Edit tour

Windows Analysis Report
logioptionsplus_installer.exe

Overview

General Information

Sample name:	logioptionsplus_installer.exe
Analysis ID:	1501426
MD5:	719485510aeabbf435c804ea39851462
SHA1:	687cbc30eeea5fae9acf5a289702dbeb873ba6c6
SHA256:	634b485749719ce9089a2b82ac1021f989873e1bad31b19756a0fe67dbe67167
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	64
Range:	0 - 100

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64_ra

logioptionsplus_installer.exe (PID: 6848 cmdline: "C:\Users\user\Desktop\logioptionsplus_installer.exe" MD5: 719485510AEABBF435C804EA39851462)

logioptionsplus_setup.exe (PID: 6980 cmdline: --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event MD5: 915D73FE8683E5DBD4B09E09F14FBC29)

vc_redist.x64.exe (PID: 7052 cmdline: "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart MD5: BE433764FA9BBE0F2F9C654F6512C9E0)

vc_redist.x64.exe (PID: 7076 cmdline: "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart MD5: 94970FC3A8ED7B9DE44F4117419CE829)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance

Creates install or setup log file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Creates license or readme file

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

PE / OLE file has a valid certificate

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: z:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: x:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: v:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: t:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: r:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: p:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: n:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: l:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: j:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: h:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: f:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: b:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: y:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: w:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: u:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: s:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: q:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: o:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: m:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: k:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: i:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: g:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: e:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: c:
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: a:

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: updates.optionsplus.logitechg.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.66.112.27:443 -> 192.168.2.17:49738 version: TLS 1.2

System Summary

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe

File deleted: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe

Source: logioptionsplus_installer.exe

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

Source: classification engine

Classification label: clean6.winEXE@7/45@1/22

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows Media

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a

Source: logioptionsplus_installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: logioptionsplus_installer.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\logioptionsplus_installer.exe "C:\Users\user\Desktop\logioptionsplus_installer.exe"
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe --install-event=3462635a-4201-4c07-ab60-967f28257365.optionsplus_install_finish_event
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmploc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: audioses.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmnetmgr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msv1_0.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ntlmshared.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: cryptdll.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wdigest.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: quartz.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: evr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: avrt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mfps.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wmpeffects.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winnsi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: version.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: cabinet.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msxml3.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: feclient.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msimg32.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: explorerframe.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: riched20.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: usp10.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: msls31.dll
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Section loaded: schannel.dll

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

PE / OLE file has a valid certificate

Source: logioptionsplus_installer.exe

Static PE information: certificate valid

PE file has a high image base, often used for DLLs

Source: logioptionsplus_installer.exe

Static PE information: Image base 0x140000000 > 0x60000000

Submission file is bigger than most known malware samples

Source: logioptionsplus_installer.exe

Static file information: File size 30695680 > 1048576

PE file has a big raw section

Source: logioptionsplus_installer.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1ccb000

PE file contains a mix of data directories often seen in goodware

Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: logioptionsplus_installer.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: logioptionsplus_installer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains a debug data directory

Source: logioptionsplus_installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

PE file contains a valid data directory to section mapping

Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: logioptionsplus_installer.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Source: logioptionsplus_installer.exe	Static PE information: section name: SHARED
Source: logioptionsplus_installer.exe	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Jump to dropped file
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\logioptionsplus_installer.exe	File created: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll	Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	File created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe			Jump to dropped file

Creates install or setup log file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

File created: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Creates license or readme file

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	File created: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFE010000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Memory allocated: 1DBFFBB0000 memory reserve \| memory write watch

Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Dropped PE file which has not been started: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process information queried: ProcessInformation

Anti Debugging

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Process created: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe "C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart
Source: C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	Process created: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe "c:\windows\temp\{290b7a63-df99-4623-aac0-79b88f78147a}\.cr\vc_redist.x64.exe" -burn.clean.room="c:\programdata\logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart

Language, Device and Operating System Detection

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	Queries volume information: C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	11 Masquerading	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	11 Peripheral Device Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Source	Detection	Scanner	Label	Link
logioptionsplus_installer.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll	0%	ReversingLabs
C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe	0%	ReversingLabs
C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe	0%	ReversingLabs
C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll	0%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d2gcbobjbpeml4.cloudfront.net	18.66.112.27	true	false		unknown
updates.optionsplus.logitechg.com	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
18.66.112.27	d2gcbobjbpeml4.cloudfront.net	United States		3	MIT-GATEWAYSUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501426
Start date and time:	2024-08-29 22:11:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	logioptionsplus_installer.exe
Detection:	CLEAN
Classification:	clean6.winEXE@7/45@1/22
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: logioptionsplus_installer.exe

Created / dropped Files

C:\ProgramData\LogiOptionsPlus\next.json

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107
Entropy (8bit):	4.134395999692706
Encrypted:	false
SSDEEP:
MD5:	60A80C63396641CF97B769791A3F0CF3
SHA1:	B67CC9D38B8F934EFA27DCF54B65632583614594
SHA-256:	C149CE99FDF41ADCA76B67287DD18C5575548B745C59E7068C63E77C17832A18
SHA-512:	6EC2DC8AC10B7758F41F74CCB374B1F47764C57B881211B348BB03BE768D312133BE47CFCD68FCFD9C4C6723A550377DAA0278C4CE5D6183218A3687BAFBFA76
Malicious:	false
Reputation:	unknown
Preview:	{. "accessGroup": "",. "branch": "",. "buildId": "",. "depots": [],. "region": "CH",. "version": "".}

C:\ProgramData\LogiOptionsPlus\periodic_check.json

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	JSON data
Category:	modified
Size (bytes):	147
Entropy (8bit):	4.765749494103495
Encrypted:	false
SSDEEP:
MD5:	1D91B7E691FF2015F59B2595BD7C3F5E
SHA1:	5FA2E540E8BE26029A4BAED75628FBCA01CA1848
SHA-256:	09C8AEB3E87C07D582FA71C031B4FDDEBF381C2664EE55C94782BB50794E6725
SHA-512:	36830E250D5C4EA08C40C0DADFF98BC732D9E93254F61EA37119A2B692C1F839AE1E42C9A1F4E798214CB0DA9FB11EA464E84BD8466B345E4EC9BCC6918D126C
Malicious:	false
Reputation:	unknown
Preview:	{. "checkPeriodically": true,. "intervalInSeconds": 86400,. "nextCheckDueDate": "",. "downloadAutomatically": true,. "nextCheckDueTimestamp": "".}.

