Joe Sandbox Cloud Basic Analysis Report
Play interactive tourEdit tour

Analysis Report https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe

Overview

General Information

Sample URL:https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe
Analysis ID:378606
Infos:

Most interesting Screenshot:

Detection

Score:10
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")



Startup

  • System is w10x64
  • cmd.exe (PID: 6236 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 6292 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • Capture_2.06.8.exe (PID: 5140 cmdline: 'C:\Users\user\Desktop\download\Capture_2.06.8.exe' MD5: 126060B7D52046D8F218CAAFC7BABEF8)
    • LCaptureInstallerUI.exe (PID: 6880 cmdline: 'C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe' MD5: 11CAB5B78DBCBB021E687C5269C4F232)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

  • Compliance
  • Spreading
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • E-Banking Fraud
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\da\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\de\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\el\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License_logicool.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\es\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fi\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fr\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\it\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ja\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ko\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\nl\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\no\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pl\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-BR\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-PT\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ru\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\sv\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-CN\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-TW\License.rtfJump to behavior
Source: Binary string: D:\Projects\XSplit_git\cppcore\Components\LogitechInstallerDll\Release\LogitechInstallerDll.pdb source: Capture_2.06.8.exe, 0000000F.00000002.680914436.000000007099C000.00000002.00020000.sdmp
Source: Binary string: e:\Builds\Kamino\Kamino_2.06\2.06.8\Install\LCaptureInstallerUI\LCaptureInstallerUI\obj\x64\Release\LCaptureInstallerUI.pdb source: LCaptureInstallerUI.exe
Source: Binary string: D:\Repositories\cppcore\bin\release\x64\VHMultiWriterExt2.pdb source: VHMultiWriterExt2.exe.15.dr
Source: Binary string: DpInst.pdbH source: dpinst.exe.15.dr
Source: Binary string: DpInst.pdb source: dpinst.exe.15.dr
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040287E FindFirstFileW,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_004063F1 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040589F GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wget.exe, 00000002.00000002.352957999.0000000000D18000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682557789.0000000003D79000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-light.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-regular.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-thin.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/Resources/Images/Icons/Kamino124/Kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/analytics.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/kamino124Done.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/pages/analytics.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/pages/closeapps.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/pages/finished.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/LCaptureInstallerUI;component/pages/install.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/Resources/Fonts/brownpro-bold.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/Resources/Fonts/brownpro-bold.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/Resources/Fonts/brownpro-light.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/Resources/Fonts/brownpro-regular.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://defaultcontainer/Resources/Fonts/brownpro-thin.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Fonts/brownpro-bold.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Fonts/brownpro-bold.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Fonts/brownpro-light.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Fonts/brownpro-regular.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Fonts/brownpro-thin.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/Resources/Images/Icons/Kamino124/Kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/analytics.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/analytics.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/kamino124done.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/pages/analytics.baml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/pages/closeapps.baml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/pages/finished.baml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/pages/install.baml
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/fonts/brownpro-bold.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/fonts/brownpro-bold.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/fonts/brownpro-light.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/fonts/brownpro-regular.ttf
Source: LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/fonts/brownpro-thin.otf
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/bar/resources/images/icons/kamino124/kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/kamino124.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/kamino124Done.png
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/pages/analytics.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/pages/closeapps.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/pages/finished.xaml
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://foo/pages/install.xaml
Source: Capture_2.06.8.exe, 0000000F.00000000.411376593.000000000040A000.00000008.00020000.sdmp, Capture_2.06.8.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://ocsp.digicert.com0C
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://ocsp.digicert.com0H
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://ocsp.digicert.com0I
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://ocsp.digicert.com0O
Source: License.rtf2.15.drString found in binary or memory: http://opensource.logitech.com
Source: License.rtf8.15.dr, License.rtf.15.dr, License.rtf7.15.drString found in binary or memory: http://pugixml.org)
Source: License.rtf1.15.dr, License.rtf15.15.dr, License.rtf6.15.dr, License.rtf4.15.dr, License.rtf10.15.dr, License.rtf0.15.dr, License.rtf14.15.dr, License.rtf9.15.dr, License.rtf3.15.drString found in binary or memory: http://pugixml.org).
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://support.logicool.co.jp/
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://support.logicool.co.jp/article/logitechflow-help
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://support.logitech.com/
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://support.logitech.com/article/logitechflow-help
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://support.logitech.com/software/capture
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://www.digicert.com/CPS0
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: LCaptureInstallerUI.exeString found in binary or memory: http://www.lineto.c
Source: LCaptureInstallerUI.exeString found in binary or memory: http://www.lineto.com
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.699148830.0000000022E72000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpString found in binary or memory: http://www.lineto.com/Lineto.com/Font
Source: LCaptureInstallerUI.exe, LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.699148830.0000000022E72000.00000004.00000001.sdmpString found in binary or memory: http://www.lineto.com/The
Source: LCaptureInstallerUI.exeString found in binary or memory: http://www.lineto.comht
Source: LCaptureInstallerUI.exeString found in binary or memory: http://www.lineto.comhttp:
Source: LCaptureInstallerUI.exeString found in binary or memory: http://www.lineto.comhttp:/
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://www.lineto.comhttp://www.lineto.com/The
Source: LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://www.lineto.comhttp://www.lineto.comhttp://www.lineto.com/The
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://www.logicool.co.jp/
Source: LCaptureInstallerUI.exe, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: http://www.logitech.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://www.logitech.com/
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: http://www.logitech.com/assets/65580/logitech-eula.pdf
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: wget.exe, 00000002.00000002.352998436.00000000015A0000.00000004.00000040.sdmp, cmdline.out.2.drString found in binary or memory: https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe
Source: VHMultiWriterExt2.exe.15.drString found in binary or memory: https://www.digicert.com/CPS0
Source: LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpString found in binary or memory: https://www.logicool.co.jp/legal/product-privacy-policy.html
Source: License.rtf2.15.drString found in binary or memory: https://www.logitech.com/en-ch/legal/product-privacy-policy.html
Source: LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpString found in binary or memory: https://www.logitech.com/legal/product-privacy-policy.html
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040534C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\luvc1564c.catJump to dropped file
Source: C:\Windows\SysWOW64\wget.exeProcess Stats: CPU usage > 98%
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_004032FE EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_00406776
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_00404B89
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_709918F6
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70996494
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70997680
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_709993D1
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70997BF2
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_7099A33D
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70998164
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF1930A6D
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF1937DDB
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF19320CB
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF1931D0D
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF1932660
Source: Capture_2.06.8.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: classification engineClassification label: clean10.win@7/54@0/2
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_004032FE EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040460D GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_00402104 CoCreateInstance,
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\LogiCaptureInstaller{25AB561A-6021-4379-96FF-8949DCE5D718-Open}
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeMutant created: \Sessions\1\BaseNamedObjects\Capture-{0D8F81A5-E8E7-4798-99B8-62A3EC6FB42D}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6252:120:WilError_01
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\nsa77C6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: LCaptureInstallerUI.exeString found in binary or memory: /LCaptureInstallerUI;component/pages/install.xaml
Source: LCaptureInstallerUI.exeString found in binary or memory: mere at vide om %BrandName%s</String> <String key="Analytics:PrivacyPolicy"> politik om beskyttelse af personlige oplysninger</String> <String key="Analytics:WelcomeEULA">Slutbrugerlicensaftalen</String> <!--Installing Page--> <String key="In
Source: LCaptureInstallerUI.exeString found in binary or memory: ing> <!--Install Completed Page--> <String key="Installed">ist installiert</String> <String key="MoreInformation">Weitere Informationen finden Sie auf der Support-Seite</String> <String key="Continue">WEITER</String> <String key="OpenApp">
Source: LCaptureInstallerUI.exeString found in binary or memory: <String key="Analytics:LearnMore"> %BrandName% </String> <String key="Analytics:PrivacyPolicy"> </String> <String key="Analytics:WelcomeEULA"></String> <!--Installing
Source: LCaptureInstallerUI.exeString found in binary or memory: </String> <String key="AppDescription:2"></String> <!--Install Completed Page--> <Str
Source: LCaptureInstallerUI.exeString found in binary or memory: </String> <!--Installing Page--> <String key="Installing"></String> <String key="Installing:2"></String> <String key="
Source: LCaptureInstallerUI.exeString found in binary or memory: ontratto di licenza con l'utente finale</String> <!--Installing Page--> <String key="Installing">Installazione</String> <String key="Installing:2">Installazione in corso...</String> <String key="AppDescription">%BrandName% Capture ti consente
Source: LCaptureInstallerUI.exeString found in binary or memory: de %BrandName%</String> <String key="Analytics:WelcomeEULA">Contrat de licence utilisateur final</String> <!--Installing Page--> <String key="Installing">Installation en cours...</String> <String key="Installing:2">Installation en cours</Stri
Source: LCaptureInstallerUI.exeString found in binary or memory: mest mulig ut av dine %BrandName%-webkameraer. Vent litt, denne prosessen kan ta et par minutter.</String> <String key="AppDescription:2">Vent litt, denne prosessen kan ta et par minutter.</String> <!--Install Completed Page--> <String key="Insta
Source: LCaptureInstallerUI.exeString found in binary or memory: y="Analytics:PrivacyPolicy"> privacybeleid</String> <String key="Analytics:WelcomeEULA">Gebruiksrechtovereenkomst</String> <!--Installing Page--> <String key="Installing">Installeren...</String> <String key="Installing:2">Installatie in voortg
Source: LCaptureInstallerUI.exeString found in binary or memory: lytics:PrivacyPolicy"> </String> <String key="Analytics:WelcomeEULA"></String> <!--Installing Page--> <String key="Installing"></String> <String key="Ins
Source: LCaptureInstallerUI.exeString found in binary or memory: blik geduld, dit proces kan een paar minuten duren.</String> <!--Install Completed Page--> <String key="Installed">is geinstalleerd</String> <String key="MoreInformation">Ga naar de ondersteuningspagina voor meer informatie</String> <String ke
Source: LCaptureInstallerUI.exeString found in binary or memory: </String> <String key="AppDescription:2"></String> <!--Install Completed Page--> <String key="Installed"></String> <Str
Source: LCaptureInstallerUI.exeString found in binary or memory: ring key="AppDescription:2"> . .</String> <!--Install Completed Page--> <String key="Installed">
Source: LCaptureInstallerUI.exeString found in binary or memory: mara Web %BrandName%. Espere, este proceso puede tardar varios minutos.</String> <String key="AppDescription:2">Espere, este proceso puede tardar varios minutos.</String> <!--Install Completed Page--> <String key="Installed">se ha instalado</Strin
Source: LCaptureInstallerUI.exeString found in binary or memory: pages/install.baml
Source: LCaptureInstallerUI.exeString found in binary or memory: -start
Source: LCaptureInstallerUI.exeString found in binary or memory: -install
Source: LCaptureInstallerUI.exeString found in binary or memory: y="Err:Singleton">Er is een ander exemplaar van het %BrandName% Capture-installatieprogramma actief. Voltooi eerst de andere installatie, voordat u dit installatieprogramma uitvoert.</String> <String key="Err:OS">%BrandName% Capture ondersteunt alleen Wind
Source: LCaptureInstallerUI.exeString found in binary or memory: en</String> <!--First Page--> <String key="WindowName">%BrandName% Capture-Installationsprogramm</String> <String key="ApplicationName">%BrandName% Capture-Installationsprogramm</String> <String key="Welcome">Willkommen bei</String> <Strin
Source: LCaptureInstallerUI.exeString found in binary or memory: pture-installationsprogram</String> <String key="ApplicationName">%BrandName% Capture-installationsprogram</String> <String key="Welcome">Velkommen til</String> <String key="LWS_UnInstall2">%BrandName%-webkamera</String> <String key="LWS_UnInst
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe'
Source: unknownProcess created: C:\Users\user\Desktop\download\Capture_2.06.8.exe 'C:\Users\user\Desktop\download\Capture_2.06.8.exe'
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeProcess created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe 'C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe'
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe'
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeProcess created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe 'C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe'
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: Binary string: D:\Projects\XSplit_git\cppcore\Components\LogitechInstallerDll\Release\LogitechInstallerDll.pdb source: Capture_2.06.8.exe, 0000000F.00000002.680914436.000000007099C000.00000002.00020000.sdmp
Source: Binary string: e:\Builds\Kamino\Kamino_2.06\2.06.8\Install\LCaptureInstallerUI\LCaptureInstallerUI\obj\x64\Release\LCaptureInstallerUI.pdb source: LCaptureInstallerUI.exe
Source: Binary string: D:\Repositories\cppcore\bin\release\x64\VHMultiWriterExt2.pdb source: VHMultiWriterExt2.exe.15.dr
Source: Binary string: DpInst.pdbH source: dpinst.exe.15.dr
Source: Binary string: DpInst.pdb source: dpinst.exe.15.dr
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,
Source: System.dll.15.drStatic PE information: real checksum: 0x0 should be: 0xbf2a
Source: Capture_2.06.8.exe.2.drStatic PE information: real checksum: 0x71ff68a should be:
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00D1ADD1 push ss; ret
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00D1BF14 push edx; retf
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_10002DE0 push eax; ret
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70991C25 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00508E40 push rdx; iretd
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00508D4F push rbx; retf
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00509029 pushfq ; retf
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeCode function: 18_2_00007FFAF19379A2 pushad ; retf
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7-zip.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LogitechInstallerDll.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\VHMultiWriterExt2.exeJump to dropped file
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\Capture_2.06.8.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\da\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\de\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\el\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License_logicool.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\es\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fi\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fr\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\it\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ja\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ko\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\nl\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\no\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pl\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-BR\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-PT\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ru\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\sv\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-CN\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile created: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-TW\License.rtfJump to behavior
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_709918F6 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7-zip.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.dllJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\VHMultiWriterExt2.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exe TID: 5236Thread sleep count: 111 > 30
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exe TID: 5236Thread sleep time: -111000s >= -30000s
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall FullSizeInformation
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040287E FindFirstFileW,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_004063F1 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_0040589F GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: LCaptureInstallerUI.exe, 00000012.00000002.685429409.000000001CBA0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: wget.exeBinary or memory string: Hyper-V RAW
Source: LCaptureInstallerUI.exe, 00000012.00000002.685429409.000000001CBA0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: LCaptureInstallerUI.exe, 00000012.00000002.685429409.000000001CBA0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: Capture_2.06.8.exe.2.drBinary or memory string: hgfs?
Source: wget.exe, 00000002.00000002.352957999.0000000000D18000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: LCaptureInstallerUI.exe, 00000012.00000002.685429409.000000001CBA0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_709914FF IsDebuggerPresent,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70994A1F EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_709916BF GetProcessHeap,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_70992D61 SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeMemory allocated: page read and write | page guard
Source: Capture_2.06.8.exe, 0000000F.00000002.676659278.0000000000E20000.00000002.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.678483080.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: Capture_2.06.8.exe, 0000000F.00000002.676659278.0000000000E20000.00000002.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.678483080.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: Capture_2.06.8.exe, 0000000F.00000002.676659278.0000000000E20000.00000002.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.678483080.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Progman
Source: Capture_2.06.8.exe, 0000000F.00000002.676659278.0000000000E20000.00000002.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.678483080.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_7099610F cpuid
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_7099289E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,
Source: C:\Users\user\Desktop\download\Capture_2.06.8.exeCode function: 15_2_004060D0 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Application Shimming1Access Token Manipulation1Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection2Virtualization/Sandbox Evasion21LSASS MemorySecurity Software Discovery41Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Application Shimming1Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection2LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery26Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 378606 URL: https://download01.logi.com... Startdate: 31/03/2021 Architecture: WINDOWS Score: 10 5 Capture_2.06.8.exe 1 96 2->5         started        8 cmd.exe 2 2->8         started        file3 18 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 5->18 dropped 20 C:\Users\user\AppData\Local\...\System.dll, PE32 5->20 dropped 22 C:\Users\user\AppData\Local\...\dpinst.exe, PE32+ 5->22 dropped 24 6 other files (none is malicious) 5->24 dropped 10 LCaptureInstallerUI.exe 2 5->10         started        12 wget.exe 2 8->12         started        16 conhost.exe 8->16         started        process4 dnsIp5 28 8.8.8.8 GOOGLEUS United States 12->28 30 13.32.25.64 ATT-INTERNET4US United States 12->30 26 C:\Users\user\Desktop\...\Capture_2.06.8.exe, PE32 12->26 dropped file6

