14849d81f2800f56090e0db57937fb1bc77744a69a30df91e212186fb873f23e

Resubmissions

28/04/2024, 19:25

240428-x48q9sfa95 8

28/04/2024, 18:48

240428-xfrsvaec46 7

Analysis

max time kernel
247s
max time network
251s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lws110_x64.exe
Size

51.1MB
MD5

8756b799be8b2f7b73f8f7231cb0a33a
SHA1

8e9b0cf258b79590a8cbbb0df44d0775b0e742ad
SHA256

14849d81f2800f56090e0db57937fb1bc77744a69a30df91e212186fb873f23e
SHA512

ec2f8d06b245d14f170b2204d24c6da8007920fec070f48936d034ab01b0c49ca935f1697fa7b278d3a32becfbeeb20b088d7c324bc302804c1b26db53639959
SSDEEP

1572864:aOSabL9nvPr2rNVUvcGsk7oNXAHDkf+EEgbGCX0CeqHMXoG5:jRL972rNRaklHf+ebGCXSuMF

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system32\Drivers\LVPr2M64.sys	msiexec.exe
File created	C:\Windows\system32\Drivers\iKeyLFT264.dll	msiexec.exe
File created	C:\Windows\system32\Drivers\LVFaL100.cfg	msiexec.exe
File created	C:\Windows\system32\Drivers\LVFeL100.cfg	msiexec.exe
File created	C:\Windows\system32\Drivers\LVFeL101.cfg	msiexec.exe
File created	C:\Windows\system32\Drivers\LVFeL102.cfg	msiexec.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LVPr2Mon\ImagePath = "system32\\DRIVERS\\LVPr2M64.sys"	msiexec.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk	eReg.exe

Executes dropped EXE 23 IoCs

pid	Process
1940	setup.exe
2972	Setup64.exe
1068	Process not Found
1280	UnstLgcy.exe
2764	SetupCloser.exe
2604	Setup.exe
2552	MSetup.exe
3792	LVPrcSrv.exe
3820	LVPrS64H.exe
3936	LgDrvInst.exe
3420	ISBEW64.exe
3604	Update64.exe
3688	Update64.exe
4012	Update64.exe
3660	Update64.exe
3312	Update64.exe
3432	Update64.exe
3280	Update64.exe
3616	eReg.exe
3136	Vid.exe
3568	LWS.exe
3680	LWS.exe
3780	Vid.exe

Loads dropped DLL 64 IoCs

pid	Process
1856	lws110_x64.exe
1940	setup.exe
2972	Setup64.exe
2604	Setup.exe
2604	Setup.exe
2604	Setup.exe
2604	Setup.exe
2604	Setup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2912	MsiExec.exe
2912	MsiExec.exe
2284	MsiExec.exe
2912	MsiExec.exe
2912	MsiExec.exe
2284	MsiExec.exe
2284	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
480	Process not Found
3896	MsiExec.exe
3896	MsiExec.exe
3896	MsiExec.exe
3896	MsiExec.exe
3896	MsiExec.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3604	Update64.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3688	Update64.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
4012	Update64.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3660	Update64.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3312	Update64.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3936	LgDrvInst.exe
3432	Update64.exe