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageInstalled.gif

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	GIF image data, version 89a, 800 x 400
Category:	dropped
Size (bytes):	31395
Entropy (8bit):	7.921156286103369
Encrypted:	false
SSDEEP:
MD5:	0B976C4D692865CF8C80DB344D689099
SHA1:	2603F13C380DB2AE80E3A48C6224ABD5043F6200
SHA-256:	E824FE62DE1B10B2A2EC5FFD8A8F2CF244F1D59319E7EA8AEC989C71EAD8EB8A
SHA-512:	BE8310EA8800C4C46F36417277130AA8307F008EE6ED49A22C4C028F10CA0B63463E46F89022E0B9607FE7BEAE675DEF27896B432BB0AD53BE52E4179E89BB2B
Malicious:	false
Reputation:	unknown
Preview:	GIF89a ....[..\|..N.............b.................t..j.....W..\.............S.............................................................e...................k.........V................_........M..........wH.\|K.U...............X..........i..........}S.....................................pD......................x[.........................\........................................h?..................................i....U.................s..........I...........kw.X.......Q..{.....\.....M..`..w.s.....i..P!...............Z_......t...)G......Y..T3..................]..6..th.`....~.............O.......j........(...........g.B}...W.....g............c........t....N...~.....................................o.y..........v..............X......n.!..NETSCAPE2.0.....!.......!..Optimized using ezgif.com.,.... ..........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L..

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageLegacyOptions.gif

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	GIF image data, version 89a, 800 x 400
Category:	dropped
Size (bytes):	26348
Entropy (8bit):	7.8374027371239015
Encrypted:	false
SSDEEP:
MD5:	AB5A77084D242F395D18A9178F780D3E
SHA1:	3808E300C9178FC372E08E14327060A550329D3F
SHA-256:	67F08D505222E99EC36C3D648F0733EB9E59B28823136B62F10599FA5D4B011A
SHA-512:	539BF77C03B647CDE54912D346FF77C9E1D585B1E531BA73B6A57963E0E1B5CB247CD467E5B7A5B7E5753E135C9E777E123675786710CA54322341359C330C5F
Malicious:	false
Reputation:	unknown
Preview:	GIF89a ....T...h..}.....q..................._..s.......{.....N.........................................i......{.u..............................z..M..R..Q..Z.Z..e....I.......................q..Z..........................t..............`.t....S.l.\|..........s.....]..h..W.d.u....................................U.....r.................kw.......................^........w.vH....i..P!.............Xc.......)G...........T3....[................b................................s...................................j.j.g@.B}.......................a.....................................................................................................................C...............m.......X....................h..^....x.4....................!..NETSCAPE2.0.....!...$...!..Optimized using ezgif.com.,.... ..........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L..

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageUnsupportedOs.gif

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	GIF image data, version 89a, 800 x 400
Category:	dropped
Size (bytes):	24284
Entropy (8bit):	7.8366827140862645
Encrypted:	false
SSDEEP:
MD5:	C1056EE113BB012AABC09313914149E5
SHA1:	2BE86CAE925072BC99FCE2A3E880CAF9819E88D2
SHA-256:	48EA9399F9A2EDC71B4F137D7C13052D249F7A4C625E780A8EE2271BFC74AA1B
SHA-512:	EC3BA7F9781D645D118445B38FCD49FF77C175339B645DB49262DF2A754A23D4FE04556B7E00258DF5EB459AF8117376EC627E217468A9833662041A60268A6B
Malicious:	false
Reputation:	unknown
Preview:	GIF89a ....d...h..}......................^..s.....\|..........N....................i.....u..p..{....................R..g......M..Q..S.W.e............................I..............z.....q..Z...............`.Z.U.u.....Z..............t...........s........].....h..d.l....\|.....r........................kw.....................[.......w.......vH.i..P!..................t......)G.............Z`...T3....[....b...................................t...................o...........(.....i....j.g@.B}....................a................................................................................................................................................0........x.........................X....................^...................!..NETSCAPE2.0.....!.......,.... ..........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9407488
Entropy (8bit):	6.465693392402344
Encrypted:	false
SSDEEP:
MD5:	092E7242CFD1F7948BF666D55E641C06
SHA1:	D275CA087C7D2CA3E92635F2A8DA825691E3D3A5
SHA-256:	A215C71D9FA70F1F4314424CDCB97BD4264B34628E8C964E952D6109DAB9630B
SHA-512:	984D76BBC369A438FEC4492381EC070441EC21C3DC73D4FD509F961D9303B3317873105B3B3786D165C643B6FB4F6736A3A39E72B9791772270F129233AB6C9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.........><.Po.Po.Poi.o.Poi.Tn.Poi.Sn.Poi.Qn.Po..Un..PoZ.Un.Po.9Tn.Po.9Un.Po..Tn..Po..Un.Po).Tn.Po...o.Po..Sn.Po..Tn_.Poi.Un.Po).Vn.Po).Qn.Po.Qo3.Po..Un..Po..Pn.Po..o.Po..o.Po..Rn.PoRich.Po........................PE..d....h.f.........." ...$..d..H+.......L......................................P............`...........................................~.....\|.~. ....`..H.... ...................2..p.u.T.....................u.(...0.u.@.............d..............................text.....d.......d................. ..`.rdata...-....d.......d.............@..@.data.................~.............@....pdata....... ...0...x..............@..@CPADinfo8....P......................@....rsrc...H....`......................@..@.reloc...2.......4...X..............@..B................................................................................................