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe0%VirustotalBrowse
https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LogitechInstallerDll.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7-zip.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7-zip.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\VHMultiWriterExt2.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\dpinst.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\dpinst.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\System.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\System.dll2%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\UserInfo.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\UserInfo.dll0%ReversingLabs
C:\Users\user\Desktop\download\Capture_2.06.8.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://foo/bar/resources/images/icons/kamino124/kamino124.png0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-regular.ttf0%Avira URL Cloudsafe
http://foo/bar/kamino124done.png0%Avira URL Cloudsafe
http://foo/bar/pages/install.baml0%Avira URL Cloudsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://pugixml.org).0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://defaultcontainer/LCaptureInstallerUI;component/kamino124Done.png0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/pages/closeapps.xaml0%Avira URL Cloudsafe
http://foo/pages/closeapps.xaml0%Avira URL Cloudsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://defaultcontainer/Resources/Fonts/brownpro-regular.ttf0%Avira URL Cloudsafe
http://www.lineto.comht0%Avira URL Cloudsafe
http://foo/bar/resources/fonts/brownpro-regular.ttf0%Avira URL Cloudsafe
http://foo/bar/pages/closeapps.baml0%Avira URL Cloudsafe
https://www.logicool.co.jp/legal/product-privacy-policy.html0%Avira URL Cloudsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.logicool.co.jp/0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/kamino124.png0%Avira URL Cloudsafe
http://foo/Resources/Images/Icons/Kamino124/Kamino124.png0%Avira URL Cloudsafe
http://foo/bar/analytics.png0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.ttf0%Avira URL Cloudsafe
http://foo/bar/resources/fonts/brownpro-thin.otf0%Avira URL Cloudsafe
http://www.lineto.comhttp:/0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/pages/finished.xaml0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-light.otf0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/pages/analytics.xaml0%Avira URL Cloudsafe
http://foo/bar/resources/fonts/brownpro-bold.otf0%Avira URL Cloudsafe
http://foo/Resources/Fonts/brownpro-regular.ttf0%Avira URL Cloudsafe
http://foo/pages/install.xaml0%Avira URL Cloudsafe
http://foo/pages/finished.xaml0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://defaultcontainer/Resources/Fonts/brownpro-bold.ttf0%Avira URL Cloudsafe
http://foo/Resources/Fonts/brownpro-thin.otf0%Avira URL Cloudsafe
http://foo/analytics.png0%Avira URL Cloudsafe
http://foo/bar/resources/fonts/brownpro-light.otf0%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://foo/kamino124.png0%Avira URL Cloudsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.otf0%Avira URL Cloudsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.lineto.comhttp:0%Avira URL Cloudsafe
http://foo/kamino124Done.png0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Images/Icons/Kamino124/Kamino124.png0%Avira URL Cloudsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://defaultcontainer/Resources/Fonts/brownpro-bold.otf0%Avira URL Cloudsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://defaultcontainer/LCaptureInstallerUI;component/analytics.png0%Avira URL Cloudsafe
http://foo/bar/kamino124.png0%Avira URL Cloudsafe
http://support.logicool.co.jp/article/logitechflow-help0%Avira URL Cloudsafe
http://foo/bar/resources/fonts/brownpro-bold.ttf0%Avira URL Cloudsafe
http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-thin.otf0%Avira URL Cloudsafe
http://www.lineto.comhttp://www.lineto.com/The0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Fonts/brownpro-thin.otf0%Avira URL Cloudsafe
http://foo/bar/pages/finished.baml0%Avira URL Cloudsafe
http://foo/Resources/Fonts/brownpro-bold.otf0%Avira URL Cloudsafe
http://www.lineto.comhttp://www.lineto.comhttp://www.lineto.com/The0%Avira URL Cloudsafe
http://support.logicool.co.jp/0%Avira URL Cloudsafe
http://defaultcontainer/Resources/Fonts/brownpro-light.otf0%Avira URL Cloudsafe
http://foo/Resources/Fonts/brownpro-bold.ttf0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://pugixml.org)0%Avira URL Cloudsafe
http://foo/bar/pages/analytics.baml0%Avira URL Cloudsafe
http://foo/Resources/Fonts/brownpro-light.otf0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://foo/bar/resources/images/icons/kamino124/kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
low
https://www.logitech.com/legal/product-privacy-policy.htmlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
    		high
    http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-regular.ttfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://support.logitech.com/software/captureLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
      		high
      http://www.lineto.com/Lineto.com/FontLCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.699148830.0000000022E72000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
        		high
        http://foo/bar/kamino124done.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://www.fontbureau.com/designersLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          		high
          http://foo/bar/pages/install.bamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.sajatypeworks.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://pugixml.org).License.rtf1.15.dr, License.rtf15.15.dr, License.rtf6.15.dr, License.rtf4.15.dr, License.rtf10.15.dr, License.rtf0.15.dr, License.rtf14.15.dr, License.rtf9.15.dr, License.rtf3.15.drfalse
          • Avira URL Cloud: safe
          		low
          http://www.founder.com.cn/cn/cTheLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://defaultcontainer/LCaptureInstallerUI;component/kamino124Done.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://defaultcontainer/LCaptureInstallerUI;component/pages/closeapps.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://foo/pages/closeapps.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.galapagosdesign.com/DPleaseLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.urwpp.deDPleaseLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.zhongyicts.com.cnLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://defaultcontainer/Resources/Fonts/brownpro-regular.ttfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.lineto.comhtLCaptureInstallerUI.exefalse
          • Avira URL Cloud: safe
          		unknown
          http://foo/bar/resources/fonts/brownpro-regular.ttfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://foo/bar/pages/closeapps.bamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.logitech.com/LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
            		high
            https://www.logicool.co.jp/legal/product-privacy-policy.htmlLCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/encoding/LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
              		high
              http://www.lineto.comLCaptureInstallerUI.exefalse
                		high
                http://www.logitech.com/assets/65580/logitech-eula.pdfLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorCapture_2.06.8.exe, 0000000F.00000000.411376593.000000000040A000.00000008.00020000.sdmp, Capture_2.06.8.exe.2.drfalse
                    		high
                    http://www.carterandcone.comlLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.logicool.co.jp/LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://defaultcontainer/LCaptureInstallerUI;component/kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://foo/Resources/Images/Icons/Kamino124/Kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.fontbureau.com/designers/frere-jones.htmlLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                      		high
                      http://foo/bar/analytics.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.ttfLCaptureInstallerUI.exe, 00000012.00000002.682557789.0000000003D79000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://foo/bar/resources/fonts/brownpro-thin.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.lineto.comhttp:/LCaptureInstallerUI.exefalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://defaultcontainer/LCaptureInstallerUI;component/pages/finished.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://schemas.xmlsoap.org/wsdl/LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                        		high
                        http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-light.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://defaultcontainer/LCaptureInstallerUI;component/pages/analytics.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://foo/bar/resources/fonts/brownpro-bold.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://www.logitech.com/en-ch/legal/product-privacy-policy.htmlLicense.rtf2.15.drfalse
                          		high
                          http://foo/Resources/Fonts/brownpro-regular.ttfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://support.logitech.com/article/logitechflow-helpLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersGLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                              		high
                              http://foo/pages/install.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://foo/pages/finished.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://www.fontbureau.com/designers/?LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://defaultcontainer/Resources/Fonts/brownpro-bold.ttfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://foo/Resources/Fonts/brownpro-thin.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.fontbureau.com/designers?LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                  		high
                                  http://foo/analytics.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://foo/bar/resources/fonts/brownpro-light.otfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.tiro.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://opensource.logitech.comLicense.rtf2.15.drfalse
                                    		high
                                    http://foo/kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.goodfont.co.krLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-bold.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.typography.netDLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fontfabrik.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.lineto.comhttp:LCaptureInstallerUI.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://foo/kamino124Done.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/LCaptureInstallerUI;component/Resources/Images/Icons/Kamino124/Kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.fonts.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.sandoll.co.krLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://defaultcontainer/Resources/Fonts/brownpro-bold.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.sakkal.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://defaultcontainer/LCaptureInstallerUI;component/analytics.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://foo/bar/kamino124.pngLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://support.logicool.co.jp/article/logitechflow-helpLCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://foo/bar/resources/fonts/brownpro-bold.ttfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.apache.org/licenses/LICENSE-2.0LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.comLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                          		high
                                          https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exewget.exe, 00000002.00000002.352998436.00000000015A0000.00000004.00000040.sdmp, cmdline.out.2.drfalse
                                            		high
                                            http://support.logitech.com/LCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.lineto.com/TheLCaptureInstallerUI.exe, LCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmp, LCaptureInstallerUI.exe, 00000012.00000002.699148830.0000000022E72000.00000004.00000001.sdmpfalse
                                                		high
                                                http://defaultcontainer/LCaptureInstallerUI;component/Resources/Fonts/brownpro-thin.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://www.lineto.comhttp://www.lineto.com/TheLCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://defaultcontainer/Resources/Fonts/brownpro-thin.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://foo/bar/pages/finished.bamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://foo/Resources/Fonts/brownpro-bold.otfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://www.lineto.comhttp://www.lineto.comhttp://www.lineto.com/TheLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmp, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://support.logicool.co.jp/LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://defaultcontainer/Resources/Fonts/brownpro-light.otfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://foo/Resources/Fonts/brownpro-bold.ttfLCaptureInstallerUI.exe, 00000012.00000002.682779587.0000000003EF9000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://www.fontbureau.com/designers/cabarga.htmlNLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.logitech.comLCaptureInstallerUI.exe, LCaptureInstallerUI.exe, 00000012.00000000.419847861.0000000000502000.00000002.00020000.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cnLCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://pugixml.org)License.rtf8.15.dr, License.rtf.15.dr, License.rtf7.15.drfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://foo/bar/pages/analytics.bamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://foo/Resources/Fonts/brownpro-light.otfLCaptureInstallerUI.exe, 00000012.00000002.682256116.0000000003BF9000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.jiyu-kobo.co.jp/LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://foo/pages/analytics.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.fontbureau.com/designers8LCaptureInstallerUI.exe, 00000012.00000002.698599754.0000000021E56000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://defaultcontainer/LCaptureInstallerUI;component/pages/install.xamlLCaptureInstallerUI.exe, 00000012.00000002.678611912.0000000003821000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.lineto.cLCaptureInstallerUI.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      8.8.8.8
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      13.32.25.64
                                                      		unknownUnited States
                                                      		7018ATT-INTERNET4USfalse

                                                      General Information

                                                      Joe Sandbox Version:31.0.0 Emerald
                                                      Analysis ID:378606
                                                      Start date:31.03.2021
                                                      Start time:02:26:16
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 10m 44s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:light
                                                      Cookbook file name:urldownload.jbs
                                                      Sample URL:https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:36
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:CLEAN
                                                      Classification:clean10.win@7/54@0/2
                                                      EGA Information:
                                                      • Successful, ratio: 66.7%
                                                      HDC Information:
                                                      • Successful, ratio: 29.2% (good quality ratio 27.7%)
                                                      • Quality average: 83%
                                                      • Quality standard deviation: 26.8%
                                                      HCA Information:
                                                      • Successful, ratio: 65%
                                                      • Number of executed functions: 0
                                                      • Number of non-executed functions: 0
                                                      Cookbook Comments:
                                                      • Adjust boot time
                                                      • Enable AMSI
                                                      Warnings:
                                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                      • Execution Graph export aborted for target wget.exe, PID 6292 because there are no executed function
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      No simulations

