source: CP210xVCPInstaller_x64.exe, CP210xVCPInstaller_x64.exe, 00000009.00000000.1942248903.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp, CP210xVCPInstaller_x64.exe, 00000009.00000002.1999488611.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004056B0 FindFirstFileA,GetLastError, 3_2_004056B0
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4x nop then lea rax, qword ptr [rsp+40h] 4_2_01004E10
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4x nop then movzx edx, byte ptr [r11+r8] 4_2_01003230
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4x nop then movzx eax, byte ptr [rdx+rcx] 4_2_01003540
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4x nop then movzx eax, byte ptr [rcx+rdx] 4_2_01004830
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4x nop then lea rdx, qword ptr [00000000010016F0h] 4_2_01003C60

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: C:\ElitechLogWin\is-3KLJS.tmp, type: DROPPED
Source: Yara match File source: C:\ElitechLogWin\is-64LH2.tmp, type: DROPPED
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 171.39.242.20.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: DRVSETUP64.exe, 00000004.00000000.1885279785.0000000001001000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://wch.cn
Source: SETUP.EXE, DRVSETUP64.exe String found in binary or memory: http://wch.cnEmail:
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.2029892490.000000000230D000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.00000000022FD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elitechlog.com/
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.2029892490.000000000230D000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.00000000022FD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elitechlog.com/)
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.1672316556.0000000002480000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.tmp, 00000001.00000003.1674913728.00000000031A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elitechlog.com/4http://www.elitechlog.com/Hhttp://www.elitechlog.com/softwares/
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.2029892490.000000000231C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elitechlog.com/softwares/
Source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.000000000230C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elitechlog.com/softwares/A
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.1673270140.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.exe, 00000000.00000003.1673006158.0000000002480000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.tmp, 00000001.00000000.1673971578.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: ElitechLogWin V6.4.6.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-07HJ6.tmp.1.dr String found in binary or memory: http://www.nlog-project.org/schemas/NLog.xsd
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.1673270140.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.exe, 00000000.00000003.1673006158.0000000002480000.00000004.00001000.00020000.00000000.sdmp, ElitechLogWin V6.4.6.tmp, 00000001.00000000.1673971578.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Drops certificate files (DER)
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\slabvcp.cat (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\slabvcp.cat (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD13C.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\SETE36F.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\SETE7D4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341SER.CAT (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341SER.CAT (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-FE8JT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\is-4T4TN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-VV0UG.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341SER.CAT (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD5FF.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341SER.CAT (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\slabvcp.cat (copy) Jump to dropped file
Creates files inside the driver directory
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDCC5.tmp Jump to behavior
Creates files inside the system directory
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDCC5.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDCC5.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDCE5.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDCE5.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD06.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD06.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDD64.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDD64.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD85.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD85.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD95.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDD95.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDDE4.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDDE4.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDE05.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDE05.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDE25.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDE25.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDEB2.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETDEB2.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDED3.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDED3.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDF03.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETDF03.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE2AD.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE2AD.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE2BE.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE2BE.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE2DE.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE2DE.