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15060496
Entropy (8bit):	7.99595782028495
Encrypted:	true
SSDEEP:
MD5:	BE433764FA9BBE0F2F9C654F6512C9E0
SHA1:	B87C38D093872D7BE7E191F01107B39C87888A5A
SHA-256:	40EA2955391C9EAE3E35619C4C24B5AAF3D17AEAA6D09424EE9672AA9372AEED
SHA-512:	8A050EBD392654CE5981AF3D0BF99107BFA576529BCE8325A7CCC46F92917515744026A2D0EA49AFB72BBC4E4278638A0677C6596AD96B7019E47C250E438191
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............B...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	498
Entropy (8bit):	5.103913616294899
Encrypted:	false
SSDEEP:
MD5:	90BE2701C8112BEBC6BD58A7DE19846E
SHA1:	A95BE407036982392E2E684FB9FF6602ECAD6F1E
SHA-256:	644FBCDC20086E16D57F31C5BAD98BE68D02B1C061938D2F5F91CBE88C871FBF
SHA-512:	D618B473B68B48D746C912AC5FC06C73B047BD35A44A6EFC7A859FE1162D68015CF69DA41A5DB504DCBC4928E360C095B32A3B7792FCC6A38072E1EBD12E7CBE
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" standalone="yes"?>..<!DOCTYPE document [..<!ELEMENT document (node)>.. <!ATTLIST document WMSNameSpaceVersion CDATA "2.0">....<!ELEMENT node (node)>.. <!ATTLIST node name CDATA #REQUIRED>.. <!ATTLIST node opcode ( create \| remove \| setval \| clearval \| rename \| movebefore ) #REQUIRED>.. <!ATTLIST node secure ( true \| false ) #IMPLIED>.. <!ATTLIST node type ( string \| boolean \| int32 \| binary \| int64 ) #IMPLIED>.. <!ATTLIST node value CDATA #IMPLIED>..]>..

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	10191
Entropy (8bit):	4.792342140217129
Encrypted:	false
SSDEEP:
MD5:	7050D5AE8ACFBE560FA11073FEF8185D
SHA1:	5BC38E77FF06785FE0AEC5A345C4CCD15752560E
SHA-256:	CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
SHA-512:	A7A295AC8921BB3DDE58D4BCDE9372ED59DEF61D4B7699057274960FA8C1D1A1DAFF834A93F7A0698E9E5C16DB43AF05E9FD2D6D7C9232F7D26FFCFF5FC5900B
Malicious:	false
Reputation:	unknown
Preview:	.<document WMSNameSpaceVersion="2.0">.... <node name="Control Protocol" opcode="create" >.. <node name="Object Store" opcode="create" >.. <node name="RTSP" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{308786f0-8b15-11d2-b25f-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="RTSP,RTSPA,RTSPT,RTSPU,RTSPM" />.. </node> Properties -->.... </node> RTSP -->.... <node name="Sessionless Multicast" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{f9377800-f38d-11d2-b26c-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="MCAST,RTP" />.. </node> Properties

C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.007185734327359
Encrypted:	false
SSDEEP:
MD5:	DF2EAA556BC279ECF5758D482C65510A
SHA1:	BDD673AB20CD569E9A09982A8DA7DC4B4DBF94CC
SHA-256:	A9010CC11FC23F1A63344C060AF73D92BCD3B2C42E6CDE217E6EC1A06A7DED1A
SHA-512:	F41E61B43E2E5F89E01B91F4022E068051689C4EF03C84B417714AB3DE0E8247ECDD2997880C9F939C4A643FF0E23A839A18FBA405BAF6D0AC9C8AD2D1BD8A12
Malicious:	false
Reputation:	unknown
Preview:	[2024-08-29:17:58:16.400] [:7028] [info] [logging.cpp:253] Logging to: C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log...

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240829161143.log

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7226
Entropy (8bit):	5.49044436732878
Encrypted:	false
SSDEEP:
MD5:	41E8B4BF4DB865B56B55B610A959B6C9
SHA1:	EB284174B0551711BFB763EC1257182CE02798C5
SHA-256:	8C33297F4A50BDFBF88D58F34204A0AEB765495298E942127FAA63F063824AA8
SHA-512:	AC691BED2376D6C1D3249D76418660097B0E81A53CE1584F869FC4561DDC55841D9C4E082AB8ED032F6B451855F8B47F0816CFC8959491D1C3F8FF68712FAFFA
Malicious:	false
Reputation:	unknown
Preview:	[1BA4:1BA8][2024-08-29T16:11:43]i001: Burn v3.10.4.4718, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe..[1BA4:1BA8][2024-08-29T16:11:43]i009: Command Line: '-burn.clean.room=C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe -burn.filehandle.attached=652 -burn.filehandle.self=680 /install /quiet /norestart'..[1BA4:1BA8][2024-08-29T16:11:43]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe'..[1BA4:1BA8][2024-08-29T16:11:43]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\'..[1BA4:1BA8][2024-08-29T16:11:43]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240829161143.log'..