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      No context

                                                      Domains

                                                      No context

                                                      ASN

                                                      No context

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Temp\LogiCapture.log
                                                      Process:C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe
                                                      File Type:data
                                                      Category:modified
                                                      Size (bytes):1052
                                                      Entropy (8bit):3.2119305054405105
                                                      Encrypted:false
                                                      SSDEEP:24:4ZCoES0Q/Zzd/Zk/ZQ/Zy/ZCoPZw/ZCoCdfN/Zg:JSh3OyQSy1NC
                                                      MD5:96FAAFECCC3E4A962C15BAFD5055D4EB
                                                      SHA1:9E628C032D4D5029B52F64620740AB2478748C58
                                                      SHA-256:570E0200E98A8E482B9889C67F42A83FD79ADAE732F053C283238A3D1D67C51A
                                                      SHA-512:5CBF0BD8D098E3A78C147D5488B5E732B5C1C2E369356F0A56A91B55179B02ABA8EDA006CC93664B94A7F007207A9A95833DFD8BFF44ECEFD2738C4AD86F0F54
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: -. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .M.a.i.n.W.i.n.d.o.w.:. .a.t. .t.h.e. .s.t.a.r.t.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .L.W.S._.U.n.I.n.s.t.a.l.l.:. .c.o.n.s.t.r.u.c.t.o.r.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .W.e.l.c.o.m.e.:. .c.o.n.s.t.r.u.c.t.o.r.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .A.n.a.l.y.t.i.c.s.:. .c.o.n.s.t.r.u.c.t.o.r.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .F.i.n.i.s.h. .P.a.g.e.:. .c.o.n.s.t.r.u.c.t.o.r.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .M.a.i.n.W.i.n.d.o.w.:. .M.a.i.n.W.i.n.d.o.w.A.c.t.u.a.l._.L.o.a.d.e.d.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.e.I.n.s.t.a.l.l.e.r.:. .M.a.i.n.W.i.n.d.o.w.:. .s.p.l.a.s.h. .s.c.r.e.e.n. .c.l.o.s.e.d.:. .b.L.W.S._.i.s._.I.n.s.t.a.l.l.e.d. .=. .F.a.l.s.e.....-. .-. .-. .-. .-. . . . . .L.o.g.i.C.a.p.t.u.r.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):859536
                                                      Entropy (8bit):6.7449464180688885
                                                      Encrypted:false
                                                      SSDEEP:12288:JHiS50ojW9hdBwIrmoKI9DZOhXpYPBTvIfQPekTlnnS3Aw:JH1+DiIrmyOhZ6IfQPeinnS3t
                                                      MD5:11CAB5B78DBCBB021E687C5269C4F232
                                                      SHA1:A0C0EAE0A6E24B68BAC0C9083D9A215532FCF6C4
                                                      SHA-256:D92868134AB7DB80C39F14C15FEF970576615FFB5228FA4132B286781378AD26
                                                      SHA-512:23A238EE2CB4F8F97EF0DD8B3A44623C4127D587B36319340C9D799411FD2DF8D2AF868C26B74D9C343DF475F9825A1F9F21098D2A806EEC2FBC5733C93B09B4
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....".`.........."..........H........... .....@..... .......................@......e.....@...@......@............... ...................................G..........................T................................................................ ..H............text........ ...................... ..`.rsrc....G.......H..................@..@.reloc.......@......................@..BH........!..D............r.......................................................0..)........{.........(....t'.....|......(...+...3.*....0..)........{.........(....t'.....|......(...+...3.*F.~....(....t....*6.~.....(....*....0...........r...p}.....rE..p}.....s....}.....(.....(......rU..p(....u....}......rw..p(....u....}.....{...........s....o.....{....#.......@(....o....*zr...p((....{....,..{....o....*....0..x.......r...p((....(....o(...o;...-.r...p((....(....o(....}.....{....o......
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LogitechInstallerDll.dll
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):79248
                                                      Entropy (8bit):6.357830607090221
                                                      Encrypted:false
                                                      SSDEEP:1536:h0ihkepwQeiX4MVCP7DcoYPsWjcdlfVwHeHBQsrmg:qiCez/hkYwlfVFHBQsrmg
                                                      MD5:8789698018C90C09258AE5C84E41AE4C
                                                      SHA1:DD083E5325DC3B60D2991AE8D93ADBAFB0C63426
                                                      SHA-256:B251A244ADC7943024950C30CD4F4513DEB765DFC261F2C3C8CF16F900CE62D0
                                                      SHA-512:8360B4B0118AAB6C737AF04A5A1F344327509534F6450F2B9234275D1A8CBB9D911EEF9032BB32A06CB170ACDAAFF797531B5143B861C8642FC0D3073A2A9832
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.).Byz.Byz.Byz...z.Byz...z.Byz...z.Byz...z.Byz...z.Byz.Bxz.Byz..z.Byz..z.Byz...z.Byz.B.z.Byz..z.ByzRich.Byz........................PE..L....-.[...........!.........r...............................................`.......<....@.............................o.......<....@.......................P......@...8...............................@............................................text............................... ..`.rdata...G.......H..................@..@.data..../..........................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\da\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):24944
                                                      Entropy (8bit):3.5376242550396046
                                                      Encrypted:false
                                                      SSDEEP:384:QhczoaCZhBPZ8jbkgxFFMfiehztU/j0Yo:QhcEaCZhBPZ8jbkgA9XU/j0N
                                                      MD5:36870D2B3FC79FE992F000CEEC20AB29
                                                      SHA1:8888584E44EB9E7E36EBA4885BC535953A63563C
                                                      SHA-256:D7B046F5936DFDCFFE2B2EF55772F4B2A49A57254F950122567252B504FAE68C
                                                      SHA-512:D9EA955650CCA9E61C794050946FF89D2DFA49FB318A7CA7CC199CF2650C5DE54A2A93745ADC7B72A0B9546EE8CDF15C8DC6753B0B41E325AE39B3D334EDC376
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..L.i.c.e.n.s.a.f.t.a.l.e. .f.o.r. .s.o.f.t.w.a.r.e.........L...S. .D.E.N.N.E. .S.O.F.T.W.A.R.E.L.I.C.E.N.S.A.F.T.A.L.E. .G.R.U.N.D.I.G.T. .I.G.E.N.N.E.M. .F...R. .D.U. .B.R.U.G.E.R. .D.I.T. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T. .E.L.L.E.R. .H.E.N.T.E.R. .D.E.N.N.E. .S.O.F.T.W.A.R.E... .V.E.D. .A.T. .B.R.U.G.E. .D.I.T. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T. .E.L.L.E.R. .H.E.N.T.E. .D.E.N.N.E. .S.O.F.T.W.A.R.E. .A.C.C.E.P.T.E.R.E.R. .D.U. .B.E.T.I.N.G.E.L.S.E.R.N.E. .I. .D.E.N.N.E. .A.F.T.A.L.E... .H.v.i.s. .d.u. .i.k.k.e. .a.c.c.e.p.t.e.r.e.r. .b.e.t.i.n.g.e.l.s.e.r.n.e. .i. .d.e.n.n.e. .a.f.t.a.l.e.,. .s.k.a.l. .L.o.g.i.t.e.c.h.-.p.r.o.d.u.k.t.e.t. .r.e.t.u.r.n.e.r.e.s. .i. .d.e.n. .o.r.i.g.i.n.a.l.e. .i.n.d.p.a.k.n.i.n.g. .m.e.d. .k.v.i.t.t.e.r.i.n.g.e.n. .i.n.d.e.n. .f.o.r. .3.0. .d.a.g.e. .e.l.l.e.r. .i.n.d.e.n. .f.o.r. .f.r.i.s.t.e.n. .a.n.g.i.v.e.t. .i. .k...b.s.s.t.e.d.e.t.s. .r.e.t.u.r.p.o.l.i.t.i.k.,. .a.l.t. .e.f.t.e.r. .h.v.i.l.k.e.n. .a.f. .d.i.s.s.e. .p.e.r.i.o.d.e.r. .d.e.r. .e.r.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\da\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7358
                                                      Entropy (8bit):5.031791854225655
                                                      Encrypted:false
                                                      SSDEEP:96:AJhxhoXfw9NIpMX4rQqojBjuowpBAj+kq5FarAYuKlpGntkz7rbMKLtzu1QA:AJVovw9NIC1jbwpBAj+kqrarVuEWtCRa
                                                      MD5:17B98A6FC540664F4D1A2F022A2B544A
                                                      SHA1:C9580F1789C8D7E427C5D48AE7A7317872C93A65
                                                      SHA-256:9ACE74122DE8A0C1D2BD0DF371028B1F212E973E504BDFC18FEF78292C0D4CC4
                                                      SHA-512:602182CD85B4D61932295A6D39BEE3BBB6C8AF941660F0AED3F5679B9A549A6FCB666D7254387B89330C96D17816009FFCE53A3BE4958C3193451FEACB28369A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimer</String>. <String key="Buttons:CloseToolTip">Luk</String>.. First Page-->. <String key="WindowName">%BrandName% Capture-installationsprogram</String>. <String key="ApplicationName">%BrandName% Capture-installationsprogram</String>. <String key="Welcome">Velkommen til</String>. <String key="LWS_UnInstall2">%BrandName%-webkamera</String>. <String key="LWS_UnInstall3">software registreret</String>. <String key="LWS_UnInstall4">F.r du installerer den nye version af %BrandName% Capture, skal du afinstallere %BrandName%-webkamerasoftwaren. De to versioner bruger de samme komponenter hvilket kan for.rsage konflikter, hvis begge programmer er installeret samtidigt.</String>. <String key="LWS_UnInstall5">AFINSTALLER %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\de\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):27734
                                                      Entropy (8bit):3.452882270450968
                                                      Encrypted:false
                                                      SSDEEP:384:IDafbVecNRQAsuQFnOPw6GUb3uNNJpbwbIP5JoSrTK0:Iexec5jQFONGgWr75JoSL
                                                      MD5:2470741DD82008C6399CBACEE892A53D
                                                      SHA1:08517A2D6EACF688F5B221E9CA3A8B9476FDE122
                                                      SHA-256:F766F2D272A64B9D6D110B551760C16C1902283BE5C47D484B9C3BDC89F9CF12
                                                      SHA-512:A535BB7733FCC303B9CA810BB818FD9D0DC20731597DE341F26C1313EE954D7991D935EED4655FB34F46B9CAE41F9EB30BCF335FB6E07D298883EB9FA5C9483E
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..S.o.f.t.w.a.r.e.-.L.i.z.e.n.z.v.e.r.t.r.a.g.........L.E.S.E.N. .S.I.E. .S.I.C.H. .D.I.E.S.E.N. .S.O.F.T.W.A.R.E.-.L.I.Z.E.N.Z.V.E.R.T.R.A.G. .S.O.R.G.F...L.T.I.G. .D.U.R.C.H.,. .B.E.V.O.R. .S.I.E. .D.A.S. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T. .V.E.R.W.E.N.D.E.N. .O.D.E.R. .D.I.E.S.E. .S.O.F.T.W.A.R.E. .I.N.S.T.A.L.L.I.E.R.E.N... .D.U.R.C.H. .D.I.E. .V.E.R.W.E.N.D.U.N.G. .D.E.S. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T.S. .O.D.E.R. .D.I.E. .I.N.S.T.A.L.L.A.T.I.O.N. .D.I.E.S.E.R. .S.O.F.T.W.A.R.E. .V.E.R.P.F.L.I.C.H.T.E.N. .S.I.E. .S.I.C.H. .Z.U.R. .E.I.N.H.A.L.T.U.N.G. .D.E.R. .B.E.D.I.N.G.U.N.G.E.N. .D.I.E.S.E.S. .V.E.R.T.R.A.G.S... .W.e.n.n. .S.i.e. .n.i.c.h.t. .m.i.t. .d.e.n. .B.e.d.i.n.g.u.n.g.e.n. .d.i.e.s.e.s. .V.e.r.t.r.a.g.s. .e.i.n.v.e.r.s.t.a.n.d.e.n. .s.i.n.d.,. .m...s.s.e.n. .S.i.e. .d.a.s. .L.o.g.i.t.e.c.h. .P.r.o.d.u.k.t. .i.n. .d.e.r. .O.r.i.g.i.n.a.l.v.e.r.p.a.c.k.u.n.g. .m.i.t. .Q.u.i.t.t.u.n.g. .g.e.m..... .d.e.n. .R...c.k.g.a.b.e.b.e.d.i.n.g.u.n.g.e.n. .d.e.s. .H...n.d.l.e.r.s.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\de\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):8395
                                                      Entropy (8bit):5.086853105988171
                                                      Encrypted:false
                                                      SSDEEP:192:lbkIvFgIzMv/SO9gAC0Sw7NSVDavSPN6Svk:zvFgIAvR92xlZBPbvk
                                                      MD5:CB8B861BEE5BA95196C632609E8E5265
                                                      SHA1:59ADCF299ECC80F0F83AAEDD8C7F9989D50EB616
                                                      SHA-256:08EFEE6FE2B02F1926599528155AD81CA9B2CE015B4383B6E99286DA54CFAE3A
                                                      SHA-512:B84E103E978D109D25A0E7C0F1E4E0ECC7C2A0638CB56379EB56BF7958F2217BA99C5455B34DF27F470874D3FC7439D0E8451163A16276AA7CB00F2EFCD1D786
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimieren</String>. <String key="Buttons:CloseToolTip">Schlie.en</String>.. First Page-->. <String key="WindowName">%BrandName% Capture-Installationsprogramm</String>. <String key="ApplicationName">%BrandName% Capture-Installationsprogramm</String>. <String key="Welcome">Willkommen bei</String>. <String key="LWS_UnInstall2">%BrandName% Webcam-</String>. <String key="LWS_UnInstall3">Software erkannt</String>. <String key="LWS_UnInstall4">F.r die Installation der %BrandName% Capture Software m.ssen Sie Ihre alte %BrandName% Webcam Software deinstallieren. Dies liegt daran, dass diese beiden Software-Programme sich Komponenten teilen, die unvorhersehbares Verhalten ausl.sen k.nnen, wenn beide Anwendungen installiert sind.</String>. <String key="LWS_UnInstall5">DEINSTALLIEREN VON %BRANDNAME%.WEBCAM SOFTWARE</String>. <String
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\el\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):30144
                                                      Entropy (8bit):4.079415392858659
                                                      Encrypted:false
                                                      SSDEEP:384:aWVYU0X1dBqDT56zE4ULxPkIqLli0r46ILB29dhmFc3y55tUZ0qSEHIkIPdg0n:TW14Janpgj5U/f8
                                                      MD5:A1E5DC3DB5FD12C021200DA0F7A0C6BA
                                                      SHA1:AB55EEA6B2A206DE9EF3BF27518CC6EB91880E5B
                                                      SHA-256:C84425733BDBABC019FA0227326BF9A29FD11723E62B712E47075D8AF32D54DD
                                                      SHA-512:CE0DD7B971471C3231FD8BC64CA178070407D2249C0D4E29BBC867535BC737D608CCDFFD889307F41960ADCB0FE360FA3C9388B36054F23667199CDE4113AB8C
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ............ ............. ............................................. ..................... ........... ....... ........... ............. ..................... ............. ............................... ..... ............. ....... ....... .L.O.G.I.T.E.C.H. ... ............. ............. ....................... ........... ....... ....................... ................. ........... ....... ................... ....... .L.O.G.I.T.E.C.H. ... ................. ....................... ........... ....... ..................... ..................... ....... ..................... ....... ......... ........... ....... ................. ..................... ....... ....... ..................... ..... ......... ........... ....... ................. ...................,. ..................... ............... ..... ............. ....... .L.o.g.i.t.e.c.h. ......... ............. ....... ..................... ..... ....... ................. ............. ........... .3.0. ............. ... .
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\el\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):11489
                                                      Entropy (8bit):5.231153614605272
                                                      Encrypted:false
                                                      SSDEEP:192:41rnfsRipZNMdIxgOOHtdSPeRDm1A9u8mU:41jJpIdI2HtQPe4EmU
                                                      MD5:8D3B3B2E9917CAE3C3755AE6C16F6728
                                                      SHA1:A41C0DC70B9788C802A0BA320DFC3D76E80C7CB3
                                                      SHA-256:270692E7FE0DA5880DFA049C6D3B06AA7ABD68D94A92FD1A16B4F8417CA9FAD9
                                                      SHA-512:536662A8FD207C9CEE40C8CC8BCED6A8330CADBE8F335176651D3B3C9E2219A21F769FDEC23BADE27B4823574C5165D3C40E31B7BD9D9694DABCBCA43635BC47
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">..............</String>. <String key="Buttons:CloseToolTip">........</String>.. First Page-->. <String key="WindowName">......... ............ %BrandName% Capture</String>. <String key="ApplicationName">......... ............ %BrandName% Capture</String>. <String key="Welcome">..... ....... ....</String>. <String key="LWS_UnInstall2">........... ......... ... ...</String>. <String key="LWS_UnInstall3">...... web %BrandName%</String>. <String key="LWS_UnInstall4">...... ............. .. %BrandName% Capture, .. ...... .. ........... ... ........... ... %BrandName% Webcam Software. .... ..... .......... ...... ............. ...
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Rich Text Format data, version 1, unknown character set
                                                      Category:dropped
                                                      Size (bytes):76942
                                                      Entropy (8bit):5.184534001214283
                                                      Encrypted:false
                                                      SSDEEP:768:gi2FNvUiEfMKgcyQlKsij00H08+M1OUOckru9oECIgJiN0D9noG1t69oEqkKB07x:grFNA3UOc/UoobkF6DLlc
                                                      MD5:9F152F715D2475A19DC7AAC8C9D9A47A
                                                      SHA1:1BE72BD6A0CA8E79392E2F45AA5464FBEC34E2D5
                                                      SHA-256:752DA2FFE981F341BFA61EADF4107EE65DA84E4353902D270764712E1693D6D7
                                                      SHA-512:9C973C254E0998E725F9E22AD3D9B444422AF3C60945B1FF6641542960C4F43412B877E4877ECE9DF20981833C890C72C8483BD57541A84D95C9EFDBE45CBEFB
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: {\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff1\deff0\stshfdbch1\stshfloch1\stshfhich1\stshfbi1\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Cambria Math;}.{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbminor\f31505\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhiminor\f31506\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Cambria;}{\fbiminor\f3150
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\License_logicool.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Rich Text Format data, version 1, ANSI
                                                      Category:dropped
                                                      Size (bytes):11125
                                                      Entropy (8bit):5.071900147271289
                                                      Encrypted:false
                                                      SSDEEP:192:E+K3XXBBHguKHkxl5SGCHTl3Gv4oRgkcFwxiZj7MoJG+IdfJP2:ENnBuuOkv4GoGwocFiiZHMoJG+IdfV2
                                                      MD5:641C63CA089555035B65EBF9502B1F24
