Windows Analysis Report
https://download01.logi.com/web/ftp/pub/techsupport/optionsplus/logioptionsplus_installer.exe

Overview

General Information

Sample URL: https://download01.logi.com/web/ftp/pub/techsupport/optionsplus/logioptionsplus_installer.exe
Analysis ID: 1416047
Infos:

Detection

Score: 35
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Found detection on Joe Sandbox Cloud Basic
.NET source code references suspicious native API functions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Modifies existing windows services
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00539EB7 DecryptFileW, 13_2_00539EB7
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 13_2_0055F961
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00539C99 DecryptFileW,DecryptFileW, 13_2_00539C99
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F49EB7 DecryptFileW, 14_2_00F49EB7
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 14_2_00F6F961
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F49C99 DecryptFileW,DecryptFileW, 14_2_00F49C99
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 15_2_00A5F961
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A39C99 DecryptFileW,DecryptFileW, 15_2_00A39C99
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A39EB7 DecryptFileW, 15_2_00A39EB7
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_f90ba2c7-2
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19} Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1028\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1029\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1031\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1036\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1040\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1041\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1042\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1045\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1046\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1049\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1055\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\2052\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\3082\license.rtf Jump to behavior
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: logioptionsplus_installer.exe, vc_redist.x64.exe, 0000000D.00000000.50335860026.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000D.00000002.50389915426.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000E.00000000.50337381117.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, vc_redist.x64.exe, 0000000E.00000002.50386146743.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, VC_redist.x64.exe, 0000000F.00000002.50382879992.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 0000000F.00000003.50349070384.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000000F.00000000.50344640784.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.19.dr
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.19.dr
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.19.dr
Source: Binary string: C:\builds\kiros\kiros\build\x64\logi\installer\Release\logi_installer_shared_optionsplus.pdb source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: d: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00523BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 13_2_00523BC3
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00564315 FindFirstFileW,FindClose, 13_2_00564315
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0053993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 13_2_0053993E
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00557A87 FindFirstFileExW, 13_2_00557A87
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F74315 FindFirstFileW,FindClose, 14_2_00F74315
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F4993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 14_2_00F4993E
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F33BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 14_2_00F33BC3
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F67A87 FindFirstFileExW, 14_2_00F67A87
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A64315 FindFirstFileW,FindClose, 15_2_00A64315
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A3993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 15_2_00A3993E
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A23BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 15_2_00A23BC3
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A57A87 FindFirstFileExW, 15_2_00A57A87
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\NULL Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64 Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64\NULL Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\NULL Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown TCP traffic detected without corresponding DNS query: 23.43.51.132
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /web/ftp/pub/techsupport/optionsplus/logioptionsplus_installer.exe HTTP/1.1Host: download01.logi.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: download01.logi.com
Source: global traffic TCP traffic: 192.168.11.20:52761 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:52761 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:52761 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:52761 -> 239.255.255.250:1900
Source: vc_redist.x64.exe, VC_redist.x64.exe String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: vc_redist.x64.exe, 0000000D.00000000.50335860026.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000D.00000002.50389915426.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000E.00000000.50337381117.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, vc_redist.x64.exe, 0000000E.00000002.50386146743.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, VC_redist.x64.exe, 0000000F.00000002.50382879992.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 0000000F.00000003.50349070384.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000000F.00000000.50344640784.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/MainWindow.xaml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/Resources/DeviceImage1.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/Resources/DeviceImage2.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/Resources/DeviceImage3.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/Resources/DeviceImage4.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/Resources/DeviceImage5.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/logioptionsplus_setup;component/app.xaml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/MainWindow.xaml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/DeviceImage1.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/DeviceImage2.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/DeviceImage3.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/DeviceImage4.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/DeviceImage5.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/app.xaml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/app.baml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/mainwindow.baml