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE35C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE35C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE37C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE37C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE38D.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE38D.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE3CC.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE3CC.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE40C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE40C.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE44B.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\SETE44B.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE49A.tmp Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\SETE49A.tmp Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ch341ser.inf_amd64_75252babad7f5d99 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem4.inf Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Windows\DPINST.LOG Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_ab8310f5de07b344 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_ab8310f5de07b344\x64 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem5.inf Jump to behavior
Deletes files inside the Windows folder
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File deleted: C:\Windows\System32\drivers\SETDCC5.tmp Jump to behavior
Detected potential crypto function
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00401970 3_2_00401970
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_0040A6DD 3_2_0040A6DD
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_0040AEF7 3_2_0040AEF7
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00404930 3_2_00404930
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00403980 3_2_00403980
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01007400 4_2_01007400
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01005A30 4_2_01005A30
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01003540 4_2_01003540
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01002DE0 4_2_01002DE0
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01006400 4_2_01006400
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01005520 4_2_01005520
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01004830 4_2_01004830
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01003C60 4_2_01003C60
Enables driver privileges
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Process token adjusted: Load Driver Jump to behavior
Found potential string decryption / allocating functions
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: String function: 004051CF appears 35 times
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: String function: 01001328 appears 35 times
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: String function: 01001260 appears 33 times
PE file contains executable resources (Code or Archives)
Source: ElitechLogWin V6.4.6.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: ElitechLogWin V6.4.6.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-7A1RE.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-7A1RE.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.1673006158.0000000002596000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs ElitechLogWin V6.4.6.exe
Source: ElitechLogWin V6.4.6.exe, 00000000.00000003.1673270140.000000007FE32000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs ElitechLogWin V6.4.6.exe
Uses 32bit PE files
Source: ElitechLogWin V6.4.6.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-ACGED.tmp.1.dr, InflaterInputBuffer.cs Cryptographic APIs: 'TransformBlock'
Source: is-ACGED.tmp.1.dr, DeflaterOutputStream.cs Cryptographic APIs: 'TransformBlock'
Source: is-ACGED.tmp.1.dr, ZipAESTransform.cs Cryptographic APIs: 'TransformBlock'
Source: is-4QHAT.tmp.1.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: is-4QHAT.tmp.1.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: classification engine Classification label: sus24.troj.evad.winEXE@11/534@1/0
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\DPINST_LOG_SCROLLER_MUTEX
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Mutant created: NULL
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\DIFX_PROGRAM_FILES_MUTEX
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe File created: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp Jump to behavior
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: SETUP.EXE String found in binary or memory: The drive is successfully Pre-installed in advance!
Source: SETUP.EXE String found in binary or memory: 1. Before operation,first select *.INF from the combo box, the corresponding driver file (SYS, DLL, etc.) should be placed in the same directory; 2. Click [Install] to pre-install the device driver. After plugging in the device, the OS will automatically ins
Source: SETUP.EXE String found in binary or memory: Driver Pre-install failure!
Source: SETUP.EXE String found in binary or memory: 1. Before operation,first select *.INF from the combo box, the corresponding driver file (SYS, DLL, etc.) should be placed in the same directory; 2. Click [Install] to pre-install the device driver. After plugging in the device, the OS will automatically ins
Source: DRVSETUP64.exe String found in binary or memory: 1. Before operation,first select *.INF from the combo box, the corresponding driver file (SYS, DLL, etc.) should be placed in the same directory; 2. Click [Install] to pre-install the device driver. After plugging in the device, the OS will automatically ins
Source: DRVSETUP64.exe String found in binary or memory: mand line implicit installation [ SETUP /S ], command line implicit pre-installation [ SETUP /P ], uninstall [ SETUP /U ].
Source: DRVSETUP64.exe String found in binary or memory: The drive is successfully Pre-installed in advance!
Source: DRVSETUP64.exe String found in binary or memory: Driver Pre-install failure!