                                                      SHA1:39F13F2A5550D263BEBBD0D12CDEAE15F63807DF
                                                      SHA-256:056D28C50D692E43114F98B58486AACE9C9B32BA65ECA14BD7E30003E7395F6E
                                                      SHA-512:D61F522D366D00AC1F699C5F208580936A39BDA88B66BC0958B2F29488852D14C08E334157A50672C63C0647216B4DAE6D95E17E7F42954182F893CA3DDA2E93
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: {\rtf1\ansi\ansicpg1252\deff0\nouicompat{\fonttbl{\f0\fnil\fcharset0 Courier New;}}..{\colortbl ;\red26\green26\blue26;\red0\green0\blue255;\red16\green60\blue192;}..{\*\generator Riched20 10.0.15063}\viewkind4\uc1 ..\pard\b\f0\fs40\lang9 Software License Agreement\b0\fs21\par..\par..PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE USING YOUR LOGICOOL PRODUCT OR INSTALLING THIS SOFTWARE. BY USING YOUR LOGICOOL PRODUCT OR INSTALLING THIS SOFTWARE YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT. If you do not agree to the terms of this agreement, promptly return your Logicool product in its original package with your sales receipt within 30 days or in accordance with the return policy of your point of purchase, whichever is longer. If you have accessed the software electronically do not install the software.\par..\par..1. General. The software and documentation accompanying this agreement ("Software") is licensed, not sold, to you by Logitech Europe S.A. (\ldblqu
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\en\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7155
                                                      Entropy (8bit):4.989548451473825
                                                      Encrypted:false
                                                      SSDEEP:96:QcU6tTQd5s75GkN4p8YeGk8DHJDrFttnupGbLeYT1ZMKLYNH2:/U6hQdoxQDRu6FT
                                                      MD5:A49DA11921B7BFB43739B131A2370CC7
                                                      SHA1:15C158FDEB3D7F2F92655C45D81CC91979976767
                                                      SHA-256:F9ABE3BC91127479A86780BB38C078FE174B6AFE5F512DDCA588090FA5B82FFE
                                                      SHA-512:67BFA6CF2E46B1558FEF90D211365251832545AAC79CEE0D59FCDB53A2330E54B42443FE84B8D58276BBD255E7C6017C0324A7095E5DD6ED13AE1471EA9D0DFF
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8" ?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimize</String>. <String key="Buttons:CloseToolTip">Close</String>.. First Page-->. <String key="WindowName">%BrandName% Capture Installer</String>. <String key="ApplicationName">%BrandName% Capture Installer</String>. <String key="Welcome">Welcome to</String>. <String key="LWS_UnInstall2">%BrandName% Webcam</String>. <String key="LWS_UnInstall3">software detected</String>. <String key="LWS_UnInstall4">Before you install the new %BrandName% Capture, you must uninstall %BrandName% Webcam Software. This is because they share components that can cause unexpected behavior if both applications are installed.</String>. <String key="LWS_UnInstall5">UNINSTALL %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">INSTALL %BRANDNAME% CAPTURE</String>. <String key=
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\es\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):26332
                                                      Entropy (8bit):3.500370126231798
                                                      Encrypted:false
                                                      SSDEEP:192:WcP2XMPAhL4aAQ9fMnSFH0StjOY0Z5o+CnyLTAbKR8V0iQ/WgQ5IlYhIlY3Mtwy7:kNaoVeuyTeK6VwQ8
                                                      MD5:DC302BBBB1670FF777588C31CCAAEE3B
                                                      SHA1:B8B6E1AF46035A45AADD4479799C2B2BE020F411
                                                      SHA-256:ADFC9730062115750715E5AC7030653F78F50825EF4CB560A9904219A0ADC158
                                                      SHA-512:860933B42FD0F96751815D0E8293B6CE3DE08D79B1925B143097FFE5B23E17D5E6A755516A5B4D8AF4DC109439DF24B23F3CFA3D6975E6AA13462929FBEC17BB
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..C.o.n.t.r.a.t.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .s.o.f.t.w.a.r.e.........L.E.A. .A.T.E.N.T.A.M.E.N.T.E. .E.S.T.E. .C.O.N.T.R.A.T.O. .D.E. .L.I.C.E.N.C.I.A. .D.E. .S.O.F.T.W.A.R.E. .A.N.T.E.S. .D.E. .U.S.A.R. .E.L. .P.R.O.D.U.C.T.O. .L.O.G.I.T.E.C.H. .O. .A.N.T.E.S. .D.E. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E... .A.L. .U.S.A.R. .E.L. .P.R.O.D.U.C.T.O. .L.O.G.I.T.E.C.H. .O. .A.L. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E.,. .S.E. .C.O.M.P.R.O.M.E.T.E. .A. .A.C.E.P.T.A.R. .L.O.S. .T...R.M.I.N.O.S. .E.S.T.I.P.U.L.A.D.O.S. .E.N. .E.S.T.E. .C.O.N.T.R.A.T.O... .S.i. .n.o. .a.c.e.p.t.a. .l.o.s. .t...r.m.i.n.o.s. .d.e. .e.s.t.e. .c.o.n.t.r.a.t.o.,. .d.e.v.u.e.l.v.a. .i.n.m.e.d.i.a.t.a.m.e.n.t.e. .e.l. .p.r.o.d.u.c.t.o. .L.o.g.i.t.e.c.h. .e.n. .s.u. .e.m.b.a.l.a.j.e. .o.r.i.g.i.n.a.l. .c.o.n. .e.l. .r.e.c.i.b.o. .d.e. .v.e.n.t.a. .e.n. .e.l. .p.l.a.z.o. .d.e. .3.0. .d...a.s. .o. .d.e. .c.o.n.f.o.r.m.i.d.a.d. .c.o.n. .l.a. .p.o.l...t.i.c.a. .d.e. .d.e.v.o.l.u.c.i.o.n.e.s. .d.e.l. .p.u.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\es\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7723
                                                      Entropy (8bit):5.0109066944021645
                                                      Encrypted:false
                                                      SSDEEP:96:/NY5hZyJsP5O9VPevc5gndMEMKJfYESZ0U0lMByz7:/u5hOknvxT5glo
                                                      MD5:79929AE7EE79EF9DA8766F1BE360EAAB
                                                      SHA1:9FAB3C7946638903C33153C0A3DD83727DC37845
                                                      SHA-256:21EE1CB4352394519516532BE02FCE1EEAC55E5FD5A14EECE743FA1BB3E2D951
                                                      SHA-512:9A26C09661BAC97626D5666E3AA9224B738B9E229D277431481A8CFA57ECF9041EC104541C4ACB8F374191FCED94C81948695D84140E7C9E38D1BBBC13285406
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimizar</String>. <String key="Buttons:CloseToolTip">Cerrar</String>.. First Page-->. <String key="WindowName">Instalador de %BrandName% Capture</String>. <String key="ApplicationName">Instalador de %BrandName% Capture</String>. <String key="Welcome">Bienvenido a</String>. <String key="LWS_UnInstall2">Software de c.mara Web %BrandName%</String>. <String key="LWS_UnInstall3">detectado</String>. <String key="LWS_UnInstall4">Antes de instalar el nuevo %BrandName% Capture, debe desinstalar el antiguo %BrandName% Webcam Software. Esto se debe a que comparten componentes que pueden causar un comportamiento inesperado si ambas aplicaciones est.n instaladas.</String>. <String key="LWS_UnInstall5">DESINSTALAR %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">IN
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fi\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):25862
                                                      Entropy (8bit):3.535757671937904
                                                      Encrypted:false
                                                      SSDEEP:384:QYpc4zMlBA4p4KBAkjLGlF4lQrX3xlBZaYhi37P6jCBUUeGoXK0YgN1OHsolbtsQ:5jcLGlaEGs88CGpHrc
                                                      MD5:E87BA3C286530779357361D2EAD4E6C4
                                                      SHA1:27FE3D2F7B4BCB0A426C51799EDAC8C27F4CA33C
                                                      SHA-256:37F40C1060C58A91F0AE51F8DB13DB8CCFA4D694620136A08856EEA0538FA40B
                                                      SHA-512:BC2043E871E24183E87219E1D9EB5BAAB450808AE4AEACB3323AE45C63AE9B6ABC5411DAFDEEDF69A78EA4D6D2C66D6769598BE3D680F002B9948E11D4CEDA7E
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..O.h.j.e.l.m.i.s.t.o.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s.........O.H.J.E.L.M.I.S.T.O.N. .K...Y.T.T...O.I.K.E.U.S.S.O.P.I.M.U.S. .P.I.T..... .L.U.K.E.A. .H.U.O.L.E.L.L.I.S.E.S.T.I. .E.N.N.E.N. .L.O.G.I.T.E.C.H.-.T.U.O.T.T.E.E.N. .K...Y.T.T...M.I.S.T... .J.A. .O.H.J.E.L.M.I.S.T.O.N. .A.S.E.N.T.A.M.I.S.T.A... .K...Y.T.T...M...L.L... .L.O.G.I.T.E.C.H.-.T.U.O.T.E.T.T.A. .T.A.I. .A.S.E.N.T.A.M.A.L.L.A. .O.H.J.E.L.M.I.S.T.O.N. .H.Y.V...K.S.Y.T. .T...M...N. .S.O.P.I.M.U.K.S.E.N. .E.H.D.O.T... .J.o.s. .e.t. .h.y.v...k.s.y. .t...m...n. .s.o.p.i.m.u.k.s.e.n. .e.h.t.o.j.a.,. .p.a.l.a.u.t.a. .L.o.g.i.t.e.c.h.-.t.u.o.t.e. .o.s.t.o.p.a.i.k.k.a.a.n. .a.l.k.u.p.e.r...i.s.e.s.s... .p.a.k.k.a.u.k.s.e.s.s.a.a.n. .j.a. .m.y.y.n.t.i.k.u.i.t.i.n. .k.a.n.s.s.a. .j.o.k.o. .3.0. .p...i.v...n. .k.u.l.u.e.s.s.a. .o.s.t.o.t.a.p.a.h.t.u.m.a.s.t.a. .t.a.i. .o.s.t.o.p.a.i.k.a.n. .p.a.l.a.u.t.u.s.k...y.t...n.t...j.e.n. .m.u.k.a.i.s.e.s.t.i.,. .s.e.n. .m.u.k.a.a.n.,. .k.u.m.p.i. .a.j.o.i.s.t.a. .o.n. .p.i.t.e.m.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fi\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):7609
                                                      Entropy (8bit):5.130363269233471
                                                      Encrypted:false
                                                      SSDEEP:96:6xwx1zokIKBQvmD+XOXAE9AR311PkQVR3HT4c7o85j/Ed5JoGdD6MPZkh+:wwLXIKBQ7XZRF+QVRXThN/GbZDjD
                                                      MD5:4C85F71E21B6220508F2007D39200848
                                                      SHA1:A0FDE7AE8E46BBA3B134E06042824BE7E933BA7B
                                                      SHA-256:C6424EE587565A63107AA71678FBF6619880C29A8217094FA512D8794331BEDF
                                                      SHA-512:DB648EB667E19BECBC51C19C3332C2070CC43F13B8D9E6E48DD9C0947DD043959C6964C64138285ACDC0182B7A0FA8478F0DAF22D41AE1AF51F4859C4CB1C73F
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Pienenn.</String>. <String key="Buttons:CloseToolTip">Sulje</String>.. First Page-->. <String key="WindowName">%BrandName% Capture -asennusohjelma</String>. <String key="ApplicationName">%BrandName% Capture -asennusohjelma</String>. <String key="Welcome">Tervetuloa</String>. <String key="LWS_UnInstall2">%BrandName%-verkkokameraohjelmisto</String>. <String key="LWS_UnInstall3">havaittu</String>. <String key="LWS_UnInstall4">Ennen uuden %BrandName% Capture -ohjelmiston asentamista on poistettava vanhan %BrandName% Webcam Software -ohjelmiston asennus. T.m. johtuu siit., ett. niill. on yhteisi. komponentteja, jotka voivat aiheuttaa odottamatonta k.ytt.ytymist., jos molemmat sovellukset on asennettu.</String>. <String key="LWS_UnInstall5">POISTA %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandNam
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fr\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):27300
                                                      Entropy (8bit):3.514251133871775
                                                      Encrypted:false
                                                      SSDEEP:768:TVz2m7UW94dUHnx738s74DpVQ/w01LACaxY6xhEoSv:Rj8I4wXoSv
                                                      MD5:CEF2597D6136A6D30EA8AA10CC00430D
                                                      SHA1:E2743E332932A13C453AEAD8A3E112713A017B57
                                                      SHA-256:8E10E8C2AC609F463549DEA60485CA0B4CCD44DE09F34791E228D7B8734A11A1
                                                      SHA-512:0AAA1EAD666E8B0AE1BF036B09375610B6EE4EFD48E0A80F137C883594BF2901EA3FDB7DCE110B7408E6109F2A49DE2C1CB5A0D875F01D805850C922340B81F3
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..A.c.c.o.r.d. .d.e. .l.i.c.e.n.c.e. .l.o.g.i.c.i.e.l.l.e.........L.I.S.E.Z. .A.T.T.E.N.T.I.V.E.M.E.N.T. .C.E.T. .A.C.C.O.R.D. .D.E. .L.I.C.E.N.C.E. .A.V.A.N.T. .D.'.U.T.I.L.I.S.E.R. .L.E. .P.R.O.D.U.I.T. .L.O.G.I.T.E.C.H. .O.U. .D.'.I.N.S.T.A.L.L.E.R. .C.E. .L.O.G.I.C.I.E.L... .E.N. .U.T.I.L.I.S.A.N.T. .C.E. .P.R.O.D.U.I.T. .L.O.G.I.T.E.C.H. .O.U. .E.N. .I.N.S.T.A.L.L.A.N.T. .C.E. .L.O.G.I.C.I.E.L.,. .V.O.U.S. .V.O.U.S. .E.N.G.A.G.E.Z. ... .R.E.S.P.E.C.T.E.R. .L.E.S. .T.E.R.M.E.S. .E.T. .C.O.N.D.I.T.I.O.N.S. .D.E. .C.E.T. .A.C.C.O.R.D... .S.i. .v.o.u.s. .r.e.f.u.s.e.z. .l.e.s. .c.o.n.d.i.t.i.o.n.s. .d.u. .p.r...s.e.n.t. .a.c.c.o.r.d.,. .v.o.u.s. .d.e.v.e.z. .r.e.t.o.u.r.n.e.r. .s.a.n.s. .d...l.a.i. .l.e. .p.r.o.d.u.i.t. .L.o.g.i.t.e.c.h. .d.a.n.s. .s.o.n. .e.m.b.a.l.l.a.g.e. .d.'.o.r.i.g.i.n.e.,. .a.c.c.o.m.p.a.g.n... .d.u. .r.e...u. .d...l.i.v.r...,. .s.o.u.s. .3.0. .j.o.u.r.s. .o.u. .d.a.n.s. .l.e. .r.e.s.p.e.c.t. .d.e.s. .c.o.n.d.i.t.i.o.n.s. .d.e. .l.a. .p.o.l.i.t.i.q.u.e. .d.e. .
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\fr\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):8141
                                                      Entropy (8bit):5.0777183612896915
                                                      Encrypted:false
                                                      SSDEEP:96:Vl6xMNvJy6FDEcNYXN3eFIrODNA12KjGRZ3f/Mh4MD:CyDqSBBJZPw
                                                      MD5:71BAE9FA286F966FADB952AE03FDA200
                                                      SHA1:A1AE800C1B6E6A64860A822FF654ED57FAE5D469
                                                      SHA-256:82FFDAA0CCB317C9DE42A35124C9513B3BC4B5709086073673651EFB3E9B6875
                                                      SHA-512:3CB7E94138CDE485D846C6B3302C420E98620553FD45C9B94F7A9624E65D89F6FFC7FFE9318C98C3240849A77D2173DFC6507323037D82DF78018970D6854CA8
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">R.duire</String>. <String key="Buttons:CloseToolTip">Fermer</String>.. First Page-->. <String key="WindowName">Programme d'installation de %BrandName% Capture</String>. <String key="ApplicationName">Programme d'installation de %BrandName% Capture</String>. <String key="Welcome">Bienvenue dans</String>. <String key="LWS_UnInstall2">Logiciel de la webcam %BrandName%</String>. <String key="LWS_UnInstall3">d.tect.</String>. <String key="LWS_UnInstall4">Avant d'installer le nouveau logiciel %BrandName% Capture, vous devez d.sinstaller le logiciel %BrandName% Webcam. En effet, ils partagent des composants susceptibles de provoquer un comportement inattendu si les deux applications sont install.es.</String>. <String key="LWS_UnInstall5">D.SINSTALLER %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName%
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\it\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):28700
                                                      Entropy (8bit):3.4775626414951635
                                                      Encrypted:false
                                                      SSDEEP:384:JZ+we3icWaDTR+k5zFLxjq4SOdWzP2j97NPwP7DooSyQmV:Jte3icTR+kNJY4SO8P257lwP7D3fQmV
                                                      MD5:89953BE5612E35F5EC2805310375609B
                                                      SHA1:C78CD835CA68E6C016C1A9321B1A1DDD641A13BC
                                                      SHA-256:0EFF38A3CD3047CFB297FEDDD318313F1794F0A439EC4FFF9AF28D4768219D0A
                                                      SHA-512:5DF8EEEC093B3E505EB478BF6C429252D9CC7EA73F55A336D9A5D27FB7FA44548CD0B37F8C07A952200A763F43DA7185D88D9B17A6539EA22D358483B8BD88B2
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..A.c.c.o.r.d.o. .d.i. .l.i.c.e.n.z.a. .p.e.r. .i.l. .s.o.f.t.w.a.r.e.........L.E.G.G.E.R.E. .A.T.T.E.N.T.A.M.E.N.T.E. .Q.U.E.S.T.O. .A.C.C.O.R.D.O. .D.I. .L.I.C.E.N.Z.A. .S.O.F.T.W.A.R.E. .P.R.I.M.A. .D.I. .U.T.I.L.I.Z.Z.A.R.E. .I.L. .P.R.O.D.O.T.T.O. .L.O.G.I.T.E.C.H. .A.C.Q.U.I.S.T.A.T.O. .O. .I.N.S.T.A.L.L.A.R.E. .I.L. .P.R.E.S.E.N.T.E. .S.O.F.T.W.A.R.E... .L.'.U.T.I.L.I.Z.Z.O. .D.E.L. .P.R.O.D.O.T.T.O. .L.O.G.I.T.E.C.H. .A.C.Q.U.I.S.T.A.T.O. .O. .L.'.I.N.S.T.A.L.L.A.Z.I.O.N.E. .D.E.L. .P.R.E.S.E.N.T.E. .S.O.F.T.W.A.R.E. .I.M.P.L.I.C.A. .L.'.A.C.C.E.T.T.A.Z.I.O.N.E. .D.E.I. .T.E.R.M.I.N.I. .D.E.L. .P.R.E.S.E.N.T.E. .A.C.C.O.R.D.O... .S.e. .l.'.u.t.e.n.t.e. .n.o.n. .a.c.c.e.t.t.a. .l.e. .c.o.n.d.i.z.i.o.n.i. .p.e.r. .l.'.u.t.i.l.i.z.z.o. .i.n.d.i.c.a.t.e. .n.e.l. .p.r.e.s.e.n.t.e. .A.c.c.o.r.d.o.,. .s.a.r... .t.e.n.u.t.o. .a. .r.e.s.t.i.t.u.i.r.e. .i.l. .p.r.o.d.o.t.t.o. .L.o.g.i.t.e.c.h. .n.e.l.l.a. .c.o.n.f.e.z.i.o.n.e. .o.r.i.g.i.n.a.l.e.,. .a.c.c.o.m.p.a.g.n.a.t.o. .d.a.l.l.a. .
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\it\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7809
                                                      Entropy (8bit):5.015813570222881
                                                      Encrypted:false
                                                      SSDEEP:96:nUr7785UFPBL4AFeQ/m61jTJggAUQkhry+b8luGSJgMre7D14ib:nUw5EPpeYjTK3fkhO+g04Zn
                                                      MD5:F4906A782A09D69C48EF2F3BC66315DA
                                                      SHA1:82408D70ADDABF0A4A0C33AA857E7E03F84C28B3
                                                      SHA-256:227A97D80921F2AD018C52B2DC36973702C3A0F0A847E250DA7DA201351A2B1C
                                                      SHA-512:90D4CDD21A4A1D25452A4F1E10DFD1069E126101DCE9E23F99795596875C42EABEE58C13E7E33103500BA72F1CA16117F5883DCA6328F3BEB678774847040B5C
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Riduci a icona</String>. <String key="Buttons:CloseToolTip">Chiudi</String>.. First Page-->. <String key="WindowName">Programma di installazione %BrandName% Capture</String>. <String key="ApplicationName">Programma di installazione %BrandName% Capture</String>. <String key="Welcome">Benvenuto in</String>. <String key="LWS_UnInstall2">Software webcam %BrandName%</String>. <String key="LWS_UnInstall3">rilevato</String>. <String key="LWS_UnInstall4">Prima di installare il nuovo %BrandName% Capture, devi disinstallare il software della webcam %BrandName%. Questi software condividono componenti che possono causare comportamenti imprevisti se vengono installate entrambe le applicazioni.</String>. <String key="LWS_UnInstall5">DISINSTALLA %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ja\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):11666
                                                      Entropy (8bit):5.635949133177588
                                                      Encrypted:false
                                                      SSDEEP:192:8GNjig81IxIxbOP/kNUOShglmUboONInqSTbi3A0H2f8Bp/SbRibRSBM3:39ZxIXjRUDB83bSBM3
                                                      MD5:F2024344BCC6888A5ADA80ADA9359485
                                                      SHA1:1F61DD7C7C4F756E789E79F9D8833F6526B2DA17
                                                      SHA-256:391CFCD274E781A6A1D5DB9D635C83B085F945AEBEE35AF83B149CC12680732A
                                                      SHA-512:D049CD2C48DFBF966309B62AE0E4F1BDF65D2A8E54D2D0AA7A45DE8751DFFAF77CC93139A5D0FF92C5AE134DCB693898F1092B5580A942410A79A42872916B56