Registers COM server for autorun 1 TTPs 24 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{071B93FC-B6A0-4DFF-B51A-9527D59BB1C6}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{071B93FC-B6A0-4DFF-B51A-9527D59BB1C6}\InprocServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BBD5485-60FC-4DE2-9DCD-0DF0EF61F163}\InprocServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{E5877B01-EB33-4298-B404-398D7925495A}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E5877B01-EB33-4298-B404-398D7925495A}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3D192800-803A-4737-96CF-BFB0A8C92465}\InProcServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{071B93FC-B6A0-4DFF-B51A-9527D59BB1C6}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3BBD5485-60FC-4DE2-9DCD-0DF0EF61F163}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BBD5485-60FC-4DE2-9DCD-0DF0EF61F163}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6BA52595-82A8-4A57-9316-55E822EEDCB1}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\InprocServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D192800-803A-4737-96CF-BFB0A8C92465}\InProcServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{071B93FC-B6A0-4DFF-B51A-9527D59BB1C6}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BBD5485-60FC-4DE2-9DCD-0DF0EF61F163}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{6BA52595-82A8-4A57-9316-55E822EEDCB1}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6BA52595-82A8-4A57-9316-55E822EEDCB1}\InprocServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D192800-803A-4737-96CF-BFB0A8C92465}\InProcServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6BA52595-82A8-4A57-9316-55E822EEDCB1}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E5877B01-EB33-4298-B404-398D7925495A}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E5877B01-EB33-4298-B404-398D7925495A}\InprocServer32\ = "C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\UMVPL.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D192800-803A-4737-96CF-BFB0A8C92465}\InProcServer32\ThreadingModel = "Both"	msiexec.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3616-7891-0x0000000000400000-0x000000000058B000-memory.dmp	upx
behavioral1/memory/3616-7904-0x0000000000400000-0x000000000058B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LogitechQuickCamRibbon = "\"C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe\" /hide"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Vid = "\"C:\\Program Files (x86)\\Logitech\\Logitech Vid\\Vid.exe\" -bootmode"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Vid = "\"C:\\Program Files (x86)\\Logitech\\Logitech Vid\\vid.exe\" -bootmode"	Vid.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	1676	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	MSetup.exe
File opened (read-only)	\??\K:	MSetup.exe
File opened (read-only)	\??\L:	MSetup.exe
File opened (read-only)	\??\U:	MSetup.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	MSetup.exe
File opened (read-only)	\??\R:	MSetup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	MSetup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	MSetup.exe
File opened (read-only)	\??\J:	MSetup.exe
File opened (read-only)	\??\P:	MSetup.exe
File opened (read-only)	\??\S:	MSetup.exe
File opened (read-only)	\??\T:	MSetup.exe
File opened (read-only)	\??\X:	MSetup.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	MSetup.exe
File opened (read-only)	\??\V:	MSetup.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	MSetup.exe
File opened (read-only)	\??\Y:	MSetup.exe
File opened (read-only)	\??\Z:	MSetup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	MSetup.exe
File opened (read-only)	\??\G:	MSetup.exe
File opened (read-only)	\??\I:	MSetup.exe
File opened (read-only)	\??\W:	MSetup.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Q:	MSetup.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7fdd592d-0ef9-17c2-8b67-9e0198142148}\SETB8DA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4DE.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4DE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	Update64.exe
File created	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\SETBCEE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\LVUIRC64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4E3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4F6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC713.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	LVPrcSrv.exe
File created	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6FB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\LVUI2RC.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\LPEPI2~3.INF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\SETBCF0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\LVUI2RC.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7fdd592d-0ef9-17c2-8b67-9e0198142148}\SETB8D5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\SETBD02.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6FA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\lvcodec2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6E7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	Update64.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\lpepi2~2.inf_amd64_neutral_872d6b16d1d4013d\LPEPI2~2.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\LV302V64.SYS	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6FD.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\SETBD02.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}\SETC141.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}\Repository.reg	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6FA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\lvcodec2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\lpepi2~3.inf_amd64_neutral_4e604ec43eaceeaf\lpepi2~3.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\LVUIRC64.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7fdd592d-0ef9-17c2-8b67-9e0198142148}\SETB8DB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	Update64.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6FB.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lpepi2~3.inf_amd64_neutral_4e604ec43eaceeaf\lpepi2~3.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_2a1b4d56f46d0f1f\lpro564s.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB508.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\LV561V64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lelch64v.inf_amd64_neutral_c6dbd6cfec29ec4e\lelch64v.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7fdd592d-0ef9-17c2-8b67-9e0198142148}\SETB8D8.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3462061b-9d53-4a15-43e7-8f7ecb80dc2d}\SETBCEF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4E3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7fdd592d-0ef9-17c2-8b67-9e0198142148}\LPEPI2~2.INF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC713.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{66fa0059-c3b7-6cc3-cdcd-175cccbcb553}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4E2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{066fa085-b673-11aa-d68f-082706386b48}\SETC6E8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7bb1ad9d-ab74-034a-2d1f-8f604885d179}\SETB4E4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}\SETC13F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}\lPRO564s.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d818f23-5303-5241-2bbd-23637e5fad54}\SETC142.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\nld\LUpdateProd_Legacy.xml	msiexec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvWIAext.dll	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\translations\qt_ja.qm	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\bgr\LUpdate.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\iKeyRdMe.dll	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\ModelPackages\Dinosaur.LVA	MsiExec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\LV302V64.SYS	LgDrvInst.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\Readme\Readme_rus.html	MsiExec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\enu\LUpdate.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\ModelPackages\Talk to the Hand__vmk.LVF	MsiExec.exe