Source: DRVSETUP64.exe String found in binary or memory: 1. Before operation,first select *.INF from the combo box, the corresponding driver file (SYS, DLL, etc.) should be placed in the same directory; 2. Click [Install] to pre-install the device driver. After plugging in the device, the OS will automatically ins
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: CP210xVCPInstaller_x64.exe String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: ElitechLogWin V6.4.6.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe File read: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe "C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe"
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Process created: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp "C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp" /SL5="$20444,64977810,121344,C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe"
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process created: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE "C:\ElitechLogWin\Drivers\CH341\SETUP.exe" /S
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Process created: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.EXE \s
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341SER.INF" "9" "4a0278e77" "000000000000015C" "WinSta0\Default" "0000000000000164" "208" "C:\ElitechLogWin\Drivers\CH341\WIN 1X"
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process created: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe "C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe" /S
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "8" "C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\slabvcp.inf" "9" "43ef4524b" "0000000000000168" "WinSta0\Default" "0000000000000118" "208" "c:\elitechlogwin\drivers\cp210x"
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Process created: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp "C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp" /SL5="$20444,64977810,121344,C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process created: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE "C:\ElitechLogWin\Drivers\CH341\SETUP.exe" /S Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process created: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe "C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe" /S Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Process created: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.EXE \s Jump to behavior
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: apphelp.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: acgenral.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: uxtheme.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: winmm.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: samcli.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: msacm32.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: version.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: userenv.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: dwmapi.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: urlmon.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: mpr.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: sspicli.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: winmmbase.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: winmmbase.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: iertutil.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: srvcli.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Section loaded: netutils.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: devobj.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: newdev.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: spinf.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: spfileq.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: version.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: spinf.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: devobj.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Automated click: Next >
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B97004A400E30DCF940971EFA7A0C13C6B0A4B66 Jump to behavior
Source: ElitechLogWin V6.4.6.exe Static file information: File size 65387183 > 1048576
Source: ElitechLogWin V6.4.6.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_w2K_x86\i386\CH341PT.pdb3 source: drvinst.exe, 00000008.00000003.1927322790.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp, OLDDDF2.tmp.4.dr
Source: Binary string: e:\j\workspace\cp210x_vcp_driver-windows-build_sandbox\src\sandbox\fixedfunction\host\windows\driver\silabser\objfre_wnet_amd64\amd64\silabser.pdb source: CP210xVCPInstaller_x64.exe, 00000009.00000003.1957349330.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000A.00000003.1973908241.000001C02884A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000A.00000003.1970931813.000001C0287DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: is-69FOL.tmp.1.dr
Source: Binary string: {code:getAppFileDir}\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.00000000022FD000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch341ser\ch341ser_v37\objfre_wnet_AMD64\amd64\CH341S64.pdb source: DRVSETUP64.exe, 00000004.00000003.1913621464.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1932688011.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1928286134.000001C92D260000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch341ser\ch341ser_v37\objfre_w2K_x86\i386\CH341SER.pdb source: DRVSETUP64.exe, 00000004.00000003.1942142456.0000000000653000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sfxcab.pdb source: is-R21KT.tmp.1.dr, is-V65L8.tmp.1.dr
Source: Binary string: C:\ElitechLogWin\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.000000000230C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: e:\j\workspace\cp210x_vcp_driver-windows-build_sandbox\src\sandbox\fixedfunction\host\windows\driver\silabenm\objfre_wnet_amd64\amd64\silabenm.pdb source: drvinst.exe, 0000000A.00000003.1971221732.000001C0287AB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: boxstub.pdb source: is-77COG.tmp.1.dr
Source: Binary string: _std_v172\objfre_wnet_AMD64\amd64\DRVSETUP64.pdb source: DRVSETUP64.exe, DRVSETUP64.exe, 00000004.00000002.1968326299.0000000001001000.00000020.00000001.01000000.00000009.sdmp, DRVSETUP64.exe, 00000004.00000000.1885279785.0000000001001000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: _std_v172\objfre_wnet_AMD64\amd64\DRVSETUP64.pdbL source: DRVSETUP64.exe, 00000004.00000002.1968326299.0000000001001000.00000020.00000001.01000000.00000009.sdmp, DRVSETUP64.exe, 00000004.00000000.1885279785.0000000001001000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: sfxcab.pdbU source: is-R21KT.tmp.1.dr, is-V65L8.tmp.1.dr
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: is-69FOL.tmp.1.dr
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_wnet_AMD64\amd64\CH341PORTSA64.pdb source: drvinst.exe, 00000008.00000003.1932743043.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1929076727.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_wnet_AMD64\amd64\CH341PTA64.pdb source: DRVSETUP64.exe, 00000004.00000003.1913001707.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1932535299.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1926138994.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xpt\ch343pt_v140\ch341pt\objfre_w2K_x86\i386\CH341PT.pdb source: drvinst.exe, 00000008.00000003.1927322790.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp, OLDDDF2.tmp.4.dr