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ...0.0.0.0.0.0.O(u1...QY.}.f........T0..eQD0_0`0D0_0 .L.o.g.i.c.o.o.l. ....Tn0.O(uMR~0_0o0S0n0.0.0.0.0.0.0n0.0.0.0.0.0.0MRk0.0,g.0.0.0.0.0.0.O(u1...QY.}.f.0.0O0J0...0O0`0U0D0.0T0..eQD0_0`0D0_0 .L.o.g.i.c.o.o.l. ....T.0.O(uU0.0.0K0.0S0n0.0.0.0.0.0.0.0.0.0.0.0.0.0U0.0.0S0h0k0.0.0.0.0.0.0.0o0S0n0.0.0.0.0.0.0.O(u1...QY.}.fn0ag..k0._F0S0h0k0.T.aW0_0S0h0k0j0.0~0Y0.0.0.0.0.0L0,gQY.}n0ag..k0.T.aW0j0D04X.Tk0o0.03.0. ..e.N.Q.0B0.0D0o0..eQBf.pg0n0.tS.0.0.0.0k0._c0_0.g.en0F0a0.0w.D0.en0.g.e~0g0k0.0CQn0.h.Sk0eQc0_0 .L.o.g.i.c.o.o.l. ....Tk0.0.0.0.0.0.mH0f0.0...0K0k0...W0f0O0`0U0D0.0.0.0.0.0.0.0.0..P[.vk0eQKbW0_04X.To0.0.0.0.0.0.0.0.0.0.0.0.0.0.0W0j0D0g0O0`0U0D0.0........1... ..N,..0.0.0.0.0.0J0.0s0,gQY.}k0.N^\Y0.0.e.f .(..0,g.0.0.0.0.0.0.0). .o0.0L.o.g.i.t.e.c.h. .E.u.r.o.p.e. .S...A... .(..0L.o.g.i.c.o.o.l..0). .k0.0c0f0.0,gQY.}n0ag..k0._c0_0.O(u.0.v.vh0W0f0.0.0.0.0.0k0...XU0.0.0n0g0o0j0O0.0.0.0.0.0.0L0.N.NU0.0~0Y0.0L.o.g.i.c.o.o.l. .J0.0s0]0n0.0.0.0.0.0.0o0.0.0.0.0.0.0.0n0@b.g)j.0.O.cW0f0J0.0.0
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ja\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):9005
                                                      Entropy (8bit):5.776108017740239
                                                      Encrypted:false
                                                      SSDEEP:96:f+OjNqp8KWCBNNzJrkehy0SkdBIuYb5dKnalkkGTVZM1xQYY:fXU88wId180hzR
                                                      MD5:5E49FE75776DCD50791111049CC0C9D1
                                                      SHA1:6EDFB67F55741C82C5EE2639D4C5C41940520996
                                                      SHA-256:41632C7C3EDC8B9E518CA4F9F3A4FC1449AB693319FB304CF40CAF23F0730FC2
                                                      SHA-512:258836BE1BDEF9DEE1E1121321CDC0AE2C48CC08EAC0ABC70E7DAEE890F142D822E56454863C395177AA5D9D4B77F53EC46F4DBE50FF9142028C0EA5BC8029EA
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">...</String>. <String key="Buttons:CloseToolTip">...</String>.. First Page-->. <String key="WindowName">%BrandName% Capture .......</String>. <String key="ApplicationName">%BrandName% Capture .......</String>. <String key="Welcome">....</String>. <String key="LWS_UnInstall2">%BrandName% ......</String>. <String key="LWS_UnInstall3">..............</String>. <String key="LWS_UnInstall4">... %BrandName% Capture ............%BrandName% Webcam Software................... .......................................................................</Str
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ko\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):11928
                                                      Entropy (8bit):5.5509230357698724
                                                      Encrypted:false
                                                      SSDEEP:192:3jgYTIAKuysqtPBt8OAOQ80HZ1fFselheFNvu:rTIKysGPBt83tHZ1fVf2Nvu
                                                      MD5:1F94075D4448329D5D5F7425C2C65577
                                                      SHA1:7CD99F7FEEC14711FD260A3D07FD6ADE699A7411
                                                      SHA-256:BFC6F5D342E1688F5934C5D60A910464A1CF7934FDC7FCA4D6935747CF26024C
                                                      SHA-512:AD5B586F82FFBB4C47DF1DC383792CFB1B8C19688458DCA3D1C35DD13AEE3622A35CAD53EF61268EA359D6BD3D9490EE1672C418339C3F0B5322F09894340000
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: .......... ...... ..}...........L.O.G.I.T.E.C.H. ....D. .....X.p... .t. .........|. .$.X.X.0. ..... ... ......... ...... ..}...|. ...X.J... .}........$... .L.O.G.I.T.E.C.H. ....D. .....X.. .t. .........|. .$.X.h.<.\.h. ...X.. ... ..}. .p.t.D. .....X.. .p. ..X.i..... ...X... ... ..}. .p.t... ..X.X... .J.. .....,. .3.0.|. .t.. ..... ...X.X. .l.. ....... ...\. ...X. ...E... .0.|. .X. ... .4. .0... ..... .L.o.g.i.t.e.c.h. ....D. ......\. ....X... ...X.X. .... ........ .h.. ..... ...X.X.....$... .........|. ......<.\. .a.8...\. ..... .........|. .$.X.X... ......$...........1... . .|..... ... ..}...@. .h.. ....... .........@. .8...(.".........".)... .L.o.g.i.t.e.c.h. .E.u.r.o.p.e. .S...A...(.. L.o.g.i.t.e.c.h.. )... ... ..}. .p.t... .0.|.... ......... ..... ...t. ...X.... ......D. .......<.p. ....\. ...t. .D...... .L.o.g.i.t.e.c.h... .L.o.g.i.t.e.c.h. .|.t.<..... ........... ...\. ... ..D. ... .X.p. .L.o.g.i.t.e.c.h.@. ...X.... .......
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ko\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):8027
                                                      Entropy (8bit):5.859037609670389
                                                      Encrypted:false
                                                      SSDEEP:96:vt4Uh4/sC/mS7iRNO0S4HgUU5Md4U5Ip5uHuFr7bH7tL8m5eYEJufhp5rviRuyOx:Rh4/BYa4AUDq6u1yXufwuzX
                                                      MD5:B0B2EDD7C7EB5AE5EDD98B2AF0334F92
                                                      SHA1:4712867D65295D753C531C81D729EDD4BC5F86A5
                                                      SHA-256:746516F2616E68C0ED5366A4785BEC8A097D8A684FAC2EB0110E1B3B87BCE713
                                                      SHA-512:DE57FCF56A5D09B559839B32E8985F69C72D00267D985763E8FF1EB30D705260DD2D3E5052338B57C5B82CD8984E0C3E24D332DF6FD3049B145BA1B3CC003C13
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">...</String>. <String key="Buttons:CloseToolTip">..</String>.. First Page-->. <String key="WindowName">%BrandName% Capture .. ...</String>. <String key="ApplicationName">%BrandName% Capture .. ...</String>. <String key="Welcome">......</String>. <String key="LWS_UnInstall2">%BrandName% ..</String>. <String key="LWS_UnInstall3">..... ..</String>. <String key="LWS_UnInstall4">. %BrandName% Capture. .... .. %BrandName% Webcam Software. .... .... .. . ....... .. ... .. ... .. ... ... . .. .. ... .... ......</String>. <String key="LWS_UnInstall5">%BRANDNAME% Webcam Software ..</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <St
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\nl\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):27912
                                                      Entropy (8bit):3.5329164321044493
                                                      Encrypted:false
                                                      SSDEEP:192:auNMwnKXGjonjRhSDot+aO58deBAcSs9V7/eXuU4v70I5kcgAhrx:8wnKXs+rT+aO5ttdReX3m70I5kcZrx
                                                      MD5:32522F090C5F54E799337618D158574B
                                                      SHA1:FC84518AB0FFC5B588F69A971CFEFABEB23572FC
                                                      SHA-256:7478D3A295E59862F44F74A9474DDF08F87A4CF3404BC69B0DA325B08133B047
                                                      SHA-512:7E35121911413079BF689A3867751ADB420DAC321C3E3BB4190169BFEA5CC3D04E918786D69F6ED43D0E2E6223BDE4C921638028D15C867B01C618BC61B01181
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..S.o.f.t.w.a.r.e.l.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t.........L.E.E.S. .D.E.Z.E. .S.O.F.T.W.A.R.E.L.I.C.E.N.T.I.E.O.V.E.R.E.E.N.K.O.M.S.T. .Z.O.R.G.V.U.L.D.I.G. .D.O.O.R. .V.O.O.R.D.A.T. .U. .U.W. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.C.T. .G.E.B.R.U.I.K.T. .O.F. .D.E.Z.E. .S.O.F.T.W.A.R.E. .I.N.S.T.A.L.L.E.E.R.T... .D.O.O.R. .U.W. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.C.T. .T.E. .G.E.B.R.U.I.K.E.N. .O.F. .D.E.Z.E. .S.O.F.T.W.A.R.E. .T.E. .I.N.S.T.A.L.L.E.R.E.N. .G.A.A.T. .U. .E.R.M.E.E. .A.K.K.O.O.R.D. .G.E.B.O.N.D.E.N. .T.E. .Z.I.J.N. .D.O.O.R. .D.E. .B.E.P.A.L.I.N.G.E.N. .V.A.N. .D.E.Z.E. .O.V.E.R.E.E.N.K.O.M.S.T... .A.l.s. .u. .n.i.e.t. .i.n.s.t.e.m.t. .m.e.t. .d.e. .b.e.p.a.l.i.n.g.e.n. .v.a.n. .d.e.z.e. .o.v.e.r.e.e.n.k.o.m.s.t.,. .d.i.e.n.t. .u. .h.e.t. .L.o.g.i.t.e.c.h.-.p.r.o.d.u.c.t. .o.n.m.i.d.d.e.l.l.i.j.k. .t.e. .r.e.t.o.u.r.n.e.r.e.n. .i.n. .d.e. .o.o.r.s.p.r.o.n.k.e.l.i.j.k.e. .v.e.r.p.a.k.k.i.n.g.,. .m.e.t. .h.e.t. .a.a.n.k.o.o.p.b.e.w.i.j.s. .e.n. .b.i.n.n.e.n. .3.0. .d.a.g.e.n.,. .
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\nl\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7752
                                                      Entropy (8bit):5.009808791652127
                                                      Encrypted:false
                                                      SSDEEP:96:+OFkfw743Tqfa+tcSLj/OAWHXDxL7hcqXixAzte0mHWtDi0iCws0RfKxFMG3+Xti:2fw74jqfPcfAWHbcqgATvMRfKTf+dVc
                                                      MD5:70C2DD9FBA9706F1B38D4FB54668B4D5
                                                      SHA1:4D3D17FDF3F9DAE97DE60EBEA761F762FC4279E5
                                                      SHA-256:E821B23EF76B9C112A60C6741BBCAB9CCB1E0177A54F87346382C215D29B79CF
                                                      SHA-512:CA0081B8A83B7897E47BD220C05E3B095C3753429D3EE0A66B7C3DEC11F70654F6760102B6358BBB35A157A22DA28C856FD6AAECBC3200650387B85AFF8CE114
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimaliseren</String>. <String key="Buttons:CloseToolTip">Sluiten</String>.. First Page-->. <String key="WindowName">Installatieprogramma van %BrandName% Capture</String>. <String key="ApplicationName">Installatieprogramma van %BrandName% Capture</String>. <String key="Welcome">Welkom bij</String>. <String key="LWS_UnInstall2">%BrandName%-webcam</String>. <String key="LWS_UnInstall3">software gedetecteerd</String>. <String key="LWS_UnInstall4">Voordat je de nieuwe %BrandName% Capture installeert, moet je de %BrandName% Webcam-software verwijderen. Dat komt omdat ze componenten delen die onverwacht gedrag kunnen veroorzaken als beide toepassingen zijn ge.nstalleerd.</String>. <String key="LWS_UnInstall5">%BRANDNAME% WEBCAM-SOFTWARE VERWIJDEREN</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\no\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):25084
                                                      Entropy (8bit):3.5328103976553242
                                                      Encrypted:false
                                                      SSDEEP:768:JNMVu2JpSWneBd5r0GLQX49LqpL+G0tOX8LkT17l:JNMVu2JpDeBd5r0OLqpL+G0tOX8w
                                                      MD5:0E7DE04507882407491EFE8C8985E77A
                                                      SHA1:A23DCEB73D587A189D4496E4D5E9684FA698A971
                                                      SHA-256:0706AA75A40ADEC22562A990A42DB04D234E4CD3D2B58C7E8DF41C2F53B83363
                                                      SHA-512:523D9F20B96723E2B326280F070E7148A645BE83AC65B1F056EF4F2618EB8597F367B23D635ABB832A3BAB5E86187CE2D18D8F357048C8C5C801A23A249FBDCC
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..L.i.s.e.n.s.a.v.t.a.l.e. .f.o.r. .p.r.o.g.r.a.m.v.a.r.e.........D.U. .B...R. .L.E.S.E. .D.E.N.N.E. .L.I.S.E.N.S.A.V.T.A.L.E.N. .N...Y.E. .F...R. .D.U. .B.E.G.Y.N.N.E.R. ... .B.R.U.K.E. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T.E.T. .E.L.L.E.R. .I.N.S.T.A.L.L.E.R.E.R. .P.R.O.G.R.A.M.V.A.R.E.N... .G.J.E.N.N.O.M. .B.R.U.K. .A.V. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T.E.T. .E.L.L.E.R. .I.N.S.T.A.L.L.E.R.I.N.G. .A.V. .D.E.N.N.E. .P.R.O.G.R.A.M.V.A.R.E.N. .S.A.M.T.Y.K.K.E.R. .D.U. .I. ... .B.L.I. .B.U.N.D.E.T. .A.V. .V.I.L.K...R.E.N.E. .I. .D.E.N.N.E. .A.V.T.A.L.E.N... .D.e.r.s.o.m. .d.u. .i.k.k.e. .g.o.d.t.a.r. .v.i.l.k...r.e.n.e. .i. .d.e.n.n.e. .a.v.t.a.l.e.n.,. .m... .L.o.g.i.t.e.c.h.-.p.r.o.d.u.k.t.e.t. .r.e.t.u.r.n.e.r.e.s. .i. .o.r.i.g.i.n.a.l.e.m.b.a.l.l.a.s.j.e.n. .o.m.g...e.n.d.e.,. .s.a.m.m.e.n. .m.e.d. .s.a.l.g.s.k.v.i.t.t.e.r.i.n.g.e.n.,. .i.n.n.e.n. .3.0. .d.a.g.e.r. .e.l.l.e.r. .i. .h.e.n.h.o.l.d. .t.i.l. .r.e.t.n.i.n.g.s.l.i.n.j.e.n.e. .f.o.r. .r.e.t.u.r. .h.o.s. .f.o.r.h.a.n.d.l.e.r.e.n.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\no\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7521
                                                      Entropy (8bit):5.062601807712456
                                                      Encrypted:false
                                                      SSDEEP:96:ixyN9aCi7ldGo5kVM8b8tANuP5KYlQDKFrxb5HVj1ZKViTzBIfG+Q5IRMqL1wceB:r3Fi7lRKtD6QDKRxb5H11Z3+RQaPwxB
                                                      MD5:F19453DF9C67365B9D082B62FFCD12EA
                                                      SHA1:9BBC9C2557B4A5B3D6571630662E074444F06BD0
                                                      SHA-256:D912612F71F8FEB00485A91BED15B2703FC2D6DC13519A0EECA0F0470ADC128B
                                                      SHA-512:2A4B427671F03F29A3B2D3D249402CEB43A08EF3F61588FC751FC8BD84689B1187502FCCB6AF0266B94D6AD9439D54BFADA14EAA8DF6255D876C94E08F02B72E
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimer</String>. <String key="Buttons:CloseToolTip">Lukk</String>.. First Page-->. <String key="WindowName">Installasjonsprogram for %BrandName% Capture</String>. <String key="ApplicationName">Installasjonsprogram for %BrandName% Capture</String>. <String key="Welcome">Velkommen til</String>. <String key="LWS_UnInstall2">Programvare til %BrandName%-webkameraet</String>. <String key="LWS_UnInstall3">oppdaget</String>. <String key="LWS_UnInstall4">F.r du installerer den nye %BrandName% Capture, m. du avinstallere %BrandName% Webcam Software. Dette skyldes at de deler komponenter som kan for.rsake uventet atferd hvis begge programmene er installert.</String>. <String key="LWS_UnInstall5">AVINSTALLER %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">INSTAL
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pl\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):29376
                                                      Entropy (8bit):3.613753627359938
                                                      Encrypted:false
                                                      SSDEEP:768:olreSpG9Ezs3cv/xY3BVcqcipw0AqpxOLBVgel:aEEz6aOWgel
                                                      MD5:E806ECBE27C5C3A310F5CE1E03EAE710
                                                      SHA1:CD00894D12DC9B1236763B3808C41004E87FC8C8
                                                      SHA-256:655DD1616A5325F8C0DEC47EB396B5B4C77EAD4A6922D4240E52AFB0436B3D72
                                                      SHA-512:EDA909B155DD00ECC1F8D39EE508C7C647121363B5ADBD57ED240FF41EC3CA00A51C143F7A571A77D4EA7373476FA845FC8E8BA19A4A1A3A6C61DB5A93B3AC2A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..U.m.o.w.a. .l.i.c.e.n.c.y.j.n.a. .n.a. .o.p.r.o.g.r.a.m.o.w.a.n.i.e.........P.R.O.S.I.M.Y. .O. .U.W.A.Z.N.E. .P.R.Z.E.C.Z.Y.T.A.N.I.E. .N.I.N.I.E.J.S.Z.E.J. .U.M.O.W.Y. .L.I.C.E.N.C.Y.J.N.E.J. .N.A. .O.P.R.O.G.R.A.M.O.W.A.N.I.E. .P.R.Z.E.Z. .U.Z.Y.C.I.E.M. .P.R.O.D.U.K.T.U. .F.I.R.M.Y. .L.O.G.I.T.E.C.H. .L.U.B. .Z.A.I.N.S.T.A.L.O.W.A.N.I.E.M. .T.E.G.O. .O.P.R.O.G.R.A.M.O.W.A.N.I.A... .U.Z.Y.W.A.J.A.C. .P.R.O.D.U.K.T.U. .F.I.R.M.Y. .L.O.G.I.T.E.C.H. .L.U.B. .I.N.S.T.A.L.U.J.A.C. .T.O. .O.P.R.O.G.R.A.M.O.W.A.N.I.E.,. .U.Z.Y.T.K.O.W.N.I.K. .Z.G.A.D.Z.A. .S.I.E. .P.O.D.P.O.R.Z.A.D.K.O.W.A.C. .P.O.S.T.A.N.O.W.I.E.N.I.O.M. .N.I.N.I.E.J.S.Z.E.J. .U.M.O.W.Y... .J.e.s.l.i. .u.z.y.t.k.o.w.n.i.k. .n.i.e. .a.k.c.e.p.t.u.j.e. .p.o.s.t.a.n.o.w.i.e.n. .n.i.n.i.e.j.s.z.e.j. .u.m.o.w.y.,. .j.e.s.t. .z.o.b.o.w.i.a.z.a.n.y. .d.o. .n.a.t.y.c.h.m.i.a.s.t.o.w.e.g.o. .z.w.r.o.t.u. .p.r.o.d.u.k.t.u. .f.i.r.m.y. .L.o.g.i.t.e.c.h. .w. .j.e.g.o. .o.r.y.g.i.n.a.l.n.y.m. .o.p.a.k.o.w.a.n.i.u. .w.r.a.z. .z. .d.o.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pl\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):8197
                                                      Entropy (8bit):5.2799155772210495
                                                      Encrypted:false
                                                      SSDEEP:96:lcEuzfUfhFJoIt2fuzqcqYkzmPTPQKsZ46/V3vpS/DJsGSSdoSrqiMkXY7Yb:lc5bUfh3o62QmabvE4mVvcJKSdd
                                                      MD5:1A2BAFDED3144B76A7EFEACE1556989C
                                                      SHA1:4032BE43DC6F816E73E2E4867A8C394687E1D484
                                                      SHA-256:6FA12B3A890913D33FAA459157F5F29F96F90AE6E9457153CC05F7AB3AB4EB38
                                                      SHA-512:1EA2A20F186C5A77C307EC04330943C286605248A107863AAF9F3568B9E8C81AFAB7B7A8EC5111B4D2F00DE11B84891618822E678C538AD63FC1EDFBDBB976D9
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimalizuj</String>. <String key="Buttons:CloseToolTip">Zamknij</String>.. First Page-->. <String key="WindowName">Instalator oprogramowania %BrandName% Capture</String>. <String key="ApplicationName">Instalator oprogramowania %BrandName% Capture</String>. <String key="Welcome">Witamy w</String>. <String key="LWS_UnInstall2">Wykryto oprogramowanie</String>. <String key="LWS_UnInstall3">kamery internetowej %BrandName%</String>. <String key="LWS_UnInstall4">Przed zainstalowaniem nowego oprogramowania %BrandName% Capture nale.y odinstalowa. wcze.niejsze oprogramowanie kamery internetowej %BrandName%. Obie wersje oprogramowania u.ytkuj. te same komponenty, co mo.e powodowa. nieoczekiwane dzia.anie, je.li obie aplikacje s. zainstalowane jednocze.nie.</String>. <String key="LWS_UnInstall5">ODINSTALUJ OPROGRAMOWANIE %BRANDNAM
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-BR\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):25520
                                                      Entropy (8bit):3.5460081414067046
                                                      Encrypted:false
                                                      SSDEEP:192:K9t3hQdTPL9CH9iCIA7+zPd6oQyCDjqwRfffhmXKYIXiwVrThAyOEYjM7m1oNA85:utRQdTz4KAS6ryXSzhA7Ef70oN+jxe3
                                                      MD5:AA15B55913A7018DB9B17CDB3BD69191
                                                      SHA1:DDA37D2E8C9E852A66FAB2926CF4F2E865E80FA8
                                                      SHA-256:EC84B02C6E696621943A9DF86C3F42BCD5E63E7DC29546CAE352B4C1DC3FEB6A
                                                      SHA-512:DA6E01C6DC5E4B0CE9515EEEA99386CABA8D02F9A3EEB9EBE7F682E1CDD89AAB0B3FB4BFE0BCFBE3E37D7E97A52B36C768CFE45E2C45A83242F9193DAB656375