File created	C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MMSysPS.dll	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreviewPS.dll	msiexec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Help\JPN\qcam.chm	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Models\80's Music Video__fun.LVF	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Models\Cat.LVA	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Models\Mother Nature__vmk.LVF	MsiExec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\chs\LUpdate.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\ModelPackages\50's Movie Reel__fun.LVF	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\Repoac85.rra	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\images\lvc\signal0.png	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\Help\DAN\qcam.chm	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\lv30abf8.rra	LgDrvInst.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\lvcoacb3.rra	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\dan\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\hun\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\nld\LUpdate.xml	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll	msiexec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\LVUIRC64.dll	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\images\lvc\scrollbar_up.png	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\ita\LUpdate.xml	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\ell\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\kor\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\Help\ENU\qcam.chm	MsiExec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\hun\LUpdate.xml	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MRSystem.dll	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\images\lvc\button_pause_on.png	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\csy\LUpdate.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\plk\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Readme\Readme_nor.html	MsiExec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvcoinst.dll	LgDrvInst.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\Readme\readme.html	MsiExec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Models\Baby__vmk.LVF	MsiExec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\Microsoft.VC90.CRT\msvcp90.dll	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll	msiexec.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\LU\deu\LUpdate.xml	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\LogiKey.pub	msiexec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\lv302af.sys	LgDrvInst.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\LVUIad40.rra	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\images\lvc\prefs_expander_hover.png	msiexec.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lelcaab1.rra	LgDrvInst.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\ModelPackages\Chalk__fun.LVF	MsiExec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\sve\LUpdateProd_Legacy.xml	msiexec.exe
File created	C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\Help\DEU\qcam.chm	MsiExec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\WUApp64.exe	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\images\lvc\logo_overlay.png	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\Help\ESP\qcam.chm	MsiExec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\LU\lth\LUpdate.xml	msiexec.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\lvrs64.sys	LgDrvInst.exe
File created	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\lPROac94.rra	LgDrvInst.exe
File opened for modification	C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\lvcod64.dll	LgDrvInst.exe
File created	C:\Program Files (x86)\Logitech\Logitech Vid\sounds\ring.wav	msiexec.exe
File created	C:\Program Files\Logitech\Logitech WebCam Software\ModelPackages\4 Squares__fun.LVF	MsiExec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI87BA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	LVPrcSrv.exe
File opened for modification	C:\Windows\inf\setupapi_logidevtemp.log	LgDrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI84F1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8769.tmp	msiexec.exe
File created	C:\Windows\Installer\f7769b0.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI30BD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6C4C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8757.tmp	msiexec.exe
File created	C:\Windows\Installer\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	Update64.exe
File created	C:\Windows\INF\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI241C.tmp	msiexec.exe
File created	C:\Windows\Installer\f7769ae.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3330.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI33EC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI311B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8737.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	Update64.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem5.inf	DrvInst.exe
File created	C:\Windows\Installer\f7769b1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI84E0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI87A9.tmp	msiexec.exe
File created	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI6CAB.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI21EA.tmp	msiexec.exe
File created	C:\Windows\Installer\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\QuickCamDesktopSho_C0678C37AA5341A4BE4781BAF94DE0CC.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	Update64.exe
File opened for modification	C:\Windows\INF\oem6.inf	DrvInst.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI9321.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	Update64.exe
File opened for modification	C:\Windows\INF\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem8.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\f7769ae.ipi	msiexec.exe
File created	C:\Windows\Installer\f7769b4.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}\VidIcon.BA73B1B0_EF22_43B4_9B31_1EC3736CBBD6.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI84CF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\INF\oem8.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI8D65.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\setupapi.dev.log	LgDrvInst.exe
File created	C:\Windows\INF\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI8768.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8511.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI309B.tmp	msiexec.exe
File created	C:\Windows\Installer\f7769b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7769ab.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3552	3568	WerFault.exe	76
3720	3680	WerFault.exe	78