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/deviceimage1.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/deviceimage2.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/deviceimage3.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/deviceimage4.png
Source: logioptionsplus_setup.exe, 0000000C.00000002.50395219687.000001F580001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/deviceimage5.png
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: http://opensource.logitech.com
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: vc_redist.x64.exe, 0000000D.00000002.50390462752.000000000123E000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.exe, 0000000D.00000003.50389226231.000000000123B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.microsoft.c
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://subca.ocsp-certum.com01
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://subca.ocsp-certum.com02
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://subca.ocsp-certum.com05
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://util.logitech.io/brand
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://util.logitech.io/brandhttps://1f180ff7ee13484888aca6ea23e4919f
Source: vc_redist.x64.exe, 0000000E.00000002.50387365161.0000000003670000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.certum.pl/CPS0
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.c
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.com/Lineto.com/Font
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.com/The
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.comht
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.comhttp:
Source: logioptionsplus_installer.exe String found in binary or memory: http://www.lineto.comhttp:/
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.logi.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cpgbackup.logitech.com
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cpgbackup.logitech.comt
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://custom.ultimateears.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://datapipeline.logitech.io
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://datapipeline.logitech.ioB
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://device-compatibility.np.logitech.io
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://id.logi.com/
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://kiros.logitech.io
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://kiros.logitech.iohttps://sandbox.accounts.logi.comhttps://accounts.logi.com547af993-8be7-44a
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://kiros.logitech.iow
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://logi-prestage-65.logitech.com/
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://logi-prestage-65.logitech.com/t
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://logismartactions.uservoice.com/widget_environment/
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://logitech.uservoice.com/widget_environment/
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://logitech.uservoice.com/widget_environment/O
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://logitech.uservoice.com/widget_environment/api_keyOyZTk229rDJKPdsUFvzL5g.jslogitech_macros_us
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://opensource.logitech.com
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://opensource.logitech.com/
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://pro.ultimateears.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raviga-dev.np.logitech.io
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50420168445.000001F5EE269000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sandbox.accounts.logi.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sandbox.id.logi.com/
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sandbox.id.logi.com/K
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stg-datapipeline.np.logitech.io
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://stg-datapipeline.np.logitech.ioE
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stg.optionsbackup.logitech.com
Source: logioptionsplus_installer.exe String found in binary or memory: https://support.logi.com/hc/articles/360025297893
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://support.logicool.co.jp/response-center
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://support.logitech.com/response-center
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://updates-beta.logitech.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://updates.logitech.com
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.logitech.comZ
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://updates.optionsplus.logitechg.com
Source: logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://updates.optionsplus.logitechg.compublicoptionsplus3invalid
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CDA2000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.certum.pl/CPS0
Source: logioptionsplus_installer.exe String found in binary or memory: https://www.logicool.co.jp/
Source: logioptionsplus_installer.exe String found in binary or memory: https://www.logicool.co.jp/assets/65580/logitech-eula.pdf
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logicool.co.jp/footer/subscription-management
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logicool.co.jp/ja-jp/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logicool.co.jp/ja-jp/legal/web-privacy-policy.html
Source: logioptionsplus_installer.exe, logioptionsplus_installer.exe, 0000000B.00000002.50395364097.00007FF61C628000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB986000.00000002.00000001.01000000.00000012.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F591421000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.logitech.com/
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/da-dk/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/de-de/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/de-de/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/de-de/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/el-gr/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/el-gr/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/el-gr/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/en-us/legal/product-privacy-policy.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/en-us/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/en-us/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/en-us/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/es-es/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/es-es/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/es-es/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fi-fi/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fi-fi/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fi-fi/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fr-fr/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fr-fr/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/fr-fr/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/it-it/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/it-it/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/it-it/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/ko-kr/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/ko-kr/legal/web-privacy-policy.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/ko-kr/my-account/email-preferences.html
