Windows Analysis Report
logioptionsplus_installer.exe

Overview

General Information

Sample name:	logioptionsplus_installer.exe
Analysis ID:	1501426
MD5:	719485510aeabbf435c804ea39851462
SHA1:	687cbc30eeea5fae9acf5a289702dbeb873ba6c6
SHA256:	634b485749719ce9089a2b82ac1021f989873e1bad31b19756a0fe67dbe67167
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	64
Range:	0 - 100

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Compliance

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: z:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: x:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: v:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: t:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: r:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: p:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: n:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: l:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: j:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: h:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: f:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: b:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: y:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: w:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: u:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: s:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: q:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: o:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: m:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: k:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: i:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: g:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: e:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: c:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: a:

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: updates.optionsplus.logitechg.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

System Summary

Deletes files inside the Windows folder

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe

File deleted: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe

PE file contains executable resources (Code or Archives)

Source: logioptionsplus_installer.exe

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

Source: classification engine

Classification label: clean6.winEXE@7/45@1/22

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows Media

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a

Source: logioptionsplus_installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: logioptionsplus_installer.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\logioptionsplus_installer.exe "C:\Users\user\Desktop\logioptionsplus_installer.exe"
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmploc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: audioses.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmnetmgr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msv1_0.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntlmshared.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptdll.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wdigest.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: quartz.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: evr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: avrt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmpeffects.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winnsi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: riched20.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: usp10.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msls31.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: schannel.dll

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

Source: logioptionsplus_installer.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: logioptionsplus_installer.exe

Static file information: File size 30695680 > 1048576

Source: logioptionsplus_installer.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1ccb000

Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: logioptionsplus_installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

PE file contains sections with non-standard names

Source: logioptionsplus_installer.exe	Static PE information: section name: SHARED
Source: logioptionsplus_installer.exe	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Jump to dropped file
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll	Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFE010000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFFBB0000 memory reserve \| memory write watch

Found dropped PE file which has not been started or loaded

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Dropped PE file which has not been started: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process information queried: ProcessInformation

Anti Debugging

Enables debug privileges

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Queries volume information: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
18.66.112.27	d2gcbobjbpeml4.cloudfront.net	United States		3	MIT-GATEWAYSUS	false

Private

IP
127.0.0.1

Contacted Domains

Name	IP	Active
d2gcbobjbpeml4.cloudfront.net	18.66.112.27	true
updates.optionsplus.logitechg.com	unknown	unknown

Compliance

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: z:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: x:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: v:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: t:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: r:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: p:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: n:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: l:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: j:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: h:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: f:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: b:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: y:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: w:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: u:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: s:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: q:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: o:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: m:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: k:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: i:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: g:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: e:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: c:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: a:

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: updates.optionsplus.logitechg.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

System Summary

Deletes files inside the Windows folder

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe

File deleted: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe

PE file contains executable resources (Code or Archives)

Source: logioptionsplus_installer.exe

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

Source: classification engine

Classification label: clean6.winEXE@7/45@1/22

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows Media

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a

Source: logioptionsplus_installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: logioptionsplus_installer.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\logioptionsplus_installer.exe "C:\Users\user\Desktop\logioptionsplus_installer.exe"
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmploc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: audioses.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmnetmgr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msv1_0.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntlmshared.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptdll.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wdigest.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: quartz.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: evr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: avrt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmpeffects.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winnsi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: riched20.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: usp10.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msls31.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: schannel.dll

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

Source: logioptionsplus_installer.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: logioptionsplus_installer.exe

Static file information: File size 30695680 > 1048576

Source: logioptionsplus_installer.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1ccb000

Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: logioptionsplus_installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

PE file contains sections with non-standard names

Source: logioptionsplus_installer.exe	Static PE information: section name: SHARED
Source: logioptionsplus_installer.exe	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Jump to dropped file
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll	Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFE010000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFFBB0000 memory reserve \| memory write watch

Found dropped PE file which has not been started or loaded

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Dropped PE file which has not been started: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process information queried: ProcessInformation