C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

Download File

Process:	C:\Users\user\Desktop\logioptionsplus_installer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	29963520
Entropy (8bit):	7.657053259395651
Encrypted:	false
SSDEEP:
MD5:	915D73FE8683E5DBD4B09E09F14FBC29
SHA1:	9A9DF829754CE248E6747B0C8710738E1EB05CD7
SHA-256:	0CC890B51AABE89D577A1731B8F6BA2663310AFDDB40AE003950D7AB9FA348CC
SHA-512:	A432FFD98A8824110D731C1819CEDB728FBBDEFC1D689C95DDEA0FDB60F046FCB258D63EBA17C4E744DC931E478EEFE0882385818F8556A91055F9056B611727
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....h.f.........."...0......\........... .....@..... .......................@............`...@......@............... ..................................L[...............)........................................................................... ..H............text........ ...................... ..`.rsrc...L[.......\..................@..@........................................H.......X....................>...........................................0..........~M...~S...o....o...., ~M...~S...o....o.......o....,..~M...~S...o....o....o....,%~M...~S...o....o....o.......o....,..~M...r...po.......o....,.....0..f8......s....%.r...po ...%.r#..po ...%.rq..po ...%.r...po ...%.r...po ...%.r...po ...%.r...po ...%.r...po ...%.r!..po ...%..rY..po ...%..r...po ...%..r...po ...%..r...po ...%..r=..po ...%..r...po ...%..r...po ...%..r...po ...%..r...po ...%..ro..po ...%

C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe

Download File

Process:	C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	647904
Entropy (8bit):	7.216534710571963
Encrypted:	false
SSDEEP:
MD5:	94970FC3A8ED7B9DE44F4117419CE829
SHA1:	AA1292F049C4173E2AB60B59B62F267FD884D21A
SHA-256:	DE1ACBB1DF68A39A5B966303AC1B609DDE2688B28EBF3EBA8D2ADEEB3D90BF5E
SHA-512:	B17BD215B83BFA46512B73C3D9F430806CA3BEA13BEBDE971E8EDD972614E54A7BA3D6FC3439078CDFDAA7EEB1F3F9054BF03ED5C45B622B691B968D4EC0566F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......r....@..............................................;...............$...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	18127
Entropy (8bit):	4.036737741619669
Encrypted:	false
SSDEEP:
MD5:	B7F65A3A169484D21FA075CCA79083ED
SHA1:	5DBFA18928529A798FF84C14FD333CB08B3377C0
SHA-256:	32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
SHA-512:	EDA2F946C2E35464E4272B1C3E4A8DC5F17093C05DAB9A685DBEFD5A870B9D872D8A1645ED6F5B9A72BBB2A59D22DFA58FBF420F6440278CCBE07B6D0555C283
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fb\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a3\'ac\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\'bb\'f2\'b1\'be\'dc\'9b\'f3\'77\'d6\'ae\'b8\'fc\'d0\'c2\'a3

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	2980
Entropy (8bit):	6.163758160900388
Encrypted:	false
SSDEEP:
MD5:	472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA1:	974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
SHA-256:	8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
SHA-512:	676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ................. ......................../passive \| /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	13053
Entropy (8bit):	5.125552901367032
Encrypted:	false
SSDEEP:
MD5:	B408556A89FCE3B47CD61302ECA64AC9
SHA1:	AAC1CDAF085162EFF5EAABF562452C93B73370CB
SHA-256:	21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
SHA-512:	BDE33918E68388C60750C964CDC213EC069CE1F6430C2AA7CF1626E6785C7C865094E59420D00026918E04B9B8D19FA22AC440F851ADC360759977676F8891E7
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z\~jej\f0\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI TYTO

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3333
Entropy (8bit):	5.370651462060085
Encrypted:	false
SSDEEP:
MD5:	16343005D29EC431891B02F048C7F581
SHA1:	85A14C40C482D9351271F6119D272D19407C3CE9
SHA-256:	07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
SHA-512:	FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive \| /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	11936
Entropy (8bit):	5.194264396634094
Encrypted:	false
SSDEEP:
MD5:	C2CFA4CE43DFF1FCD200EDD2B1212F0A
SHA1:	E8286E843192802E5EBF1BE67AE30BCAD75AC4BB
SHA-256:	F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
SHA-512:	6FDF02A2DC9EF10DD52404F19C300429E7EA40469F00A43CA627F3B7F3868D1724450F99C65B70B9B7B1F2E1FA9D62B8BE1833A8C5AA3CD31C940459F359F30B
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenen Unternehmen). Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b SOFERN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, SIND SIE ZU FOLGENDEM BERECHTIGT:\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 RECHTE ZUR INSTALLATION UND NUTZUNG. \

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3379
Entropy (8bit):	5.094097800535488
Encrypted:	false
SSDEEP:
MD5:	561F3F32DB2453647D1992D4D932E872
SHA1:	109548642FB7C5CC0159BEDDBCF7752B12B264C0
SHA-256:	8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
SHA-512:	CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	11593
Entropy (8bit):	5.106817099949188
Encrypted:	false
SSDEEP:
MD5:	F0FF747B85B1088A317399B0E11D2101
SHA1:	F13902A39CEAE703A4713AC883D55CFEE5F1876C
SHA-256:	4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
SHA-512:	AA850F05571FFC361A764A14CA9C1A465E2646A8307DEEE0589852E6ACC61AF145AEF26B502835724D7245900F9F0D441451DD8C055404788CE64415F5B79506
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou, en fonction de votre lieu de r\'e9sidence, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT DE LICENCE, VOUS AVEZ LES DROITS CI-DESSOUS.\par....\pard{\pntext\f1\'B7\tab}{\\pn\pnlvlblt\pnf1\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\s

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3366
Entropy (8bit):	5.0912204406356905
Encrypted:	false
SSDEEP:
MD5:	7B46AE8698459830A0F9116BC27DE7DF
SHA1:	D9BB14D483B88996A591392AE03E245CAE19C6C3
SHA-256:	704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
SHA-512:	FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive \| /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	11281
Entropy (8bit):	5.046489958240229
Encrypted:	false
SSDEEP:
MD5:	9D98044BAC59684489C4CF66C3B34C85
SHA1:	36AAE7F10A19D336C725CAFC8583B26D1F5E2325
SHA-256:	A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
SHA-512:	D849BBB6C87C182CC98C4E2314C0829BB48BAD483D0CD97BF409E75457C3695049C3A8ADFE865E1ECBC989A910096D2C1CDF333705AAC4D22025DF91B355278E
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\p