Source: logioptionsplus_installer.exe String found in binary or memory: https://www.logitech.com/legal/eula.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/legal/product-privacy-policy.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/nl-nl/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/nl-nl/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/nl-nl/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/no-no/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/no-no/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/no-no/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pl-pl/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pl-pl/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pl-pl/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pt-br/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pt-br/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/pt-br/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/sv-se/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/sv-se/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/sv-se/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-cn/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-cn/legal/web-privacy-policy.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-cn/my-account/email-preferences.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-tw/legal/product-privacy-policy/product-privacy-policy-archive.html
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61BC28000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-tw/legal/web-privacy-policy.html
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://www.logitech.com/zh-tw/my-account/email-preferences.html
Source: unknown Network traffic detected: HTTP traffic on port 65527 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55499
Source: unknown Network traffic detected: HTTP traffic on port 60207 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53385 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65527
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53385
Source: unknown Network traffic detected: HTTP traffic on port 62332 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60207
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62332
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61211
Source: unknown Network traffic detected: HTTP traffic on port 55499 -> 443

System Summary
barindex
Found detection on Joe Sandbox Cloud Basic
Source: https://download01.logi.com/web/ftp/pub/techsupport/optionsplus/logioptionsplus_installer.exe Joe Sandbox Cloud Basic: Detection: malicious Score: 48 Threat Name: Analyzer: w10x64 Perma Link
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbdf.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSICCF8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcamp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcomp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\concrt140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_2.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_codecvt_ids.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vccorlib140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbe2.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbe2.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbe3.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{8678BA04-D161-45BE-ACA4-CC5D13073F35} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSID12F.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140chs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140cht.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140deu.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140enu.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140esn.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140fra.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140ita.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140jpn.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140kor.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140rus.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfcm140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfcm140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbe6.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\90cbe6.msi Jump to behavior
Deletes files inside the Windows folder
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe File deleted: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Jump to behavior
Detected potential crypto function
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054C0FA 13_2_0054C0FA
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00526184 13_2_00526184
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055022D 13_2_0055022D
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055A3B0 13_2_0055A3B0
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00550662 13_2_00550662
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0052A7EF 13_2_0052A7EF
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055A85E 13_2_0055A85E
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054F919 13_2_0054F919
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_005369CC 13_2_005369CC
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00550A97 13_2_00550A97
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00552B21 13_2_00552B21
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00552D50 13_2_00552D50
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055ED4C 13_2_0055ED4C
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054FE15 13_2_0054FE15
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F469CC 14_2_00F469CC
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5C0FA 14_2_00F5C0FA
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F36184 14_2_00F36184
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6022D 14_2_00F6022D
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6A3B0 14_2_00F6A3B0
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F60662 14_2_00F60662
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F3A7EF 14_2_00F3A7EF
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6A85E 14_2_00F6A85E
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5F919 14_2_00F5F919
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F60A97 14_2_00F60A97
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F62B21 14_2_00F62B21
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F62D50 14_2_00F62D50
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6ED4C 14_2_00F6ED4C
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5FE15 14_2_00F5FE15
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4C0FA 15_2_00A4C0FA
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A26184 15_2_00A26184
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5022D 15_2_00A5022D
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5A3B0 15_2_00A5A3B0
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A50662 15_2_00A50662