Source: Binary string: 6{code:getAppFileDir}\DL.pdb source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.1674913728.00000000031A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ElitechLogWin\DL.pdbq02 source: ElitechLogWin V6.4.6.tmp, 00000001.00000003.2025422757.000000000231A000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: DpInst.pdbH source: CP210xVCPInstaller_x64.exe, 00000009.00000000.1942248903.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp, CP210xVCPInstaller_x64.exe, 00000009.00000002.1999488611.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_w2K_x86\i386\CH341PORTS.pdb source: DRVSETUP64.exe, 00000004.00000003.1963986822.0000000000647000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1965732385.000000000065C000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1962380309.0000000000647000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1943093884.0000000000652000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1948228673.000000000065C000.00000004.00000020.00020000.00000000.sdmp, DRVSETUP64.exe, 00000004.00000003.1957944621.0000000000647000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\project\wang\ch34xser\ch34xports\ch34xports_v120\ch341ports\objfre_wnet_AMD64\amd64\CH341PORTSA64.pdbL source: drvinst.exe, 00000008.00000003.1932743043.000001C92D2BE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.1929076727.000001C92D20A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DpInst.pdb source: CP210xVCPInstaller_x64.exe, CP210xVCPInstaller_x64.exe, 00000009.00000000.1942248903.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp, CP210xVCPInstaller_x64.exe, 00000009.00000002.1999488611.00007FF779871000.00000020.00000001.01000000.0000000B.sdmp
Contains functionality to dynamically determine API calls
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004030D0 Sleep,GetDlgItem,EnableWindow,UpdateWindow,MessageBoxA,MessageBoxA,lstrlenA,lstrlenA,MessageBoxA,Sleep,MessageBoxA,Sleep,Sleep,lstrlenA,LoadLibraryA,GetProcAddress,GetLastError,lstrlenA,lstrlenA,lstrlenA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,SetupCopyOEMInfA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA, 3_2_004030D0
Uses code obfuscation techniques (call, push, ret)
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00405150 push eax; ret 3_2_0040517E
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\ICSharpCode.SharpZipLib.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\WdfCoinstaller01009.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDDF2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-7O4QT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\x86\SQLite.Interop.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDD64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-LJB4O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\NPOI.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-GDL1S.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\NLog.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\is-C2G31.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\is-69FOL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341SER.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE37C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\dotNetFx40_Client_x86_x64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-K0HRO.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE3CC.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE36A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-3KLJS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD6FC.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE2CB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341S98.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD15D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD92.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE2A2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x86.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDE12.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\DL.exe (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD75A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\CH341SER.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\WdfCoInstaller01009.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD17D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD66E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-64LH2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-4V221.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE437.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDDD2.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE755.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD7AA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\is-R21KT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-7UN9L.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDED3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\is-DA5P5.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD06.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-UM7HD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\is-L43UA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-9M3SJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-RJR4R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-DH4PP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-J5RC5.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE2AB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDEC0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-QFG43.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\MarkControl.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDE05.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE38D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-ACGED.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE2AD.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\silabser.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\is-TFEFO.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDF03.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE49A.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\silabser.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE224.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE349.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE2F1.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\CH341S98.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD72.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDCC5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-2GNAT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-VJMDN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\is-J0HG7.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE29A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\Users\user\AppData\Local\Temp\is-TN1V0.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Newtonsoft.Json.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe File created: C:\Program Files\DIFX\4A7292F75FEBBD3C\CP210xVCPInstaller_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\WdfCoInstaller01009.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabser.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\is-FOH79.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341S64.SYS (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\WdfCoinstaller01009.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDEF0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\is-77COG.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE40C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe File created: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-19MS8.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD52.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341S98.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-3KCTN.