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3319
Entropy (8bit):	5.019774955491369
Encrypted:	false
SSDEEP:
MD5:	D90BC60FA15299925986A52861B8E5D5
SHA1:	FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
SHA-256:	0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
SHA-512:	11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive \| /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	28232
Entropy (8bit):	3.7669201853275722
Encrypted:	false
SSDEEP:
MD5:	8C49936EC4CF0F64CA2398191C462698
SHA1:	CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC
SHA-256:	7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
SHA-512:	4381147FF6707C3D31C5AE591F68BC61897811112CB507831EFF5E71DD281009400EDA3300E7D3EFDE3545B89BCB71F2036F776C6FDFC73B6B2B2B8FBC084499
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS Gothic;}{\f1\fnil\fcharset0 MS Gothic;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67 \'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41 \'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\par..\f1 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation (\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'c4\'82\'cd\'82\'bb\'82\'cc\'8a\'d6\'98\'41\'89\'ef\'8e\'d0) \'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\'81\'42\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3959
Entropy (8bit):	5.955167044943003
Encrypted:	false
SSDEEP:
MD5:	DC81ED54FD28FC6DB6F139C8DA1BDED6
SHA1:	9C719C32844F78AAE523ADB8EE42A54D019C2B05
SHA-256:	6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
SHA-512:	FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ............ ......... .........................

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	3.871317037004171
Encrypted:	false
SSDEEP:
MD5:	184D94082717E684EAF081CEC3CBA4B1
SHA1:	960B9DA48F4CDDF29E78BBAE995B52204B26D51B
SHA-256:	A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
SHA-512:	E4016C0CA348299B5EF761F456E3B5AD9B99E5E100C07ACAB1369DFEC214E75AA88E9AD2A0952C0CC1B707E2732779E6E3810B3DA6C839F0181DC81E3560CBDA
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 \f1\'c0\'a7\'bf\'a1\f0 \f1\'b8\'ed\'bd\'c3\'b5\'c8\f0 \f1

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3249
Entropy (8bit):	5.985100495461761
Encrypted:	false
SSDEEP:
MD5:	B3399648C2F30930487F20B50378CEC1
SHA1:	CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
SHA-256:	AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
SHA-512:	C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive \| /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	13265
Entropy (8bit):	5.358483628484379
Encrypted:	false
SSDEEP:
MD5:	5B9DF97FC98938BF2936437430E31ECA
SHA1:	AB1DA8FECDF85CF487709774033F5B4B79DFF8DE
SHA-256:	8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
SHA-512:	4EF61A484DF85C487BE326AB4F95870813B9D0644DF788CE22D3BEB6E062CDF80732CB0B77FCDA5D4C951A0D67AECF8F5DCD94EA6FA028CFCA11D85AA97714E3
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w\~zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z\~podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a\~Licencjobiorc\f1\'b9. Maj\'b9 one zastosowanie do wskazanego powy\'bfej oprogramowania. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym towarzysz\f1\'b9 inne postanowienia.\par..\b\

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3212
Entropy (8bit):	5.268378763359481
Encrypted:	false
SSDEEP:
MD5:	15172EAF5C2C2E2B008DE04A250A62A1
SHA1:	ED60F870C473EE87DF39D1584880D964796E6888
SHA-256:	440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
SHA-512:	48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive \| /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	10656
Entropy (8bit):	5.092962528947159
Encrypted:	false
SSDEEP:
MD5:	360FC4A7FFCDB915A7CF440221AFAD36
SHA1:	009F36BBDAD5B9972E8069E53855FC656EA05800
SHA-256:	9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
SHA-512:	9550A99641F194BB504A76DE011D07C1183EE1D83371EE49782FC3D05BF779415630450174DD0C03CB182A5575F6515012337B899E2D084203717D9F110A6FFE
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Estes termos de licen\'e7a formam um contrato firmado entre a Microsoft Corporation (ou com base no seu pa\'eds de resid\'eancia, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\t

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3095
Entropy (8bit):	5.150868216959352
Encrypted:	false
SSDEEP:
MD5:	BE27B98E086D2B8068B16DBF43E18D50
SHA1:	6FAF34A36C8D9DE55650D0466563852552927603
SHA-256:	F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
SHA-512:	3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive \| /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	31915
Entropy (8bit):	3.6440775919653996
Encrypted:	false
SSDEEP:
MD5:	A59C893E2C2B4063AE821E42519F9812
SHA1:	C00D0B11F6B25246357053F6620E57D990EFC698
SHA-256:	0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
SHA-512:	B9AD8223DDA2208EC2068DBB85742A03BE0291942E60D4498E3DAB4DDF559AA6DCF9879952F5819223CFC5F4CB71D4E06E4103E129727AACFB8EFE48403A04FA
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset204 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\f1\lang9 MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0\f0\lang1049\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0 \'e2\'e0\'f8\'e5\'e3\'ee \'ef\'f0\'ee\'e6\'e8\'e2\'e0\'ed\'e8\'ff, \'ee\

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	5.444436038992627
Encrypted:	false
SSDEEP:
MD5:	17C652452E5EE930A7F1E5E312C17324
SHA1:	59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
SHA-256:	7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
SHA-512:	53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive \| /quiet - ........... ....