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A2A7EF 15_2_00A2A7EF
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5A85E 15_2_00A5A85E
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A369CC 15_2_00A369CC
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4F919 15_2_00A4F919
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A50A97 15_2_00A50A97
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A52B21 15_2_00A52B21
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5ED4C 15_2_00A5ED4C
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A52D50 15_2_00A52D50
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4FE15 15_2_00A4FE15
Found potential string decryption / allocating functions
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: String function: 0056061A appears 34 times
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: String function: 0056012F appears 678 times
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: String function: 005237D3 appears 496 times
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: String function: 005631C7 appears 85 times
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: String function: 00521F20 appears 54 times
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: String function: 00F731C7 appears 83 times
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: String function: 00F31F20 appears 54 times
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: String function: 00F7061A appears 34 times
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: String function: 00F7012F appears 678 times
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: String function: 00F337D3 appears 496 times
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: String function: 00A237D3 appears 496 times
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: String function: 00A6012F appears 678 times
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: String function: 00A6061A appears 34 times
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: String function: 00A631C7 appears 83 times
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: String function: 00A21F20 appears 54 times
PE file contains executable resources (Code or Archives)
Source: Unconfirmed 521320.crdownload.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
PE file does not import any functions
Source: mfc140rus.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140fra.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140deu.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140ita.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140jpn.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140cht.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140kor.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140enu.dll.19.dr Static PE information: No import functions for PE file found
Source: mfc140esn.dll.19.dr Static PE information: No import functions for PE file found
Source: 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp.0.dr Static PE information: No import functions for PE file found
Source: logioptionsplus_setup.exe.11.dr Static PE information: No import functions for PE file found
Source: mfc140chs.dll.19.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp.0.dr Static PE information: Data appended to the last section found
Tries to load missing DLLs
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dxva2.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wmp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: wmploc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: msi.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: version.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: feclient.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: usoapi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: sxproxy.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: classification engine Classification label: sus35.evad.win@42/120@4/4
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055FD20 FormatMessageW,GetLastError,LocalFree, 13_2_0055FD20
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_005244E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 13_2_005244E9
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F344E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 14_2_00F344E9
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A244E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 15_2_00A244E9
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00562F23 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess, 13_2_00562F23
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00546945 ChangeServiceConfigW,GetLastError, 13_2_00546945
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Mutant created: NULL
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe File created: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: cabinet.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: msi.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: version.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: wininet.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: comres.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: clbcatq.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: msasn1.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: crypt32.dll 13_2_00521070
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Command line argument: feclient.dll 13_2_00521070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: cabinet.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: msi.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: version.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: wininet.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: comres.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: clbcatq.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: msasn1.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: crypt32.dll 14_2_00F31070
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Command line argument: feclient.dll 14_2_00F31070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: cabinet.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: msi.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: version.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: wininet.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: comres.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: clbcatq.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: msasn1.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: crypt32.dll 15_2_00A21070
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Command line argument: feclient.dll 15_2_00A21070
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: logioptionsplus_installer.exe String found in binary or memory: --no-keys-sync-on-install
Source: logioptionsplus_installer.exe String found in binary or memory: no-keys-sync-on-install
Source: logioptionsplus_installer.exe String found in binary or memory: /install /quiet /norestart
Source: logioptionsplus_installer.exe String found in binary or memory: --install-event=
Source: logioptionsplus_installer.exe String found in binary or memory: o-keys-sync-on-install