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDE90.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-7A1RE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-4QHAT.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-TKQEB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD95.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-3H8ON.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\wic_x86_chs.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\unins000.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD1CE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\is-0J93G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-6HU8U.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDEB2.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE2DE.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD85.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDDE4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\itextsharp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Ionic.Zip.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341M64.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\wic_x86_enu.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-22UOT.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341S64.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE35C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-I08DP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-VI31J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Async_MessageBox.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\x86\is-4IMP3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-EN453.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341S64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-NM5RC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341S64.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\NGettext.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341M64.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-7B027.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE44B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\is-JET2T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\is-B02VC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Crc32.NET.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\x64\is-P7DP7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-U8CBL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\is-V65L8.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDCE5.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE775.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-23GIR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\silabenm.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x86\silabser.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE2BE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\is-RB961.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-J4G7J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Components\WindowsInstaller-KB893803-v2-x86.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\LumiSoft.Net.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\System.Data.SQLite.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\x64\SQLite.Interop.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD19E.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE476.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE745.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE37A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CP210x\x64\is-7BD1E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341SER.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDE25.tmp Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabser.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\WdfCoinstaller01009.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDDF2.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDD64.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE37C.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDEF0.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE40C.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD52.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE3CC.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE36A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDE90.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD6FC.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE2CB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD95.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD92.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDE12.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDEB2.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE2DE.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD75A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD85.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\CH341SER.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\system32\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD66E.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE437.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDDD2.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE755.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD7AA.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDED3.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDDE4.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDD06.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341S64.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE35C.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE2AB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDEC0.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDE05.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE38D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE2AD.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDF03.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE44B.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETE49A.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDCE5.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE349.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE775.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\Drivers\CH341S98.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETE2BE.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDDD72.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\drivers\SETDCC5.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE476.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE745.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE37A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\Temp\OLDE29A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe File created: C:\Windows\System32\SETDE25.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00403980 GetWindowsDirectoryA,GetPrivateProfileSectionA,GetPrivateProfileSectionA,MessageBoxA,MessageBoxA,GetPrivateProfileSectionA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA, 3_2_00403980
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01003230 memset,memset,memset,memset,GetPrivateProfileSectionA,strchr,strchr,GetPrivateProfileSectionA,lstrlenA,strchr,strchr,memcpy,lstrlenA,lstrlenA,lstrlenA, 4_2_01003230
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01003540 memset,memset,memset,memset,memset,GetPrivateProfileSectionA,MessageBoxA,MessageBoxA,strchr,memcpy,strchr,GetPrivateProfileSectionA,strchr,strchr,memset,memcpy,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA, 4_2_01003540