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..C.o.n.t.r.a.t.o. .d.e. .l.i.c.e.n...a. .d.e. .s.o.f.t.w.a.r.e.........L.E.I.A. .A.T.E.N.T.A.M.E.N.T.E. .E.S.T.E. .C.O.N.T.R.A.T.O. .D.E. .L.I.C.E.N...A. .D.E. .S.O.F.T.W.A.R.E. .A.N.T.E.S. .D.E. .U.S.A.R. .O. .P.R.O.D.U.T.O. .D.A. .L.O.G.I.T.E.C.H. .O.U. .D.E. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E... .A.O. .U.S.A.R. .O. .P.R.O.D.U.T.O. .D.A. .L.O.G.I.T.E.C.H. .O.U. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E.,. .V.O.C... .E.S.T... .C.O.N.C.O.R.D.A.N.D.O. .C.O.M. .O.S. .T.E.R.M.O.S. .D.E.S.T.E. .C.O.N.T.R.A.T.O... .S.e. .n...o. .c.o.n.c.o.r.d.a.r. .c.o.m. .o.s. .t.e.r.m.o.s. .d.e.s.t.e. .c.o.n.t.r.a.t.o.,. .d.e.v.o.l.v.a. .o. .p.r.o.d.u.t.o. .d.a. .L.o.g.i.t.e.c.h. .n.a. .e.m.b.a.l.a.g.e.m. .o.r.i.g.i.n.a.l. .c.o.m. .o. .r.e.c.i.b.o. .d.e. .v.e.n.d.a. .d.e.n.t.r.o. .d.e. .3.0. .(.t.r.i.n.t.a.). .d.i.a.s. .o.u. .d.e. .a.c.o.r.d.o. .c.o.m. .a. .d.i.r.e.t.r.i.z. .d.e. .d.e.v.o.l.u.....o. .d.o. .l.o.c.a.l. .d.e. .c.o.m.p.r.a.,. .q.u.a.l.q.u.e.r. .q.u.e. .s.e.j.a. .o. .m.a.i.s. .l.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-BR\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7664
                                                      Entropy (8bit):5.087926730383882
                                                      Encrypted:false
                                                      SSDEEP:96:CP2Ymisa15jC0DimFovWicidGZJ4Mrkr7:CxmizvBJiuG
                                                      MD5:F500D3B52D8F675CE04055D94AB22313
                                                      SHA1:C54E5F6E5D3F22D27859EF7F000FE3CED5C1F067
                                                      SHA-256:E1F4FA0621A75DE0832AF7534FFDAC4316D8DEC711EEC11F3B1D898480BEC0A2
                                                      SHA-512:428653A83CADC88BDD82A48AA6113D5DD8675F47CE8D756DC8E53E4F40D3637FC2BDFCB31DA6D8D12D337A435266F2CEB5E725F83DE734A76FF380315561080A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimizar</String>. <String key="Buttons:CloseToolTip">Fechar</String>.. First Page-->. <String key="WindowName">Instalador do %BrandName% Capture</String>. <String key="ApplicationName">Instalador do %BrandName% Capture</String>. <String key="Welcome">Bem-vindo ao</String>. <String key="LWS_UnInstall2">Software da webcam %BrandName%</String>. <String key="LWS_UnInstall3">detectado</String>. <String key="LWS_UnInstall4">Antes de instalar o novo %BrandName% Capture, voc. deve desinstalar %BrandName% Webcam Software. Fazemos isso porque eles compartilham componentes que podem causar um comportamento inesperado se os dois aplicativos estiverem instalados.</String>. <String key="LWS_UnInstall5">DESINSTALAR %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">INS
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-PT\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):25494
                                                      Entropy (8bit):3.5418414015965376
                                                      Encrypted:false
                                                      SSDEEP:384:9+D/CZx9FLCr6bIEn4fbE59zo8BYj7sYAAVocRbQzSHM:9+Dc7FurkjnUiZo89YdocqGs
                                                      MD5:F3F84FDDE944284FA3E621048362C484
                                                      SHA1:175B4CCC9D439BCAD5491799DABB011C02B25B22
                                                      SHA-256:AEDD4A6B0AA11BC8DD2758967850ACBCB5F5E096952008E960E6112041123311
                                                      SHA-512:DCB6250E912EA6523B296FFA2B79D4383E23A547C1C4992491564E5727CC8E6D1F18190E5D9D8FC43D3C1F9E8F2043A7C109B9FCC947BE72BB1AB064CA198A8A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.e. .S.o.f.t.w.a.r.e.........L.E.I.A. .E.S.T.E. .C.O.N.T.R.A.T.O. .D.E. .L.I.C.E.N...A. .D.E. .S.O.F.T.W.A.R.E. .C.U.I.D.A.D.O.S.A.M.E.N.T.E. .A.N.T.E.S. .D.E. .U.T.I.L.I.Z.A.R. .O. .S.E.U. .P.R.O.D.U.T.O. .L.O.G.I.T.E.C.H. .O.U. .D.E. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E... .A.O. .U.T.I.L.I.Z.A.R. .O. .S.E.U. .P.R.O.D.U.T.O. .L.O.G.I.T.E.C.H. .O.U. .I.N.S.T.A.L.A.R. .E.S.T.E. .S.O.F.T.W.A.R.E. .E.S.T... .A. .C.O.N.C.O.R.D.A.R. .E.M. .V.I.N.C.U.L.A.R.-.S.E. .A.O.S. .T.E.R.M.O.S. .D.E.S.T.E. .C.O.N.T.R.A.T.O... .S.e. .n...o. .c.o.n.c.o.r.d.a. .c.o.m. .o.s. .t.e.r.m.o.s. .d.e.s.t.e. .c.o.n.t.r.a.t.o.,. .d.e.v.o.l.v.a. .i.m.e.d.i.a.t.a.m.e.n.t.e. .o. .s.e.u. .p.r.o.d.u.t.o. .L.o.g.i.t.e.c.h. .n.a. .e.m.b.a.l.a.g.e.m. .o.r.i.g.i.n.a.l. .c.o.m. .o. .t.a.l...o. .d.e. .c.o.m.p.r.a. .n.o. .p.r.a.z.o. .d.e. .3.0. .d.i.a.s. .o.u. .d.e. .a.c.o.r.d.o. .c.o.m. .a. .p.o.l...t.i.c.a. .d.e. .d.e.v.o.l.u.....o. .d.o. .p.o.n.t.o. .d.e. .v.e.n.d.a.,. .p.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\pt-PT\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7736
                                                      Entropy (8bit):5.091636693526419
                                                      Encrypted:false
                                                      SSDEEP:48:cXXgu3uBhXVppOguN58FPC+0+/bNw7p47R+QsbdReJ3BDiu3JN7oUQmsu67/QqBB:lweC15MDiCiu69PO1GQovBMrkr7
                                                      MD5:841189265FD2972014EF5EB950D3AD88
                                                      SHA1:460256E46D52999E812B5B59AAA15CA5CE09F04F
                                                      SHA-256:0042B63E86226FB0ECD0CA328EED7096D8889DD8CB8D04E0CD7187326365AB02
                                                      SHA-512:8180B22983078C748AA4C051ECE94251264EA8CD46A9FF3DA2D66D07FDF86F0966BA326C0E25D20966C7E04702842130E89DE97C2799E549AF25FFFE1B14CFA0
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimizar</String>. <String key="Buttons:CloseToolTip">Fechar</String>.. First Page-->. <String key="WindowName">Instalador do %BrandName% Capture</String>. <String key="ApplicationName">Instalador do %BrandName% Capture</String>. <String key="Welcome">Bem-vindo ao</String>. <String key="LWS_UnInstall2">Software da c.mara Web %BrandName%</String>. <String key="LWS_UnInstall3">detectado</String>. <String key="LWS_UnInstall4">Antes de instalar o novo software %BrandName% Capture, deve desinstalar o %BrandName% Webcam Software. Isto ocorre porque partilham componentes que podem causar um comportamento inesperado se as duas aplica..es estiverem instaladas.</String>. <String key="LWS_UnInstall5">DESINSTALAR O %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install"
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ru\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Rich Text Format data, version 1, ANSI
                                                      Category:dropped
                                                      Size (bytes):51313
                                                      Entropy (8bit):3.4450902147891886
                                                      Encrypted:false
                                                      SSDEEP:768:xhQKjDmhzNvjMFGE97geXbSKbDkZ/ce3OK8XJK+m4c5K:xhb8hvjMFv97geXeKbDkZ/ce2m4c5K
                                                      MD5:9287A38A17F687F705BBF93E4E8EC8BE
                                                      SHA1:80A7A4B57852EDD5EDF2BD4D6039EEDE25A3DA11
                                                      SHA-256:B29E05CEAD9044C19EBAC1E77E72E17FE526A410BD3AFF0B5C953BD99D6F3E5B
                                                      SHA-512:0E0A279440A508A5D4CF4D0FB33D7CE7F0564AA0DFAA29013F588F4D9889A194DA8C7F3DB1C78D760C77682290A74B0B3F82B4FF9106B1A7D4B1F7AF0B8E9515
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: {\rtf1\ansi\deff0\nouicompat{\fonttbl{\f0\fnil\fcharset204 Courier New;}{\f1\fnil Courier New;}{\f2\fnil\fcharset0 Courier New;}}..{\*\generator Riched20 10.0.15063}\viewkind4\uc1 ..\pard\f0\fs22\lang1049\'cb\'e8\'f6\'e5\'ed\'e7\'e8\'ee\'ed\'ed\'ee\'e5 \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5 \'ed\'e0 \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'ed\'ee\'e5 \'ee\'e1\'e5\'f1\'ef\'e5\'f7\'e5\'ed\'e8\'e5\par..\par..\'cf\'c5\'d0\'c5\'c4 \'c8\'d1\'cf\'ce\'cb\'dc\'c7\'ce\'c2\'c0\'cd\'c8\'c5\'cc \'cf\'d0\'ce\'c4\'d3\'ca\'d2\'c0 LOGITECH \'c8\'cb\'c8 \'c7\'c0\'c3\'d0\'d3\'c7\'ca\'ce\'c9 \'c4\'c0\'cd\'cd\'ce\'c3\'ce \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c3\'ce \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'df \'d1\'cb\'c5\'c4\'d3\'c5\'d2 \'c2\'cd\'c8\'cc\'c0\'d2\'c5\'cb\'dc\'cd\'ce \'ce\'c7\'cd\'c0\'ca\'ce\'cc\'c8\'d2\'dc\'d1\'df \'d1 \'d3\'d1\'cb\'ce\'c2\'c8\'df\'cc\'c8 \'cd\'c0\'d1\'d2\'ce\'df\'d9\'c5\'c3\'ce \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'ce\'cd\'cd\'ce\'c3\'ce \'d1\'ce\'c3\'cb\'c0\'d8\'c5\'cd\'c8\'df. \'
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\ru\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines
                                                      Category:dropped
                                                      Size (bytes):11348
                                                      Entropy (8bit):5.264250290308993
                                                      Encrypted:false
                                                      SSDEEP:192:fsW9lA9yDeWf3F93BCQ6VtYDZNJ2FUcVoiSe:f97eWf3FfCDvMZjlZiSe
                                                      MD5:4A1C87DDBC682FBF1693129B00B69223
                                                      SHA1:8EFE602A122E2EE77D76136EEE7689D2F1DC4601
                                                      SHA-256:9D5BA7F84DE6035C9AC7AED5B65BEA8780F3EA668606FD5B0FE99D5BE4E51B95
                                                      SHA-512:D4A8F07DD8C047C65FCD5252295E52B37319AF75D33C20893F379897104F745D6D850FA8E22E9BBB788AC0EC9A54F59F5FA1F4CB81485A3743B383BB927B9A3F
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">........</String>. <String key="Buttons:CloseToolTip">.......</String>.. First Page-->. <String key="WindowName">.......... %BrandName% Capture</String>. <String key="ApplicationName">.......... %BrandName% Capture</String>. <String key="Welcome">..... .......... .</String>. <String key="LWS_UnInstall2">.......... ........... ...........</String>. <String key="LWS_UnInstall3">...-...... %BrandName%</String>. <String key="LWS_UnInstall4">...... ... .......... ..... ........... ........... %BrandName% Capture, .......... ....... ........... ........... %BrandName% Webcam Software. ....... ........... . ..., ... ... .........
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\sv\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):25076
                                                      Entropy (8bit):3.588637659602625
                                                      Encrypted:false
                                                      SSDEEP:384:Ug8f/N0CYnvhb+ki/BoS1gELu6+L2fvvN93hI+pHKeqimw:aWhb+k8BoS1xLunOI+pHKeqimw
                                                      MD5:EC6B322F2475DBEEB1C4381EFA346B96
                                                      SHA1:EFFCA04A808BA47A12737F06D99E84D157A61A16
                                                      SHA-256:F6BEB3F9703BC429D7F105C8A18A77158A0CD8E9F32901DF9F35FF12F9288EDF
                                                      SHA-512:DAF228CBF6623FC26190F83125802C755CD8CE5EC727021BCCD117CE7261A9207EEFDEFD1EE3C217A5298E9ADF85B04C3B7B9ECB29EDE1271F55B89A1D30E1C4
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..L.i.c.e.n.s.a.v.t.a.l. .f...r. .p.r.o.g.r.a.m.v.a.r.a.........L...S. .I.G.E.N.O.M. .D.E.T. .H...R. .L.I.C.E.N.S.A.V.T.A.L.E.T. .N.O.G.G.R.A.N.T. .I.N.N.A.N. .D.U. .A.N.V...N.D.E.R. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T.E.N. .E.L.L.E.R. .I.N.S.T.A.L.L.E.R.A.R. .P.R.O.G.R.A.M.M.E.T... .G.E.N.O.M. .A.T.T. .A.N.V...N.D.A. .L.O.G.I.T.E.C.H.-.P.R.O.D.U.K.T.E.N. .E.L.L.E.R. .I.N.S.T.A.L.L.E.R.A. .P.R.O.G.R.A.M.M.E.T. .G.O.D.K...N.N.E.R. .D.U. .V.I.L.L.K.O.R.E.N. .I. .D.E.T. .H...R. .L.I.C.E.N.S.A.V.T.A.L.E.T... .O.m. .d.u. .i.n.t.e. .g.o.d.k...n.n.e.r. .v.i.l.l.k.o.r.e.n. .i. .d.e.t. .h...r. .a.v.t.a.l.e.t. .s.k.a. .L.o.g.i.t.e.c.h.-.p.r.o.d.u.k.t.e.n. .s.k.i.c.k.a.s. .t.i.l.l.b.a.k.a. .i. .s.i.n. .o.r.i.g.i.n.a.l.f...r.p.a.c.k.n.i.n.g. .t.i.l.l.s.a.m.m.a.n.s. .m.e.d. .k.v.i.t.t.o.t. .i.n.o.m. .3.0. .d.a.g.a.r. .f.r...n. .i.n.k...p.s.d.a.t.u.m. .e.l.l.e.r. .i.n.o.m. .d.e.n. .t.i.d. .s.o.m. .s.t.i.p.u.l.e.r.a.s. .a.v. ...t.e.r.f...r.s...l.j.a.r.e.n.s. .k...p.e.v.i.l.l.k.o.r.,. .b.e.r.o.e.n.d.e. .
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\sv\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7404
                                                      Entropy (8bit):5.0678352578219865
                                                      Encrypted:false
                                                      SSDEEP:96:X4/lnnYUmhU+kalRoTfBZoPV7+2W1FzaW5aWPVEMvYLFGJPLGbCLQFMqwqhNHZ:X4/lnnYZe+lROA7l0E7XMvYLFGt+CLQH
                                                      MD5:6CFA015B5C9C654444436BA99A20A02E
                                                      SHA1:356A1D7BEC9F8562211466473CC50DA43D6FE114
                                                      SHA-256:7B4BC2A98DC73E37F364F26BA0279A16010885C3036D43CA6EF2AE31249258EE
                                                      SHA-512:E1140361CF316B496D5E40E34057E926B0CC6690D26B0C73277189AAA6847DD8DF28A2381164CEFB0FB09F7DED777284ED68B1FB5B22E74638074B1977A4E2F1
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">Minimera</String>. <String key="Buttons:CloseToolTip">St.ng</String>.. First Page-->. <String key="WindowName">Installera %BrandName% Capture</String>. <String key="ApplicationName">Installera %BrandName% Capture</String>. <String key="Welcome">V.lkommen till</String>. <String key="LWS_UnInstall2">Programvara f.r %BrandName%-webbkamera</String>. <String key="LWS_UnInstall3">har uppt.ckts</String>. <String key="LWS_UnInstall4">Innan du installerar nya %BrandName% Capture m.ste du avinstallera %BrandName% Webcam Software. Det beror p. att de delar komponenter som kan orsaka ov.ntat beteende om b.da programmen .r installerade.</String>. <String key="LWS_UnInstall5">AVINSTALLERA %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">INSTALLERA %BRANDNAME%
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-CN\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                      Category:dropped
                                                      Size (bytes):7810
                                                      Entropy (8bit):6.7230941248177665
                                                      Encrypted:false
                                                      SSDEEP:96:7p4E/6yb0btcA94YnwQ+9hQjaQGrTypyQ5E9GfLmYyaC7yFFkHx9IE8xO:7p4E6+4bnwQ+9XSyME4DmvSkHT5
                                                      MD5:E225CCF20F93775984F790ACDCB16354
                                                      SHA1:76C07F483B09F6611F506DC8FAE9865488BA65C6
                                                      SHA-256:C537DFE1AF09D79D4DA3F5F0861EC68B59A46F5CB2098731CCBDBE8CEBD6A816
                                                      SHA-512:A6E4895607189674A98F77D13BF17B265D3F70306F509C7676E1AF9A1EB9320727311CE54D5ED11CFF490DCBB57A7C344AE16ECACBB2135AE93BF00CA74CC93C
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: .....c.k.T.}.........(W.O(u .L.O.G.I.T.E.C.H. ."u.T.b.[.dk..KNMR..s.0}....dk...c.k.T.}.0.O(u .L.O.G.I.T.E.C.H. ."u.T.b.[.dk....sSh.:y.`.T.au..[dk.T.}.h>k.v...[.0.`.N.T.adk.T.}.h>k....zsS.\ .L.o.g.i.t.e.c.h. ."u.T#..T.S.Y.S.......6e.d..(W .3.0. .)YgQ .(..b(W.`....0W.....?eV{...[.vBf..gQ...NBf....w....p.n). ....V.0.`.]..N...P[.e._X[.S......R.[....0........1... ..N,....[.0L.o.g.i.t.e.c.h. .E.u.r.o.p.e. .S...A... .(..N.N1z.0L.o.g.i.t.e.c.h..0). ..c.N .(.^....U). ..`.P(W.Ogq,g.T.}.h>k...h.N.N...e._.O(u,g.T.}.m.S.v.....e.N .(..N.Nq}1z.p.0...0). ..v.k)R.0L.o.g.i.t.e.c.h..SvQ.c.k.N.OYu...v@b.g.k...N .L.o.g.i.t.e.c.h. ..OYu*g.f.x.c.N.`.v@b.g.k)R.0.NUO1u .L.o.g.i.t.e.c.h. ..c.O.N.S.N.T/..b.X..S.Y...v...f.e...v..u..[,g.T.}.h>k...[..d.^.r..f.e..D..g.P%R.c.k..(Wdk.`.l-NGR..u..[r..P%R.c.k.h>k...[.0........2... . . ..c.k.c.N.SP.6R.09h.ddk.T.}.h>k...h.N.v...[..L.o.g.i.t.e.c.h. ..c.N.`.gP.6R.v^..\l\.c.k...P(W...p..D..e.`....KN .L.o.g.i.t.e.c.h. ."u.T.b.`.O(uKN .L.o.
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-CN\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):6823
                                                      Entropy (8bit):6.126822473983231
                                                      Encrypted:false
                                                      SSDEEP:96:hO/XzAvQv/xWPjEvT+1yGjKgnpfCW6z0D+DStMELvnQs:cPOd1lGzQ5F
                                                      MD5:7352F727F11663B68DC09D5DC0F017C0
                                                      SHA1:FD98BA625A320A694D8C2CAABCCFD790650CF75D
                                                      SHA-256:352C0D3367A4CBD35264FE97C94D5FDB9683BC863A76E369FEB99EE4575BB349
                                                      SHA-512:2F1CF1806771E30441AD6FD1716D8CEC01B80B45AD4AC8271CAAC1D938F80F480D2E597FF60E7572107A19E6A8AB3A2923FF8D18AB7EECE25D6C54E123A8242B
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">...</String>. <String key="Buttons:CloseToolTip">..</String>.. First Page-->. <String key="WindowName">%BrandName% Capture ....</String>. <String key="ApplicationName">%BrandName% Capture ....</String>. <String key="Welcome">....</String>. <String key="LWS_UnInstall2">... %BrandName% .....</String>. <String key="LWS_UnInstall3">..</String>. <String key="LWS_UnInstall4">.... %BrandName% Capture ........ %BrandName% Webcam Software. ............................</String>. <String key="LWS_UnInstall5">.. %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">.. %BRANDNAME% CAPTURE</String>. <String key="Disclaimer:Intro"
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-TW\License.rtf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):7848
                                                      Entropy (8bit):6.623544988958949
                                                      Encrypted:false
                                                      SSDEEP:96:CBV/kSKoqlHN9tulqY8mdy5OQzx2GkIruoOBxFG/nXK60iQZlus8i3szmkA7qp6:U9kKMHnrgQ9KG/660iiX8xiQ6
                                                      MD5:89ADF5056B5212B8F50DBE26649E06B5
                                                      SHA1:BBA01B3801D9F44F704CAF536C741C351586C364
                                                      SHA-256:ABD8A1EBB39DC7BD9D64F21D3B5E0EFC7FD73EAD8052058903410C49D150BC22
                                                      SHA-512:850351BD49B2AFF6D981BB9130F7AE91D910BA1AB01144892ACA8C80ADD709A3F2BA831AF71B8D0B98C5CD15758DA7BB41A487036D6107F4E94EFB10C0FC5F8E
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ..o..N...SOS............(W.O(u .L.o.g.i.t.e.c.h. ..N.T.b.[.,go..NKNMR...N.~....,g.0o..N...SOS...0.0.O(u .L.o.g.i.t.e.c.h. ..N.T.b.[.,go..N..sSh..f.`.T.a.SdkOS...vag>k.~_g.0.Y.g.`.N.T.a,gOS...vag>k....(W .3.0. .)Y.Q.b..9hnc-.pN.p.v..'.?eV{...N.e........:N.Q.....zsS.\.S.S..v .L.o.g.i.t.e.c.h. ..N.T..T.`.v...U6enc...V.0.Y.g.`.].~...5uP[.e._...S.No..N.....N...[.o..N.0........1.......;`.R.0,gOS....D..vo..N.T.ech... o..N. ..1u .L.o.g.i.t.e.c.h. .E.u.r.o.p.e. .S...A...... L.o.g.i.t.e.c.h.. ...cCg....^..Q.U...~.`...N.O9hnc,gOS...vag>k.Tag.N.O(u.0L.o.g.i.t.e.c.h. ..SvQ...S...cCg.e.OYuo..N.v@b.gCg..L.o.g.i.t.e.c.h. ..OYu*g.fnx.c.N.`.v@b.gCg)R.0,gOS...vag>k.\6R.~1u .L.o.g.i.t.e.c.h. ..c.O.v.[.S.Yo..N.L..fbc.T/..be.EQ.v@b.go..N.f.e..FOdk{|.f.e..D..gUS.r.v...S...ed..Y..dk.e.v.f.e.^1u...S...vag>k6R.~.0........2... ........S.c.N.TP.6R.09hnc,gOS...vag>k.Tag.N..L.o.g.i.t.e.c.h. ..c.N.`.gP..v^..c.N'`...S...N.O.N...]-.pN.v .L.o.g.i.t.e.c.h. ..N.T.b.O(u.v .L.o.g.i.t.e.c.h. ..g.Reg.O(u.N.N,go..N.v