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	13379
Entropy (8bit):	5.214715951393874
Encrypted:	false
SSDEEP:
MD5:	BD2DC15DFEE66076BBA6D15A527089E7
SHA1:	8768518F2318F1B8A3F8908A056213042A377CC4
SHA-256:	62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
SHA-512:	9C9467A2F2D0886FF4302A44AEA89734FCEFBD3CBE04D895BCEACBA1586AB746E62391800E07B6228E054014BE51F14FF63BA71237268F94019063C8C8B7EF74
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan anla\'bamay\u305? olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\par..\b BU L\f1\u304?SANS \'aaARTLARINA UYDU\u286?UNUZ TAKD\u304?RDE A\'aaA\u286?IDAK\u3

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1055\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3221
Entropy (8bit):	5.280530692056262
Encrypted:	false
SSDEEP:
MD5:	DEFBEA001DC4EB66553630AC7CE47CCA
SHA1:	90CED64EC7C861F03484B5D5616FDBCDA8F64788
SHA-256:	E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
SHA-512:	B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive \| /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	17863
Entropy (8bit):	3.9617786349452775
Encrypted:	false
SSDEEP:
MD5:	3CF16377C0D1B2E16FFD6E32BF139AC5
SHA1:	D1A8C3730231D51C7BB85A7A15B948794E99BDCE
SHA-256:	E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
SHA-512:	E9862FD0E8EC2B2C2180183D06535A16A527756F6907E6A1D2DB85092636F72C497508E793EE8F2CC8E0D1A5E090C6CCF465F78BC1FA8E68DAF7C68815A0EE16
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset134 SimSun;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f1 Microsoft Corporation\f0\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f1 Microsoft \f0\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\'ce\'a2\'c8\'ed\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'b5\'ab\'d3\'d0\'b2\'bb\'cd\

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\2052\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	2978
Entropy (8bit):	6.135205733555905
Encrypted:	false
SSDEEP:
MD5:	3D1E15DEEACE801322E222969A574F17
SHA1:	58074C83775E1A884FED6679ACF9AC78ABB8A169
SHA-256:	2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
SHA-512:	10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [..] - .......... ..................Install ........../passive \| /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	10714
Entropy (8bit):	5.122578090102117
Encrypted:	false
SSDEEP:
MD5:	FBF293EE95AFEF818EAF07BB088A1596
SHA1:	BBA1991BA6459C9F19B235C43A9B781A24324606
SHA-256:	1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
SHA-512:	6971F20964EF74B19077EE81F953342DC6D2895A8640EC84855CECCEA5AEB581E6A628BCD3BA97A5D3ACB6CBE7971FDF84EF670BDDF901857C3CD28855212019
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LA LICENCIA DE SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0 Estos t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\b SI USTED CUMPLE CON LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE SE DESCRIBEN A CONTINUACI\'d3N.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\3082\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3265
Entropy (8bit):	5.0491645049584655
Encrypted:	false
SSDEEP:
MD5:	47F9F8D342C9C22D0C9636BC7362FA8F
SHA1:	3922D1589E284CE76AB39800E2B064F71123C1C5
SHA-256:	9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
SHA-512:	E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive \| /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\BootstrapperApplicationData.xml

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (591), with CRLF line terminators
Category:	dropped
Size (bytes):	13188
Entropy (8bit):	3.72805455167576
Encrypted:	false
SSDEEP:
MD5:	215C04E42ACC38479298AEBD4F36435C
SHA1:	5EF4A4B6A23288077D52E1192665D1F0CEA7ECF4
SHA-256:	2E69B9B7C1695676C15B354F53BCB56257EC79799C6853FECA480CBC9DDAA5FD
SHA-512:	C598C562F8BF97C4532E57ED8381B5DEBBEF3EC243FD5BCC7367621B7AC50B648D9822594B12AB6BD6BFB3223B7992AA00EEA205C3CD8770049C6E6173752E6A
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.x.6.4.). .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.4...2.8.1.2.7.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\license.rtf

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	9046
Entropy (8bit):	5.157073875669985
Encrypted:	false
SSDEEP:
MD5:	2EABBB391ACB89942396DF5C1CA2BAD8
SHA1:	182A6F93703549290BCDE92920D37BC1DEC712BB
SHA-256:	E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
SHA-512:	20D656A123A220CD3CA3CCBF61CC58E924B44F1F0A74E70D6850F39CECD101A69BCE73C5ED14018456E022E85B62958F046AA4BD1398AA27303C2E86407C3899
Malicious:	false
Reputation:	unknown
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-363\

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\logo.png

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	6.868587546770907
Encrypted:	false
SSDEEP:
MD5:	D6BD210F227442B3362493D046CEA233
SHA1:	FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
SHA-256:	335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
SHA-512:	464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#\|i${j$\|n~n.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.\|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\thm.wxl

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2952
Entropy (8bit):	5.052095286906672
Encrypted:	false
SSDEEP:
MD5:	FBFCBC4DACC566A3C426F43CE10907B6
SHA1:	63C45F9A771161740E100FAF710F30EED017D723
SHA-256:	70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
SHA-512:	063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\thm.xml

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8332
Entropy (8bit):	5.184632608060528
Encrypted:	false
SSDEEP:
MD5:	F62729C6D2540015E072514226C121C7
SHA1:	C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
SHA-256:	F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
SHA-512:	CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\wixstdba.dll

Download File

Process:	C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	195600
Entropy (8bit):	6.682530937585544
Encrypted:	false
SSDEEP:
MD5:	EAB9CAF4277829ABDF6223EC1EFA0EDD
SHA1:	74862ECF349A9BEDD32699F2A7A4E00B4727543D
SHA-256:	A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
SHA-512:	45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...<..R...,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.642545552164292
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	logioptionsplus_installer.exe
File size:	30'695'680 bytes
MD5:	719485510aeabbf435c804ea39851462
SHA1:	687cbc30eeea5fae9acf5a289702dbeb873ba6c6
SHA256:	634b485749719ce9089a2b82ac1021f989873e1bad31b19756a0fe67dbe67167
SHA512:	d63ff636f23a81dfe7be526c91719b83bff4bad66170a680362016ce50ebfbfd91853ee1b369902c2e2c24a8d088912d43f26d122c813d3d6a2b2424b8da8396
SSDEEP:	393216:HwnsqS5Gwb6+lptVYmfr7yBG/4oyFN/YuuccKU9oxcS2ZFpYLbNXFzX5P5ZS7MUi:Hwn+5GU6upttD7yBG/PcXU9g5zLrb
TLSH:	4067D046B298009DD1678179C523D606E6FABE355F2186CB31A87B761F73BE04A3B331
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<d..].I.].I.].I.%.I.].IM-.H.].I.].I0].I.#.H.].I.#.H.].I.#.H.].IM-.H.].IM-.H.].IM-.H.].I.".H.].I.".I.].I.].I.].I.".H.].IRich.].