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01003C60 memset,memset,memset,memset,memset,memset,SetupOpenInfFileA,memset,memset,SetupDiGetActualSectionToInstallA,GetPrivateProfileSectionA,strstr,strstr,strchr,lstrlenA,strchr,lstrlenA,memcpy,lstrlenA,memset,GetPrivateProfileSectionA,lstrlenA,lstrlenA,strchr,memset,memcpy,memset,GetPrivateProfileStringA,GetWindowsDirectoryA,strchr,lstrlenA,GetSystemDirectoryA,strchr,lstrlenA,DeleteFileA,lstrlenA,lstrlenA,lstrlenA,SetupCloseInfFile,lstrlenA, 4_2_01003C60
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElitechLogWin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElitechLogWin\ElitechLogWin.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElitechLogWin\Uninstall ElitechLogWin.lnk Jump to behavior
Source: C:\Users\user\Desktop\ElitechLogWin V6.4.6.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found stalling execution ending in API Sleep call
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Stalling execution: Execution stalls by calling Sleep
Contains functionality to read device registry values (via SetupAPI)
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004044C0 SetupDiGetDeviceRegistryPropertyA, 3_2_004044C0
Found decision node followed by non-executed suspicious APIs
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\ICSharpCode.SharpZipLib.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\WdfCoinstaller01009.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDDF2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\x86\SQLite.Interop.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-7O4QT.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETDD64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-LJB4O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\NPOI.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-GDL1S.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\NLog.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\is-69FOL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341SER.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\is-C2G31.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE37C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\dotNetFx40_Client_x86_x64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE3CC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-K0HRO.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE36A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-3KLJS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD6FC.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE2CB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341S98.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD15D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE2A2.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDD92.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x86.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDE12.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD75A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\DL.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\Drivers\CH341SER.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\system32\CH341SER.VXD (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD17D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\WdfCoInstaller01009.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD66E.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE437.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-4V221.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-64LH2.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE755.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDDD2.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\SETD7AA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\is-R21KT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-7UN9L.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDED3.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDD06.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-UM7HD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\is-L43UA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-9M3SJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-RJR4R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-DH4PP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-J5RC5.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE2AB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDEC0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-QFG43.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\MarkControl.dll (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDE05.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE38D.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-ACGED.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETE2AD.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\silabser.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\is-TFEFO.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETE49A.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDF03.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\silabser.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE224.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE349.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CP210x\CP210xVCPInstaller_x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{2f13b34c-0ba8-f847-b9c7-ad55e9c92521}\x64\SETE2F1.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\Drivers\CH341S98.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDD72.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETDCC5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-VJMDN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-2GNAT.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE29A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Newtonsoft.Json.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TN1V0.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\WdfCoInstaller01009.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabser.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\is-FOH79.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341S64.SYS (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\WdfCoinstaller01009.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\silabenm.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDEF0.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETE40C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\is-77COG.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDD52.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341S98.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-3KCTN.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\system32\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDDE90.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-7A1RE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-4QHAT.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\system32\CH341PORTS.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-TKQEB.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDD95.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-3H8ON.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\wic_x86_chs.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\unins000.exe (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD1CE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\is-0J93G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-6HU8U.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETDEB2.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE2DE.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDD85.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETDDE4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\itextsharp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341M64.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Ionic.Zip.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\wic_x86_enu.