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Strings\zh-TW\coreui.xml
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:XML 1.0 document, UTF-8 Unicode text
                                                      Category:dropped
                                                      Size (bytes):7095
                                                      Entropy (8bit):6.180264027668745
                                                      Encrypted:false
                                                      SSDEEP:96:Szqol3lhHeOAFYE10Y4SjejJoQV6XtwxL+NA6pGceuYM8JOc6usVMhRI2:Szqol321TSuQVs+cGkAD
                                                      MD5:30662FB9D8D56ED199A3624878B4BBDF
                                                      SHA1:48742BD6370DC7AB44E71C510F8D5186F81E6A41
                                                      SHA-256:4CE21B09EF901AFB31B51B5B6F3AC93DC5D86EB49160DBE9091C2E573D4C6A62
                                                      SHA-512:ABD8AFB016B4E5F3CDCCDFB259C9BB22AC844A8D47C0B4C479EBBBC46423ED3EF2E44A602A5238696B2461B5CDD6E24A3D6BD73A26041C4FF351519FCA29FA66
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8"?>.<StringDictionary version="1.2">. <Strings>. <String key="Buttons:MinimizeToolTip">...</String>. <String key="Buttons:CloseToolTip">..</String>.. First Page-->. <String key="WindowName">%BrandName% Capture ....</String>. <String key="ApplicationName">%BrandName% Capture ....</String>. <String key="Welcome">....</String>. <String key="LWS_UnInstall2">... %BrandName% Webcam</String>. <String key="LWS_UnInstall3">..</String>. <String key="LWS_UnInstall4">....... %BrandName% Capture .............. %BrandName% Webcam Software. .................................</String>. <String key="LWS_UnInstall5">.... %BRANDNAME% WEBCAM SOFTWARE</String>. <String key="LogitechOptions">%BrandName% Capture</String>. <String key="Install">.. %BRANDNAME% CAPTURE</Str
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7-zip.dll
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):75776
                                                      Entropy (8bit):5.874555418493452
                                                      Encrypted:false
                                                      SSDEEP:1536:EQTQKhOdcXcdtviEM01Cs04dBfkfXHt5IWBJZylbDG:EfuocMdt6n01Cs0EkfXHtnZylu
                                                      MD5:5F69192F18BCDB41210B940C0E8758B0
                                                      SHA1:89F508E1760224C4C46060494650ADA76626E222
                                                      SHA-256:8DF078ED7CDC4E6A345354E343BE49CE2B49A7629A812DF0A1D6A0526AA4374D
                                                      SHA-512:5A7BCEA602E374A7AA2A82216AF5C4354297237F16DE25724D2FA306DB2CC27C452CA49801A82023FAC4CE69810B701DF11E79FB555F5DF6A41720CD000B54FA
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............\...\...\.y.\...\...\Z..\.y.\...\.y.\...\.y.\...\.y.\...\.y.\...\.y.\...\Rich...\................PE..d...@..Z.........." .........|......p........................................p............`..........................................................P.......0...............`.......................................................................................text............................... ..`.rdata..RU.......V..................@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.dll
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1677824
                                                      Entropy (8bit):6.274546493691555
                                                      Encrypted:false
                                                      SSDEEP:24576:9nCGMETTlVpmD8mCnL4GOnEZmNT6BQCBSA5no:xtTTlVID58LmNbeSo
                                                      MD5:7580437D0FB8C1AE60D96DAFB6883D30
                                                      SHA1:BE89B488B258555A8CF971E4D29C40CE92BF881D
                                                      SHA-256:3DCE36D583BA1C741E95DF1A265E47F0DE581BEF77AB48165DD67266BE7A42EF
                                                      SHA-512:E67BE84FB4C9BC87C20B72A1169F068B0AFDBC9872BE2CB0BFCF9EFF65B2B246C60C7237350CBB38CEFC004A75645F49D30C9ACAB12EFB0E914450886C21E1EB
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Fl.w(?.w(?.w(?..U?.w(?..S?.w(?.w)?.w(?..F?&w(?..E?.w(?..?.w(?..R?.w(?..T?.w(?..P?.w(?Rich.w(?................PE..d...@..Z.........." .........F...............................................P............`.............................................y.......d........{...p.......................................................................................................text...L........................... ..`.rdata..............................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......|..................@..@.reloc...0.......2...h..............@..B................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Tools\7z.exe
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):461824
                                                      Entropy (8bit):6.165195697745344
                                                      Encrypted:false
                                                      SSDEEP:12288:5C8TNi6LjSNacKiFzkae6N31+njiipWGc4:TNDjSNacKwNZiYJ4
                                                      MD5:614D994A6B4275506037747EC162DF5E
                                                      SHA1:11F7C47A7935560AA9C8C30AC1CECC974000B392
                                                      SHA-256:47462483FE54776E01D8CEB8FF9FD5BF2C3F1F01D852A54D878914F62F98F2D3
                                                      SHA-512:F0950DFE0EA067F7BE450AA9032A8713F7726540C56FD7A4FA861CEA36D3F6D3CB524D4BCBF22C6B5D2AD018C6169D65A9CB40FACF4CA62EEA0E34B677D9A26E
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j.[...[...[...-.y.Z...-...P...[.......-.j.....-.i.T...@.Z...-.x.Z...-.|.Z...Rich[...................PE..d...@..Z.........."..........b................@..............................P............`.................................................|...x....0..........._...........@.......................................................................................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..._.......`..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\VHMultiWriterExt2.exe
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1000848
                                                      Entropy (8bit):6.354196738562058
                                                      Encrypted:false
                                                      SSDEEP:24576:gnoC28+uqjstOeKvxq37wkHLrbB23+KkZtDDtio1y:G1+IgPqLH3F23jkZtDDtio1y
                                                      MD5:9219C63982C392D6D7A9570E8C4AFAB5
                                                      SHA1:DD047E67BFCF7BF0CFBB8641F851D789D68B9B3F
                                                      SHA-256:848BCF079D107B572F59B7C00FDA4C7108331F557FB14D1C2E64FBDC5DF5BC07
                                                      SHA-512:4C9668752D7777166A1EE167F5C36E7F9148595569677341EABE8E42C798687EEDC84216DE04AC414BCBF32F8747A5604CD6F5B39C2EB6EBC654B5C9061824CB
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nN.{*/.(*/.(*/.(OI.)$/.(OI.)./.(...(+/.(xG.)#/.(xG.)c/.(xG.)./.(..( /.(OI.)0/.(.F.),/.(OI.);/.(*/.(./.(.F.)./.(.F5(+/.(*/](+/.(.F.)+/.(Rich*/.(........PE..d...Q.`^.........."..........\.......@.........@.........................................`..................................................z.......p...........k...*...............6..p....................8..(....7...............................................text............................... ..`.rdata..............................@..@.data....h.......$...z..............@....pdata...k.......l..................@..@.rsrc........p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\dpinst.exe
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):677952
                                                      Entropy (8bit):5.932006150604812
                                                      Encrypted:false
                                                      SSDEEP:6144:KsW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmPVE:iIId79EaUTvwieMowXzZ2tPm
                                                      MD5:4AA50885D2CEC4394A095AED5323AED5
                                                      SHA1:58F6256CF45A40282559B15B9211015E505835B0
                                                      SHA-256:5E4933B19C9656012B8A19F3B2DCDD8FE9045788E1937E3F18D48E04AA258916
                                                      SHA-512:D18E8503F0B0303F0904FB8A383CEB42A919CC5AFD62E7F2FE3C98E6AD007D9C7BF7E3A33C35FB2195DEF0ED0E523A3EBAE7BE9D97E99196B0FB6DDDDC703F8E
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J.........."..........P...............................................p......Z'....@.......... ......................................H...@............0..\m...<..@....`.......................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc................v..............@..@.reloc..<....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\lUVC1564c.inf
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1825
                                                      Entropy (8bit):5.625686042686867
                                                      Encrypted:false
                                                      SSDEEP:48:ZjiD52+oDueNQcB+yfMOdwl5S1S7xIFnK:dxVNQcB+yfMqc1CK
                                                      MD5:B06980AF52B244FBD60ACE08C3EE1C5C
                                                      SHA1:7665A2F14177289A395E62C8D872B2414E337C47
                                                      SHA-256:C139ECA75D605C2CD98C6ADA0DFF682F64612E20427E3D99EC5D6901FBD46687
                                                      SHA-512:57C235A30F500D23EFD875A40066A72CE903A2965166BABDA74F47444C89F187D6892EB7A1A3FD7E8D7684221B110E00FC9A018EFC08790E9376B2D3EC95AF2C
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ;-------------------------------------------------------..; File: lUVC1564c.inf..; Logitech Video2 Camera Installation file..; Copyright (c) 1996-2018 Logitech Inc...;-------------------------------------------------------....[Version]..signature="$CHICAGO$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..Provider=%PVD%..CatalogFile=lUVC1564c.cat..DriverVer=03/19/2018, 1.1.142.0....[DestinationDirs]..DefaultDestDir=11....[ControlFlags]..ExcludeFromselect=*....[Manufacturer]..%LogitechMfg%=Logitech.Section,NTamd64,NTamd64.6.1,NTamd64.6.2....[SourceDisksNames]..1=%DISK_NAME%,,,....[SourceDisksFiles]....[Logitech.Section.NTamd64]....[Logitech.Section.NTamd64.6.1]..%USB\VID_046D&PID_085E.DeviceDesc%=LogiHubUVC15.Dev.NT,usb\vid_046d&pid_085e..%USB\VID_046D&PID_086B.DeviceDesc%=LogiHubUVC15.Dev.NT,usb\vid_046d&pid_086b..%USB\VID_046D&PID_0881.DeviceDesc%=LogiHubUVC15.Dev.NT,usb\vid_046d&pid_0881....[Logitech.Section.NTamd64.6.2]....[LogiHubUVC15.Dev.NT]..Include=usb.inf..Needs=
                                                      C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\Win7Res\luvc1564c.cat
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8473
                                                      Entropy (8bit):7.197428277493374
                                                      Encrypted:false
                                                      SSDEEP:192:M9Mstj2nbVUEmZRBpE5dCWEhV0+3Ef5KYpBjSoYF:8NE5dCTu+3Ef5dpBjBYF
                                                      MD5:CDBEBDEAA117F79823BF3B38A7CD902E
                                                      SHA1:625D29AA17DD6165A3F95F9D3E84EAF7A6872DC1
                                                      SHA-256:A8692533710704BC8A42AEB40024B40E83037D1EBC4D0D640A717A8126EEC227
                                                      SHA-512:C55A46E0751EBEA047D62498698DCB961BA79F3AF027F10A56AD1278290E18DFAAB00A39097AB47269E3B3A2747D3AD1056EC4F09AC8A4EDD5114E8F62B98C0C
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: 0.!...*.H........!.0.!....1.0...+......0.....+.....7......0...0...+.....7.........!O......2...181101232629Z0...+.....7.....0..{0..w.R7.6.6.5.A.2.F.1.4.1.7.7.2.8.9.A.3.9.5.E.6.2.C.8.D.8.7.2.B.2.4.1.4.E.3.3.7.C.4.7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0>..+.....7...100....F.i.l.e........l.u.v.c.1.5.6.4.c...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........ve..Aw(.9^b..r.AN3|G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}......./0..+0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l........5.0.0.0...0$..+.....7.....0....D.T.C........1...0....+.....7......0.....S.u.b.m.i.s.s.i.o.n. .I.D.......^3.0.0.3.3.9.9.0._.1.4.0.0.0.7.5.1.3.0.8.5.3.7.4.8.8._.1.1.5.2.9.2.1.5.0.4.6.2.7.8.3.3.7.3.7...0t..+.....7....f0d...B.u.n.d.l.e.I.D.......J2.9.5.8.6.d.5.9.-.2.e.9.3.-.4.8.8.1.-.8.5.1.a.-.c.1.1.7.6.a.b.1.f.9.6.7...04..+.....7....&0$...U.n.i.v.e.r.s.a.l........N./.A...0:..+.....7....,0*...D.e.c.l.a.r.a.t.i.v.e.....
                                                      C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\System.dll
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):11776
                                                      Entropy (8bit):5.656065698421856
                                                      Encrypted:false
                                                      SSDEEP:192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
                                                      MD5:17ED1C86BD67E78ADE4712BE48A7D2BD
                                                      SHA1:1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0
                                                      SHA-256:BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB
                                                      SHA-512:0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 3%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\nsw7AB5.tmp\UserInfo.dll
                                                      Process:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4096
                                                      Entropy (8bit):3.300248291125861
                                                      Encrypted:false
                                                      SSDEEP:48:qKf6qD22TZ4s9XXqQr1wHGzzofD4x/X/3Mbj+cZSNJwhSv3:5fF/RKQruH0pxvcec++hSv
                                                      MD5:1B446B36F5B4022D50FFDC0CF567B24A
                                                      SHA1:D9A0A99FE5EA3932CBD2774AF285DDF35FCDD4F9
                                                      SHA-256:2862C7BC7F11715CEBDEA003564A0D70BF42B73451E2B672110E1392EC392922
                                                      SHA-512:04AB80568F6DA5EEF2BAE47056391A5DE4BA6AFF15CF4A2D0A9CC807816BF565161731921C65FE5FF748D2B86D1661F6AA4311C65992350BD63A9F092019F1B8
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....MX...........!................j........ ...............................P...................................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\Desktop\cmdline.out
                                                      Process:C:\Windows\SysWOW64\wget.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):182412
                                                      Entropy (8bit):2.1814105210063905
                                                      Encrypted:false
                                                      SSDEEP:1536:eJEi/UXO1LXYyBDSP8BV+ndhfuSBs0wEN:eCi/GyLoCqV
                                                      MD5:14EDACCCA74C775F320BA5E498835C13
                                                      SHA1:DDCD3B168F3C86237954B9B84D974C7A15C730C7
                                                      SHA-256:078C17EC25B3F952B22BF0B5B22939CE542B2516EB06A302F4555094BFA09004
                                                      SHA-512:CAB6FFB770667B6FD70E5FC901A1737187AD95473B876F28A6EB6DCA6D0E469306F8A4EAE7F822A1C8D4C2B2770C3983962F8447880F120EE7201ADE004E29BE
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: --2021-03-31 02:28:47-- https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe..Resolving download01.logi.com (download01.logi.com)... 13.32.25.64, 13.32.25.129, 13.32.25.115, .....Connecting to download01.logi.com (download01.logi.com)|13.32.25.64|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 119528872 (114M) [application/x-msdownload]..Saving to: 'C:/Users/user/Desktop/download/Capture_2.06.8.exe'.... 0K .......... .......... .......... .......... .......... 0% 269K 7m13s.. 50K .......... .......... .......... .......... .......... 0% 644K 5m7s.. 100K .......... .......... .......... .......... .......... 0% 1.26M 3m55s.. 150K .......... .......... .......... .......... .......... 0% 1008K 3m25s.. 200K .......... .......... .......... .......... .......... 0% 1.28M 3m2s.. 250K .......... .......... .......... .......... .......... 0% 1.18M 2m47s.. 300K .......... .......... .......... .......... ........
                                                      C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      Process:C:\Windows\SysWOW64\wget.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Category:dropped
                                                      Size (bytes):119528872
                                                      Entropy (8bit):7.999943099439826
                                                      Encrypted:true
                                                      SSDEEP:3145728:GiM7FkVvvpKt51LKonlW5kbOROUbFQWkg2:vMeHM1Wonf6jby
                                                      MD5:126060B7D52046D8F218CAAFC7BABEF8
                                                      SHA1:212F51B16C040870755A1FAB5E6095225262F9B9
                                                      SHA-256:C88D174AC1930BDE8D29F68DF7F9DA7965A53F30A556023BA25C679A202F1CAA
                                                      SHA-512:12B9BA065919CBB5B4886AD2A2C8D839940EB598E66177AEF1A427AE11B4A5272E67255F8410D0C75905819E3B17AEAB2F9AF7EBA08D95C2837E2740C6F4DEEB
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L...1.MX.................b...*.......2............@..........................@............@.............................................X`...........................................................................................................text....`.......b.................. ..`.rdata...............f..............@..@.data................z..............@....ndata... ...............................rsrc...X`.......b..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      No static file info