File Icon


Icon Hash:	39cc969696964c33

Static PE Info

General

Entrypoint:	0x140039488
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A9856C [Wed Jul 31 00:29:32 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	8fcb2f3d689d6cf5b80fd63966c32a45

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	20/09/2021 20:00:00 12/09/2024 19:59:59
Subject Chain	CN=Logitech Inc, O=Logitech Inc, L=Newark, S=California, C=US
Version:	3
Thumbprint MD5:	4044C5CA5550239BD53D4ECC63101E35
Thumbprint SHA-1:	53B2422E8E2E074AC57CB9A73E004AF7DF8BF64A
Thumbprint SHA-256:	73E3F0EEEB0B014D86EAE8266089DFCB490EA34296D4F67C90276D7888F0CD99
Serial:	0160C5354D861DED2F317645DC3FABCA

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F6E14B59DA4h
dec eax
add esp, 28h
jmp 00007F6E14B5933Fh
int3
int3
and dword ptr [0003D059h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call dword ptr [0001BF12h]
test eax, eax
je 00007F6E14B594C6h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007F6E14B59489h
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007F6E14B548FCh
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [0001BF1Dh]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx
inc ebp
xor eax, eax
call dword ptr [0001BF0Bh]
dec eax
test eax, eax
je 00007F6E14B594FEh
dec eax
and dword ptr [esp+38h], 00000000h
dec eax
lea ecx, dword ptr [ebp+000004E0h]
dec eax
mov edx, dword ptr [ebp+000004D8h]
dec esp
mov ecx, eax
dec eax
mov dword ptr [esp+30h], ecx
dec esp
mov eax, ebx
dec eax
lea ecx, dword ptr [ebp+000004E8h]
dec eax
mov dword ptr [esp+28h], ecx
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
mov dword ptr [esp+20h], ecx
xor ecx, ecx
call dword ptr [0001BEB2h]
dec eax

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x70934	0x244	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7f000	0x1ccaef8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x78000	0x47f4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1d43800	0x2900	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d4a000	0xcc4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x66300	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x66380	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x661c0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x55000	0x4f0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5349c	0x53600	df35f92d28fbf530b84ac78489866377	False	0.5150774222263869	zlib compressed data	6.450515425566625	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x55000	0x1cd80	0x1ce00	1d0b4cbf45af658d07a4d5f9003462ac	False	0.4362063717532468	data	5.1760972797081655	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x72000	0x5334	0x2600	512f75149eb3d74c3b84395a2dcec66e	False	0.17074424342105263	data	3.7240435438201795	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x78000	0x47f4	0x4800	60aa4e4273c685d676f264b949649cd8	False	0.4886610243055556	data	5.719955329378176	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
SHARED	0x7d000	0x4	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x7e000	0x15c	0x200	601d660ba4004bb266d186012b48c82a	False	0.408203125	data	3.3554788530883757	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x7f000	0x1ccaef8	0x1ccb000	cb765fc8a950c7ef0c2f55b63a5cd00e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d4a000	0xcc4	0xe00	f1cd8be8b8e596c64569d785a7085e9a	False	0.4595424107142857	data	5.266742549245244	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x7f6d8	0x2	data	English	United States	5.0
RT_ICON	0x7f6dc	0xc311	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	1.0005206560265936
RT_ICON	0x8b9f0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m	English	United States	0.13990595055010055
RT_ICON	0x9c218	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m	English	United States	0.17926310817194144
RT_ICON	0xa0440	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.21939834024896265
RT_ICON	0xa29e8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.3126172607879925
RT_ICON	0xa3a90	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.5203900709219859
RT_DIALOG	0xa3ef8	0x94	data	English	United States	0.75
RT_RCDATA	0xa3f8c	0x1c93500	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows	English	United States	0.7878379821777344
RT_GROUP_ICON	0x1d3748c	0x5a	data	English	United States	0.7666666666666667
RT_VERSION	0x1d374e8	0x2d8	data	English	United States	0.4519230769230769
RT_MANIFEST	0x1d377c0	0xcd8	exported SGML document, ASCII text, with CRLF line terminators	English	United States	0.3570559610705596
None	0x1d38498	0xdcd	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.30427398811208606
None	0x1d39268	0xf15	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3084693084693085
None	0x1d3a180	0x16ca	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.25557079190949605
None	0x1d3b84c	0xcd6	ASCII text, with CRLF line terminators	English	United States	0.2994522215459525
None	0x1d3c524	0xe6b	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3007315090761311
None	0x1d3d390	0xe46	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3078817733990148
None	0x1d3e1d8	0xed7	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.30692287444064226
None	0x1d3f0b0	0xe46	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.31554460864805695
None	0x1d3fef8	0x1066	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.29823725583611244
None	0x1d40f60	0xf4e	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.29632465543644715
None	0x1d41eb0	0xd73	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3058379320360151
None	0x1d42c24	0xddb	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.31942486608401466
None	0x1d43a00	0xe47	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3119015047879617
None	0x1d44848	0xdbe	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3061398521887436
None	0x1d45608	0xea2	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.298184730379071
None	0x1d464ac	0x14a1	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.25506532853626207
None	0x1d47950	0xdd9	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.30493653032440055
None	0x1d4872c	0xba7	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.3546765001676165
None	0x1d492d4	0xc22	Unicode text, UTF-8 text, with CRLF line terminators	English	United States	0.34707018673535095