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MSetup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Vid.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Vid.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Vid.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	MSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	MSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{78E61E52-0E57-4456-A2F2-517492BCBF8F}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E38FD381-6404-4041-B5E9-B2739258941F}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E38FD381-6404-4041-B5E9-B2739258941F}\AlternateCLSID = "{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{65104D73-BA60-4160-A95A-4B4782E7AA62}\Compatibility Flags = "1024"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{65104D73-BA60-4160-A95A-4B4782E7AA62}\AlternateCLSID = "{550C8FFB-4DC0-4756-828C-862E6D0AE74F}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	MSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{65104D73-BA60-4160-A95A-4B4782E7AA62}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\AlternateCLSID = "{91D221C4-0CD4-461C-A728-01D509321556}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\Compatibility Flags = "1024"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E38FD381-6404-4041-B5E9-B2739258941F}\Compatibility Flags = "1024"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\Compatibility Flags = "1024"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\AlternateCLSID = "{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}"	msiexec.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	Update64.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	Update64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID\ = "{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{4C2015F8-48DE-4B9B-AA7E-F5D61FE8B0E3}\NumMethod	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{071B93FC-B6A0-4DFF-B51A-9527D59BB1C6}\ = "UMVPLConverter Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_08ca&MI_00\Shell\App2\DefaultAppliesTo = "\"\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_08cb&MI_00\Shell\App1\Command\ = "C:\\Program Files (x86)\\Logitech\\Logitech Vid\\Vid.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0817&MI_00\Shell\App2\Icon = "C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\ = "UMVPLDataTypeHandler Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\UMVPL.UMVPLDataTypeHandler\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2427704E-CF89-4688-9A76-E55358D09ADF}\TypeLib\ = "{29214F6E-1F74-4A5D-AB85-1AB29C267F95}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Logitech.VideoEffectPackageHandler\shell\open\command\ = "C:\\PROGRA~2\\COMMON~1\\Logishrd\\LQCVFX\\MODELF~1.EXE \"%1\""	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0804&MI_00\Shell	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_08c9&MI_00\Shell	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\TreatAs	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5CC51A31-2539-4C45-91EA-517B52101081}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0809&MI_00\Shell\App1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_08c9&MI_00\Shell\App1\Command\ = "C:\\Program Files (x86)\\Logitech\\Logitech Vid\\Vid.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B262CC1-155F-4B25-A280-F27C29F334A7}\VersionIndependentProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0808&MI_00\Shell	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0809&MI_00\Shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CAPICOM.Attribute.1\ = "Attribute Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19dcfb49-c5ad-4919-b46d-2c867867f0a4}\ = "LvApi11 Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6EC80478-EC0A-4E1B-B8E0-FFB6066D9C51}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{D0B7C734-2D1B-461D-93C6-8264DA4F038B}\LocalServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29214F6E-1F74-4A5D-AB85-1AB29C267F95}\1.0\0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_09a1&MI_00\Shell\App1\Command\ = "C:\\Program Files (x86)\\Logitech\\Logitech Vid\\Vid.