Anti Debugging

Enables debug privileges

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Queries volume information: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1501426
Product:	CloudBasic
Start time:	22:11:03
Start date:	29.08.2024
Sample:	logioptionsplus_installer.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	719485510aeabbf435c804ea39851462
SHA1:	687cbc30eeea5fae9acf5a289702dbeb873ba6c6
SHA256:	634b485749719ce9089a2b82ac1021f989873e1bad31b19756a0fe67dbe67167
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\LogiOptionsPlus\next.json	JSON data	60A80C63396641CF97B769791A3F0CF3	B67CC9D38B8F934EFA27DCF54B65632583614594	C149CE99FDF41ADCA76B67287DD18C5575548B745C59E7068C63E77C17832A18
C:\ProgramData\LogiOptionsPlus\periodic_check.json	JSON data	1D91B7E691FF2015F59B2595BD7C3F5E	5FA2E540E8BE26029A4BAED75628FBCA01CA1848	09C8AEB3E87C07D582FA71C031B4FDDEBF381C2664EE55C94782BB50794E6725
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageInstalled.gif	GIF image data, version 89a, 800 x 400	0B976C4D692865CF8C80DB344D689099	2603F13C380DB2AE80E3A48C6224ABD5043F6200	E824FE62DE1B10B2A2EC5FFD8A8F2CF244F1D59319E7EA8AEC989C71EAD8EB8A
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageLegacyOptions.gif	GIF image data, version 89a, 800 x 400	AB5A77084D242F395D18A9178F780D3E	3808E300C9178FC372E08E14327060A550329D3F	67F08D505222E99EC36C3D648F0733EB9E59B28823136B62F10599FA5D4B011A
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageUnsupportedOs.gif	GIF image data, version 89a, 800 x 400	C1056EE113BB012AABC09313914149E5	2BE86CAE925072BC99FCE2A3E880CAF9819E88D2	48EA9399F9A2EDC71B4F137D7C13052D249F7A4C625E780A8EE2271BFC74AA1B
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	092E7242CFD1F7948BF666D55E641C06	D275CA087C7D2CA3E92635F2A8DA825691E3D3A5	A215C71D9FA70F1F4314424CDCB97BD4264B34628E8C964E952D6109DAB9630B
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	PE32 executable (GUI) Intel 80386, for MS Windows	BE433764FA9BBE0F2F9C654F6512C9E0	B87C38D093872D7BE7E191F01107B39C87888A5A	40EA2955391C9EAE3E35619C4C24B5AAF3D17AEAA6D09424EE9672AA9372AEED
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD	XML 1.0 document, ASCII text, with CRLF line terminators	90BE2701C8112BEBC6BD58A7DE19846E	A95BE407036982392E2E684FB9FF6602ECAD6F1E	644FBCDC20086E16D57F31C5BAD98BE68D02B1C061938D2F5F91CBE88C871FBF
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML	exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7050D5AE8ACFBE560FA11073FEF8185D	5BC38E77FF06785FE0AEC5A345C4CCD15752560E	CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log	ASCII text, with CRLF, LF line terminators	DF2EAA556BC279ECF5758D482C65510A	BDD673AB20CD569E9A09982A8DA7DC4B4DBF94CC	A9010CC11FC23F1A63344C060AF73D92BCD3B2C42E6CDE217E6EC1A06A7DED1A
C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240829161143.log	ASCII text, with CRLF line terminators	41E8B4BF4DB865B56B55B610A959B6C9	EB284174B0551711BFB763EC1257182CE02798C5	8C33297F4A50BDFBF88D58F34204A0AEB765495298E942127FAA63F063824AA8
C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows	915D73FE8683E5DBD4B09E09F14FBC29	9A9DF829754CE248E6747B0C8710738E1EB05CD7	0CC890B51AABE89D577A1731B8F6BA2663310AFDDB40AE003950D7AB9FA348CC
C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	PE32 executable (GUI) Intel 80386, for MS Windows	94970FC3A8ED7B9DE44F4117419CE829	AA1292F049C4173E2AB60B59B62F267FD884D21A	DE1ACBB1DF68A39A5B966303AC1B609DDE2688B28EBF3EBA8D2ADEEB3D90BF5E
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	B7F65A3A169484D21FA075CCA79083ED	5DBFA18928529A798FF84C14FD333CB08B3377C0	32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	472ABBEDCBAD24DBA5B5F5E8D02C340F	974F62B5C2E149C3879DD16E5A9DBB9406C3DB85	8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	B408556A89FCE3B47CD61302ECA64AC9	AAC1CDAF085162EFF5EAABF562452C93B73370CB	21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	16343005D29EC431891B02F048C7F581	85A14C40C482D9351271F6119D272D19407C3CE9	07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	C2CFA4CE43DFF1FCD200EDD2B1212F0A	E8286E843192802E5EBF1BE67AE30BCAD75AC4BB	F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	