Source: logioptionsplus_installer.exe String found in binary or memory: -install-event=
Source: logioptionsplus_installer.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vc_redist.x64.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vc_redist.x64.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download01.logi.com/web/ftp/pub/techsupport/optionsplus/logioptionsplus_installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2972 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 /prefetch:8
Source: unknown Process created: C:\Users\user\Downloads\logioptionsplus_installer.exe "C:\Users\user\Downloads\logioptionsplus_installer.exe"
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Process created: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe --install-event=897bbe07-5e15-4275-a4f7-6d424b298ef0.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Process created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528 /install /quiet /norestart
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Process created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe "C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{A922CA2A-29A1-4011-A158-7648632856CA} {2230389D-DB71-45B4-9086-D875DD617B8B} 3740
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2972 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,3226854870238447149,17782080952752134390,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Process created: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe --install-event=897bbe07-5e15-4275-a4f7-6d424b298ef0.optionsplus_install_finish_event Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Process created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528 /install /quiet /norestart Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Process created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe "C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{A922CA2A-29A1-4011-A158-7648632856CA} {2230389D-DB71-45B4-9086-D875DD617B8B} 3740 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Window detected: Number of UI elements: 23
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19} Jump to behavior
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: logioptionsplus_installer.exe, vc_redist.x64.exe, 0000000D.00000000.50335860026.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000D.00000002.50389915426.000000000056B000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.exe, 0000000E.00000000.50337381117.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, vc_redist.x64.exe, 0000000E.00000002.50386146743.0000000000F7B000.00000002.00000001.01000000.0000000B.sdmp, VC_redist.x64.exe, 0000000F.00000002.50382879992.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp, VC_redist.x64.exe, 0000000F.00000003.50349070384.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x64.exe, 0000000F.00000000.50344640784.0000000000A6B000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.19.dr
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.19.dr
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.19.dr
Source: Binary string: C:\builds\kiros\kiros\build\x64\logi\installer\Release\logi_installer_shared_optionsplus.pdb source: logioptionsplus_installer.exe, 0000000B.00000000.50291850932.00007FF61CC33000.00000002.00000001.01000000.00000006.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50397241993.000001F5914F3000.00000004.00000800.00020000.00000000.sdmp, logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ED772000.00000002.00000001.01000000.00000007.sdmp, logioptionsplus_setup.exe, 0000000C.00000002.50435261926.00007FFCDB9B5000.00000002.00000001.01000000.00000012.sdmp
PE file contains an invalid checksum
Source: logi_installer_shared_optionsplus.dll.12.dr Static PE information: real checksum: 0x0 should be: 0x8d34ae
Source: 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp.0.dr Static PE information: real checksum: 0x1d0f3ec should be: 0x12508
PE file contains sections with non-standard names
Source: 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp.0.dr Static PE information: section name: SHARED
Source: 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp.0.dr Static PE information: section name: _RDATA
Source: Unconfirmed 521320.crdownload.0.dr Static PE information: section name: SHARED
Source: Unconfirmed 521320.crdownload.0.dr Static PE information: section name: _RDATA
Source: vc_redist.x64.exe.12.dr Static PE information: section name: .wixburn
Source: logi_installer_shared_optionsplus.dll.12.dr Static PE information: section name: CPADinfo
Source: vc_redist.x64.exe.13.dr Static PE information: section name: .wixburn
Source: VC_redist.x64.exe.14.dr Static PE information: section name: .wixburn
Source: VC_redist.x64.exe.15.dr Static PE information: section name: .wixburn
Source: mfc140.dll.19.dr Static PE information: section name: .didat
Source: mfc140u.dll.19.dr Static PE information: section name: .didat
Source: mfcm140.dll.19.dr Static PE information: section name: .nep
Source: mfcm140u.dll.19.dr Static PE information: section name: .nep
Source: vcomp140.dll.19.dr Static PE information: section name: _RDATA
Source: msvcp140.dll.19.dr Static PE information: section name: .didat
Source: vcruntime140.dll.19.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB342D2A5 pushad ; iretd 12_2_00007FFCB342D2A6
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB3542BC4 pushfd ; ret 12_2_00007FFCB3542BE2
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB3544866 pushad ; retf 5D46h 12_2_00007FFCB3544A2D
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB3542BB8 pushfd ; ret 12_2_00007FFCB3542BC2
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB35416BA push edx; ret 12_2_00007FFCB35416D2
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB35429D1 push edi; ret 12_2_00007FFCB35429D2
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB35448A9 pushad ; retf 5D46h 12_2_00007FFCB3544A2D
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Code function: 12_2_00007FFCB3542911 push esi; ret 12_2_00007FFCB3542912
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E876 push ecx; ret 13_2_0054E889
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5E876 push ecx; ret 14_2_00F5E889
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4E876 push ecx; ret 15_2_00A4E889
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140kor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_codecvt_ids.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140esn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfcm140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140_1.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 521320.crdownload Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\logioptionsplus_installer.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\concrt140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vccorlib140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe File created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe File created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp Jump to dropped file