                                                      Network Behavior

                                                      No network behavior found

                                                      Code Manipulations

                                                      Statistics

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: cmd.exe PID: 6236 Parent PID: 2160

                                                      General

                                                      Start time:02:28:45
                                                      Start date:31/03/2021
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe' > cmdline.out 2>&1
                                                      Imagebase:0xbd0000
                                                      File size:232960 bytes
                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Analysis Process: conhost.exe PID: 6252 Parent PID: 6236

                                                      General

                                                      Start time:02:28:45
                                                      Start date:31/03/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff6b2800000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low

                                                      Analysis Process: wget.exe PID: 6292 Parent PID: 6236

                                                      General

                                                      Start time:02:28:46
                                                      Start date:31/03/2021
                                                      Path:C:\Windows\SysWOW64\wget.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://download01.logi.com/web/ftp/pub/techsupport/capture/Capture_2.06.8.exe'
                                                      Imagebase:0x400000
                                                      File size:3895184 bytes
                                                      MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Analysis Process: Capture_2.06.8.exe PID: 5140 Parent PID: 5608

                                                      General

                                                      Start time:02:30:18
                                                      Start date:31/03/2021
                                                      Path:C:\Users\user\Desktop\download\Capture_2.06.8.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\download\Capture_2.06.8.exe'
                                                      Imagebase:0x400000
                                                      File size:119528872 bytes
                                                      MD5 hash:126060B7D52046D8F218CAAFC7BABEF8
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 0%, ReversingLabs
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Analysis Process: LCaptureInstallerUI.exe PID: 6880 Parent PID: 5140

                                                      General

                                                      Start time:02:30:22
                                                      Start date:31/03/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:'C:\Users\user\AppData\Local\Temp\LogiCaptureInstall\LCaptureInstallerUI.exe'
                                                      Imagebase:0x500000
                                                      File size:859536 bytes
                                                      MD5 hash:11CAB5B78DBCBB021E687C5269C4F232
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Antivirus matches:
                                                      • Detection: 0%, ReversingLabs
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Disassembly

                                                      Code Analysis