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{E6F42270-9E69-461A-BB70-C690D1195BBD}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\ProgID\ = "CAPICOM.PrivateKey.1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{29214F6E-1F74-4A5D-AB85-1AB29C267F95}\1.0\0\win32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_09a4&MI_00\Shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D192800-803A-4737-96CF-BFB0A8C92465}\NumMethods\ = "7"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CAPICOM.ExtendedProperty.1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\Implemented Categories	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UMVPL.UMVPLAllocator.1\CLSID\ = "{3BBD5485-60FC-4DE2-9DCD-0DF0EF61F163}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_08cc&MI_00\Shell\App1\MUIVerb = "Logitech Vid"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0805&MI_00\Shell\App2\Command\ = "C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lvf\shell\Open\command\ = "\"C:\\Program Files (x86)\\Common Files\\Logishrd\\LQCVFX\\ModelFileHandler.exe\""	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ = "Settings Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LvApi11.LvApi11.1\ = "LvApi11 Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD1D611B-C163-4D56-A133-2FB3DF35BF53}\ProxyStubClsid32\ = "{3D192800-803A-4737-96CF-BFB0A8C92465}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{170F5558-8761-4ADD-9747-DA8A6AAABFC2}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_080f&MI_00\Shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8D9A64F2-357D-40C9-97CD-69FA7E64A518}\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{33560DE1-26A7-44A2-A088-D833B04452D0}\AppID = "{4A0A3113-924E-49B9-AE80-635054BB3945}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0994&MI_00\Shell\App2	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7E9805B-38A4-4C84-9D8D-B5E06E95A9AD}\ = "IUMVPLManageChains"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UMVPL.UMVPLManageChains\ = "UMVPLManageChains Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DC62AB08-D2AA-4941-A003-5963F7CA10EC}\TypeLib\ = "{413AEC0D-CF42-4BB4-9AA5-F873F6F984FB}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{052D2B10-0CCC-4B3B-B851-FB2CE995D1F0}\ = "IUMVPLAllocator"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_09a2&MI_00\Shell\App1\MUIVerb = "Logitech Vid"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{91AE3303-22FA-4076-8E9C-1F3D2D4EA01D}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19dcfb49-c5ad-4919-b46d-2c867867f0a4}\VersionIndependentProgID\ = "LvApi11.LvApi11"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UMVPLMMSystem.mmctrl\ = "mmctrl Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6CE61C9-6588-4A23-8555-0393D75F0876}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0991&MI_00\Shell\App2	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7E78D28-D1FC-4C02-B0BA-37E5C21F5340}\AppID = "{26717858-42D3-4849-9FBE-F91DF8234406}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_046D&PID_0803&MI_00\Shell\App1\Icon = "C:\\Program Files (x86)\\Logitech\\Logitech Vid\\Vid.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData.1\ = "EncryptedData Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CAPICOM.HashedData.1\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{BD1D611B-C163-4D56-A133-2FB3DF35BF53}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DC62AB08-D2AA-4941-A003-5963F7CA10EC}\TypeLib\Version = "1.0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
1676	msiexec.exe
1676	msiexec.exe
1676	msiexec.exe
1676	msiexec.exe
3136	Vid.exe
3136	Vid.exe
2552	MSetup.exe
2552	MSetup.exe