561F3F32DB2453647D1992D4D932E872	109548642FB7C5CC0159BEDDBCF7752B12B264C0	8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	F0FF747B85B1088A317399B0E11D2101	F13902A39CEAE703A4713AC883D55CFEE5F1876C	4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	7B46AE8698459830A0F9116BC27DE7DF	D9BB14D483B88996A591392AE03E245CAE19C6C3	704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	9D98044BAC59684489C4CF66C3B34C85	36AAE7F10A19D336C725CAFC8583B26D1F5E2325	A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	D90BC60FA15299925986A52861B8E5D5	FADFCA9AB91B1AB4BD7F76132F712357BD6DB760	0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	8C49936EC4CF0F64CA2398191C462698	CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC	7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	DC81ED54FD28FC6DB6F139C8DA1BDED6	9C719C32844F78AAE523ADB8EE42A54D019C2B05	6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	184D94082717E684EAF081CEC3CBA4B1	960B9DA48F4CDDF29E78BBAE995B52204B26D51B	A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	B3399648C2F30930487F20B50378CEC1	CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D	AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	5B9DF97FC98938BF2936437430E31ECA	AB1DA8FECDF85CF487709774033F5B4B79DFF8DE	8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	15172EAF5C2C2E2B008DE04A250A62A1	ED60F870C473EE87DF39D1584880D964796E6888	440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	360FC4A7FFCDB915A7CF440221AFAD36	009F36BBDAD5B9972E8069E53855FC656EA05800	9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	BE27B98E086D2B8068B16DBF43E18D50	6FAF34A36C8D9DE55650D0466563852552927603	F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	A59C893E2C2B4063AE821E42519F9812	C00D0B11F6B25246357053F6620E57D990EFC698	0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	17C652452E5EE930A7F1E5E312C17324	59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3	7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	BD2DC15DFEE66076BBA6D15A527089E7	8768518F2318F1B8A3F8908A056213042A377CC4	62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	DEFBEA001DC4EB66553630AC7CE47CCA	90CED64EC7C861F03484B5D5616FDBCDA8F64788	E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	3CF16377C0D1B2E16FFD6E32BF139AC5	D1A8C3730231D51C7BB85A7A15B948794E99BDCE	E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	3D1E15DEEACE801322E222969A574F17	58074C83775E1A884FED6679ACF9AC78ABB8A169	2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	FBF293EE95AFEF818EAF07BB088A1596	BBA1991BA6459C9F19B235C43A9B781A24324606	1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\thm.wxl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	47F9F8D342C9C22D0C9636BC7362FA8F	3922D1589E284CE76AB39800E2B064F71123C1C5	9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\BootstrapperApplicationData.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (591), with CRLF line terminators	215C04E42ACC38479298AEBD4F36435C	5EF4A4B6A23288077D52E1192665D1F0CEA7ECF4	2E69B9B7C1695676C15B354F53BCB56257EC79799C6853FECA480CBC9DDAA5FD
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	2EABBB391ACB89942396DF5C1CA2BAD8	182A6F93703549290BCDE92920D37BC1DEC712BB	E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\logo.png	PNG image data, 64 x 64, 8-bit colormap, non-interlaced	D6BD210F227442B3362493D046CEA233	FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE	335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\thm.wxl	XML 1.0 document, ASCII text, with CRLF line terminators	FBFCBC4DACC566A3C426F43CE10907B6	63C45F9A771161740E100FAF710F30EED017D723	70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\thm.xml	XML 1.0 document, ASCII text, with CRLF line terminators	F62729C6D2540015E072514226C121C7	C1E189D693F41AC2EAFCC363F7890FC0FEA6979C	F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	EAB9CAF4277829ABDF6223EC1EFA0EDD	74862ECF349A9BEDD32699F2A7A4E00B4727543D	A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041

Windows Analysis Report logioptionsplus_installer.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
logioptionsplus_installer.exe