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe File created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140.dll Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140cht.dll Jump to dropped file
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe File created: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140rus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfcm140.dll Jump to dropped file
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File created: C:\ProgramData\Package Cache\{282975d8-55fe-4991-bbbb-06a72581ce58}\VC_redist.x64.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe File created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe File created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll Jump to dropped file
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File created: C:\ProgramData\Package Cache\{282975d8-55fe-4991-bbbb-06a72581ce58}\VC_redist.x64.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140kor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_codecvt_ids.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140esn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfcm140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_1.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140_1.dll Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\concrt140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vccorlib140.dll Jump to dropped file
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe File created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vcruntime140.dll Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140cht.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc140rus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfcm140.dll Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1028\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1029\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1031\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1036\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1040\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1041\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1042\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1045\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1046\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1049\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\1055\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\2052\license.rtf Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe File created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\3082\license.rtf Jump to behavior
Modifies existing windows services
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {282975d8-55fe-4991-bbbb-06a72581ce58} Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {282975d8-55fe-4991-bbbb-06a72581ce58} Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {282975d8-55fe-4991-bbbb-06a72581ce58} Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {282975d8-55fe-4991-bbbb-06a72581ce58} Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Memory allocated: 1F5EE3F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Memory allocated: 1F5EFE10000 memory reserve | memory write watch Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_2.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140kor.dll Jump to dropped file
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Dropped PE file which has not been started: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_codecvt_ids.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcamp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140esn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\concrt140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\vccorlib140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfcm140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8B783CD72A6EC084E89F6A5EA18EC191\14.24.28127\msvcp140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Dropped PE file which has not been started: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcomp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140cht.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfcm140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc140rus.dll Jump to dropped file
Found evaded block containing many API calls
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Evaded block: after key decision
Found evasive API chain (date check)
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Evasive API call chain: GetLocalTime,DecisionNodes
Found evasive API chain checking for process token information
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0055FE5Dh 13_2_0055FDC2
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0055FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0055FE56h 13_2_0055FDC2
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00F6FE5Dh 14_2_00F6FDC2
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F6FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00F6FE56h 14_2_00F6FDC2
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00A5FE5Dh 15_2_00A5FDC2
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A5FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00A5FE56h 15_2_00A5FDC2
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00523BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 13_2_00523BC3
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00564315 FindFirstFileW,FindClose, 13_2_00564315
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0053993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 13_2_0053993E
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00557A87 FindFirstFileExW, 13_2_00557A87
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F74315 FindFirstFileW,FindClose, 14_2_00F74315
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F4993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 14_2_00F4993E
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F33BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 14_2_00F33BC3
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F67A87 FindFirstFileExW, 14_2_00F67A87
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A64315 FindFirstFileW,FindClose, 15_2_00A64315
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A3993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 15_2_00A3993E
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A23BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 15_2_00A23BC3
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A57A87 FindFirstFileExW, 15_2_00A57A87
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0056962D VirtualQuery,GetSystemInfo, 13_2_0056962D
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\NULL Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64 Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64\NULL Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages Jump to behavior
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe File opened: C:\ProgramData\Package Cache\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}v14.24.28127\packages\NULL Jump to behavior
Source: logioptionsplus_setup.exe, 0000000C.00000000.50308900246.000001F5ECD72000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: AVMcI
Source: logioptionsplus_setup.exe, 0000000C.00000002.50422347125.000001F5F04F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_0054E625