Imports

DLL	Import
COMCTL32.dll	InitCommonControlsEx
api-ms-win-core-processenvironment-l1-1-0.dll	FreeEnvironmentStringsW, GetCommandLineW, SetStdHandle, GetCommandLineA, GetStdHandle, GetEnvironmentStringsW
api-ms-win-core-handle-l1-1-0.dll	CloseHandle
api-ms-win-core-errorhandling-l1-1-0.dll	UnhandledExceptionFilter, GetLastError, SetLastError, SetUnhandledExceptionFilter, RaiseException
api-ms-win-core-synch-l1-1-0.dll	InitializeCriticalSectionAndSpinCount, EnterCriticalSection, WaitForSingleObjectEx, ResetEvent, SetEvent, WaitForSingleObject, InitializeCriticalSectionEx, LeaveCriticalSection, CreateEventW, DeleteCriticalSection
api-ms-win-core-heap-l2-1-0.dll	LocalFree
api-ms-win-shcore-obsolete-l1-1-0.dll	CommandLineToArgvW
api-ms-win-core-file-l1-1-0.dll	GetFileType, FindNextFileW, FindFirstFileExW, GetFileAttributesExW, FindClose, CreateDirectoryW, SetFileInformationByHandle, CreateFileW, SetEndOfFile, FindFirstFileW, DeleteFileW, ReadFile, GetFileAttributesW, WriteFile, FlushFileBuffers, SetFilePointerEx, GetFileSizeEx
api-ms-win-core-processthreads-l1-1-0.dll	CreateProcessW, ExitProcess, TlsSetValue, GetExitCodeProcess, TlsGetValue, GetCurrentProcessId, GetCurrentThreadId, TlsAlloc, TerminateProcess, TlsFree, GetCurrentProcess, GetStartupInfoW
api-ms-win-core-sysinfo-l1-1-0.dll	GetSystemTimeAsFileTime, GetSystemDirectoryW
api-ms-win-core-libraryloader-l1-2-0.dll	GetModuleHandleW, GetProcAddress, LoadLibraryExW, LoadResource, GetModuleFileNameW, GetModuleHandleExW, LockResource, SizeofResource, FreeLibrary, FreeResource
api-ms-win-core-libraryloader-l1-2-1.dll	FindResourceW
api-ms-win-core-localization-l1-2-0.dll	EnumSystemLocalesW, GetACP, GetUserPreferredUILanguages, GetCPInfo, GetUserDefaultLCID, GetLocaleInfoEx, FormatMessageA, GetOEMCP, IsValidLocale, LCMapStringEx, GetLocaleInfoW, IsValidCodePage, LCMapStringW
api-ms-win-core-rtlsupport-l1-1-0.dll	RtlUnwind, RtlVirtualUnwind, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader
api-ms-win-core-debug-l1-1-0.dll	IsDebuggerPresent, OutputDebugStringW
api-ms-win-core-processthreads-l1-1-1.dll	IsProcessorFeaturePresent
api-ms-win-core-console-l1-1-0.dll	ReadConsoleW, GetConsoleMode, WriteConsoleW, GetConsoleOutputCP
api-ms-win-core-heap-l1-1-0.dll	HeapSize, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree
api-ms-win-core-fibers-l1-1-0.dll	FlsSetValue, FlsGetValue, FlsAlloc, FlsFree
api-ms-win-core-string-l1-1-0.dll	WideCharToMultiByte, CompareStringEx, MultiByteToWideChar, GetStringTypeW
api-ms-win-core-util-l1-1-0.dll	DecodePointer, EncodePointer
api-ms-win-core-interlocked-l1-1-0.dll	InitializeSListHead
api-ms-win-core-profile-l1-1-0.dll	QueryPerformanceCounter
api-ms-win-core-file-l1-2-0.dll	GetTempPathW
api-ms-win-core-file-l1-2-2.dll	AreFileApisANSI
api-ms-win-core-file-l2-1-0.dll	GetFileInformationByHandleEx
USER32.dll	PostQuitMessage, SendMessageW, DispatchMessageW, IsWindow, IsDialogMessageW, SetWindowLongPtrW, DestroyWindow, ShowWindow, GetMessageW, GetWindowLongPtrW, SetWindowTextW, GetDlgCtrlID, SetDlgItemTextW, CreateDialogParamW, TranslateMessage
GDI32.dll	SetBkColor, GetStockObject

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report logioptionsplus_installer.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\ProgramData\LogiOptionsPlus\next.json

C:\ProgramData\LogiOptionsPlus\periodic_check.json

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageInstalled.gif

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageLegacyOptions.gif

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\PageUnsupportedOs.gif

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll

C:\ProgramData\Logishrd\{5c4ad735-8c88-42f2-b573-9c8beef54821}_logioptionsplus_setup\vc_redist.x64.exe

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

C:\Users\user\AppData\Local\Temp\com.logi.optionsplus.installer.logs\20240829T201147-installer-6980.log

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240829161143.log

C:\Users\user\AppData\Local\Temp\optionsplus-21c9-ea0e-f34c-ee3a\logioptionsplus_setup.exe

C:\Windows\Temp\{290B7A63-DF99-4623-AAC0-79B88F78147A}\.cr\vc_redist.x64.exe

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1028\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1029\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1031\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1036\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1040\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1041\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1042\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1045\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1046\thm.wxl

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\license.rtf

C:\Windows\Temp\{C7C1DD64-5C4D-4753-A82D-A5722BC14B7C}\.ba\1049\thm.wxl

Windows Analysis Report
logioptionsplus_installer.exe