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-22UOT.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341S64.SYS (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\SETE35C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-I08DP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Async_MessageBox.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-VI31J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\x86\is-4IMP3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\CH341PT.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-EN453.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341S64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-NM5RC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341S64.SYS (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\NGettext.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341M64.sys (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\CH341PORTSA64.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-7B027.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE44B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\is-JET2T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Crc32.NET.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\is-B02VC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-U8CBL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\x64\is-P7DP7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\is-V65L8.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE775.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDCE5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-23GIR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\silabenm.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341SER.VXD (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x86\silabser.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341PTA64.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETE2BE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\is-RB961.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\is-J4G7J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Components\WindowsInstaller-KB893803-v2-x86.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\LumiSoft.Net.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\x64\SQLite.Interop.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\System.Data.SQLite.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\CH341PT.DLL (copy) Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE476.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{94a1b697-dd28-de4e-a85e-00e6b0e0107b}\SETD19E.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\x64\SETE745.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\Temp\OLDE37A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CH341\WIN 1X\CH341SER.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Dropped PE file which has not been started: C:\ElitechLogWin\Drivers\CP210x\x64\is-7BD1E.tmp Jump to dropped file
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Dropped PE file which has not been started: C:\Windows\System32\SETDE25.tmp Jump to dropped file
Found large amount of non-executed APIs
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE API coverage: 4.3 %
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004056B0 FindFirstFileA,GetLastError, 3_2_004056B0
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00401100 GetFileAttributesA,GetVersionExA,GetWindowsDirectoryA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,GetVersionExA,GetSystemInfo,GetVersionExA,GetVersionExA,GetVersionExA,GetVersionExA,GetVersionExA, 3_2_00401100
Source: ElitechLogWin V6.4.6.tmp, 00000001.00000002.2028198843.000000000079A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ElitechLogWin V6.4.6.tmp, 00000001.00000002.2028198843.000000000079A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: ElitechLogWin V6.4.6.exe Binary or memory string: HgfSIK
Source: is-R21KT.tmp.1.dr Binary or memory string: jqeMU%
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004030D0 Sleep,GetDlgItem,EnableWindow,UpdateWindow,MessageBoxA,MessageBoxA,lstrlenA,lstrlenA,MessageBoxA,Sleep,MessageBoxA,Sleep,Sleep,lstrlenA,LoadLibraryA,GetProcAddress,GetLastError,lstrlenA,lstrlenA,lstrlenA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,SetupCopyOEMInfA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA,MessageBoxA, 3_2_004030D0
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01007E10 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 4_2_01007E10
Queries device information via Setup API
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004044C0 SetupDiGetDeviceRegistryPropertyA, 3_2_004044C0
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PF8BI.tmp\ElitechLogWin V6.4.6.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{4c235721-279b-e440-9ea0-d7fb75483a24}\CH341SER.CAT VolumeInformation Jump to behavior
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{9dbe3dcc-aac2-3347-bacd-266adbab13bb}\slabvcp.cat VolumeInformation Jump to behavior
Source: C:\ElitechLogWin\Drivers\CH341\DRVSETUP64\DRVSETUP64.exe Code function: 4_2_01007D40 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 4_2_01007D40
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_00409018 GetTimeZoneInformation,WideCharToMultiByte,GetWindowsDirectoryA,WideCharToMultiByte,GetWindowsDirectoryA,WideCharToMultiByte, 3_2_00409018
Source: C:\ElitechLogWin\Drivers\CH341\SETUP.EXE Code function: 3_2_004048C0 GetVersion,GetWindowsDirectoryA,MessageBoxA,EndDialog, 3_2_004048C0
Source: C:\Windows\System32\drvinst.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529178 Sample: ElitechLogWin V6.4.6.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 24 70 171.39.242.20.in-addr.arpa 2->70 72 Yara detected Generic Downloader 2->72 9 ElitechLogWin V6.4.6.exe 2 2->9         started        12 drvinst.exe 18 2->12         started        14 drvinst.exe 18 2->14         started        signatures3 process4 file5 52 C:\Users\user\...litechLogWin V6.4.6.tmp, PE32 9->52 dropped 16 ElitechLogWin V6.4.6.tmp 34 262 9->16         started        54 C:\Windows\System32\...\SETD7AA.tmp, PE32+ 12->54 dropped 56 C:\Windows\System32\...\SETD75A.tmp, PE32+ 12->56 dropped 58 C:\Windows\System32\...\SETD6FC.tmp, PE32 12->58 dropped 66 5 other files (none is malicious) 12->66 dropped 60 C:\Windows\System32\...\silabser.sys (copy), PE32+ 14->60 dropped 62 C:\Windows\System32\...\silabenm.sys (copy), PE32+ 14->62 dropped 64 C:\Windows\...\WdfCoinstaller01009.dll (copy), PE32+ 14->64 dropped 68 3 other files (none is malicious) 14->68 dropped process6 file7 28 C:litechLogWin\is-64LH2.tmp, PE32 16->28 dropped 30 C:litechLogWin\is-3KLJS.tmp, PE32 16->30 dropped 32 C:litechLogWin\...\DRVSETUP64.exe (copy), PE32+ 16->32 dropped 34 97 other files (none is malicious) 16->34 dropped 19 SETUP.EXE 16->19         started        21 CP210xVCPInstaller_x64.exe 5 18 16->21         started        process8 file9 24 DRVSETUP64.exe 1 74 19->24         started        36 C:\Users\user\AppData\...\silabser.sys (copy), PE32+ 21->36 dropped 38 C:\Users\user\AppData\...\silabenm.sys (copy), PE32+ 21->38 dropped 40 C:\Users\...\WdfCoinstaller01009.dll (copy), PE32+ 21->40 dropped 42 4 other files (none is malicious) 21->42 dropped process10 file11 44 C:\Windows\system32\CH341SER.VXD (copy), MS-DOS 24->44 dropped 46 C:\Windows\system32\CH341PT.DLL (copy), PE32 24->46 dropped 48 C:\Windows\system32\CH341PORTS.DLL (copy), PE32 24->48 dropped 50 49 other files (none is malicious) 24->50 dropped 74 Found stalling execution ending in API Sleep call 24->74 signatures12
No contacted IP infos

Contacted Domains

Name IP Active
171.39.242.20.in-addr.arpa unknown unknown