Contains functionality to read the PEB
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00554812 mov eax, dword ptr fs:[00000030h] 13_2_00554812
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F64812 mov eax, dword ptr fs:[00000030h] 14_2_00F64812
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A54812 mov eax, dword ptr fs:[00000030h] 15_2_00A54812
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_005238D4 GetProcessHeap,RtlAllocateHeap, 13_2_005238D4
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_0054E188
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_0054E625
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E773 SetUnhandledExceptionFilter, 13_2_0054E773
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00553BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00553BB0
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 14_2_00F5E188
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 14_2_00F5E625
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F5E773 SetUnhandledExceptionFilter, 14_2_00F5E773
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Code function: 14_2_00F63BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 14_2_00F63BB0
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_00A4E188
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_00A4E625
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A4E773 SetUnhandledExceptionFilter, 15_2_00A4E773
Source: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe Code function: 15_2_00A53BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_00A53BB0
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
.NET source code references suspicious native API functions
Source: logioptionsplus_setup.exe.11.dr, InstallerExternalHelper.cs Reference to suspicious API methods: Core.GetProcAddress(m_module, functionName)
Source: logioptionsplus_setup.exe.11.dr, Bootstrap.cs Reference to suspicious API methods: LoadLibraryW("kernel32.dll")
Source: logioptionsplus_setup.exe.11.dr, MainWindow.cs Reference to suspicious API methods: ((FrameworkElement)this).FindResource((object)"FadeInStoryboard")
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Process created: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Process created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528 /install /quiet /norestart Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Process created: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe "C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{A922CA2A-29A1-4011-A158-7648632856CA} {2230389D-DB71-45B4-9086-D875DD617B8B} 3740 Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Process created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe "c:\windows\temp\{716d2a00-ed5f-4b2e-85fd-2f355fa256a9}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528 /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Process created: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe "c:\windows\temp\{716d2a00-ed5f-4b2e-85fd-2f355fa256a9}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528 /install /quiet /norestart Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_005615CB InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree, 13_2_005615CB
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0056393B AllocateAndInitializeSid,CheckTokenMembership, 13_2_0056393B
Contains functionality to query CPU information (cpuid)
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0054E9A7 cpuid 13_2_0054E9A7
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Queries volume information: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{716D2A00-ED5F-4B2E-85FD-2F355FA256A9}\.cr\vc_redist.x64.exe Queries volume information: C:\Windows\Temp\{209FFBAC-C06D-4197-A955-92B5A16AC523}\.ba\logo.png VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00534CE8 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree, 13_2_00534CE8
Source: C:\Users\user\Downloads\logioptionsplus_installer.exe Code function: 11_2_00007FF61B1E6960 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 11_2_00007FF61B1E6960
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_005260BA GetUserNameW,GetLastError, 13_2_005260BA
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_00568733 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 13_2_00568733
Source: C:\ProgramData\Logishrd\{6b7455ae-a32a-4c6f-8651-da4969097604}_logioptionsplus_setup\vc_redist.x64.exe Code function: 13_2_0052508D GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize, 13_2_0052508D
Source: C:\Users\user\AppData\Local\Temp\logioptionsplus_setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1416047 URL: https://download01.logi.com... Startdate: 26/03/2024 Architecture: WINDOWS Score: 35 69 www.google.com 2->69 71 download01.logi.com 2->71 73 d1q20hs7kavmn5.cloudfront.net 2->73 83 Found detection on Joe Sandbox Cloud Basic 2->83 85 .NET source code references suspicious native API functions 2->85 10 msiexec.exe 278 78 2->10         started        13 logioptionsplus_installer.exe 1 2->13         started        15 chrome.exe 12 2->15         started        18 chrome.exe 2->18         started        signatures3 process4 dnsIp5 53 C:\Windows\System32\vcomp140.dll, PE32+ 10->53 dropped 55 C:\Windows\System32\vcamp140.dll, PE32+ 10->55 dropped 57 C:\Windows\System32\mfcm140u.dll, PE32+ 10->57 dropped 67 21 other files (none is malicious) 10->67 dropped 59 C:\Users\user\...\logioptionsplus_setup.exe, PE32+ 13->59 dropped 20 logioptionsplus_setup.exe 11 13->20         started        79 192.168.11.20, 443, 53385, 55499 unknown unknown 15->79 81 239.255.255.250 unknown Reserved 15->81 61 C:\...\logioptionsplus_installer.exe (copy), PE32+ 15->61 dropped 63 C:\Users\...\Unconfirmed 521320.crdownload, PE32+ 15->63 dropped 65 0d281a76-4c68-45b6-b4fa-575fcee7f44b.tmp, PE32+ 15->65 dropped 23 chrome.exe 15->23         started        26 chrome.exe 15->26         started        28 chrome.exe 15->28         started        30 2 other processes 15->30 file6 process7 dnsIp8 47 C:\ProgramData\Logishrd\...\vc_redist.x64.exe, PE32 20->47 dropped 49 C:\...\logi_installer_shared_optionsplus.dll, PE32+ 20->49 dropped 32 vc_redist.x64.exe 3 20->32         started        75 www.google.com 142.250.72.164, 443, 55499, 61211 GOOGLEUS United States 23->75 77 d1q20hs7kavmn5.cloudfront.net 18.154.132.65, 443, 53385, 60207 AMAZON-02US United States 23->77 file9 process10 file11 41 C:\Windows\Temp\...\vc_redist.x64.exe, PE32 32->41 dropped 35 vc_redist.x64.exe 71 32->35         started        process12 file13 43 C:\Windows\Temp\...\VC_redist.x64.exe, PE32 35->43 dropped 45 C:\Windows\Temp\...\wixstdba.dll, PE32 35->45 dropped 38 VC_redist.x64.exe 25 18 35->38         started        process14 file15 51 C:\ProgramData\...\VC_redist.x64.exe, PE32 38->51 dropped
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.154.132.65
 d1q20hs7kavmn5.cloudfront.net United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.72.164
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.11.20

Contacted Domains

Name IP Active
www.google.com 142.250.72.164 true
d1q20hs7kavmn5.cloudfront.net 18.154.132.65 true
download01.logi.com unknown unknown