Suspicious behavior: LoadsDriver 9 IoCs

pid	Process
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1280	UnstLgcy.exe
Token: SeIncreaseQuotaPrivilege	1280	UnstLgcy.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1280	UnstLgcy.exe
Token: SeAssignPrimaryTokenPrivilege	1280	UnstLgcy.exe
Token: SeLockMemoryPrivilege	1280	UnstLgcy.exe
Token: SeIncreaseQuotaPrivilege	1280	UnstLgcy.exe
Token: SeMachineAccountPrivilege	1280	UnstLgcy.exe
Token: SeTcbPrivilege	1280	UnstLgcy.exe
Token: SeSecurityPrivilege	1280	UnstLgcy.exe
Token: SeTakeOwnershipPrivilege	1280	UnstLgcy.exe
Token: SeLoadDriverPrivilege	1280	UnstLgcy.exe
Token: SeSystemProfilePrivilege	1280	UnstLgcy.exe
Token: SeSystemtimePrivilege	1280	UnstLgcy.exe
Token: SeProfSingleProcessPrivilege	1280	UnstLgcy.exe
Token: SeIncBasePriorityPrivilege	1280	UnstLgcy.exe
Token: SeCreatePagefilePrivilege	1280	UnstLgcy.exe
Token: SeCreatePermanentPrivilege	1280	UnstLgcy.exe
Token: SeBackupPrivilege	1280	UnstLgcy.exe
Token: SeRestorePrivilege	1280	UnstLgcy.exe
Token: SeShutdownPrivilege	1280	UnstLgcy.exe
Token: SeDebugPrivilege	1280	UnstLgcy.exe
Token: SeAuditPrivilege	1280	UnstLgcy.exe
Token: SeSystemEnvironmentPrivilege	1280	UnstLgcy.exe
Token: SeChangeNotifyPrivilege	1280	UnstLgcy.exe
Token: SeRemoteShutdownPrivilege	1280	UnstLgcy.exe
Token: SeUndockPrivilege	1280	UnstLgcy.exe
Token: SeSyncAgentPrivilege	1280	UnstLgcy.exe
Token: SeEnableDelegationPrivilege	1280	UnstLgcy.exe
Token: SeManageVolumePrivilege	1280	UnstLgcy.exe
Token: SeImpersonatePrivilege	1280	UnstLgcy.exe
Token: SeCreateGlobalPrivilege	1280	UnstLgcy.exe
Token: SeShutdownPrivilege	1280	UnstLgcy.exe
Token: SeIncreaseQuotaPrivilege	1280	UnstLgcy.exe
Token: SeCreateTokenPrivilege	1280	UnstLgcy.exe
Token: SeAssignPrimaryTokenPrivilege	1280	UnstLgcy.exe
Token: SeLockMemoryPrivilege	1280	UnstLgcy.exe
Token: SeIncreaseQuotaPrivilege	1280	UnstLgcy.exe
Token: SeMachineAccountPrivilege	1280	UnstLgcy.exe
Token: SeTcbPrivilege	1280	UnstLgcy.exe
Token: SeSecurityPrivilege	1280	UnstLgcy.exe
Token: SeTakeOwnershipPrivilege	1280	UnstLgcy.exe
Token: SeLoadDriverPrivilege	1280	UnstLgcy.exe
Token: SeSystemProfilePrivilege	1280	UnstLgcy.exe
Token: SeSystemtimePrivilege	1280	UnstLgcy.exe
Token: SeProfSingleProcessPrivilege	1280	UnstLgcy.exe
Token: SeIncBasePriorityPrivilege	1280	UnstLgcy.exe
Token: SeCreatePagefilePrivilege	1280	UnstLgcy.exe
Token: SeCreatePermanentPrivilege	1280	UnstLgcy.exe
Token: SeBackupPrivilege	1280	UnstLgcy.exe
Token: SeRestorePrivilege	1280	UnstLgcy.exe
Token: SeShutdownPrivilege	1280	UnstLgcy.exe
Token: SeDebugPrivilege	1280	UnstLgcy.exe
Token: SeAuditPrivilege	1280	UnstLgcy.exe
Token: SeSystemEnvironmentPrivilege	1280	UnstLgcy.exe
Token: SeChangeNotifyPrivilege	1280	UnstLgcy.exe
Token: SeRemoteShutdownPrivilege	1280	UnstLgcy.exe
Token: SeUndockPrivilege	1280	UnstLgcy.exe
Token: SeSyncAgentPrivilege	1280	UnstLgcy.exe
Token: SeEnableDelegationPrivilege	1280	UnstLgcy.exe
Token: SeManageVolumePrivilege	1280	UnstLgcy.exe
Token: SeImpersonatePrivilege	1280	UnstLgcy.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3136	Vid.exe
3136	Vid.exe
3136	Vid.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3136	Vid.exe
3136	Vid.exe
3136	Vid.exe

Suspicious use of SetWindowsHookEx 59 IoCs

pid	Process
1940	setup.exe
2972	Setup64.exe
2972	Setup64.exe
2972	Setup64.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
2552	MSetup.exe
3616	eReg.exe
3616	eReg.exe
3616	eReg.exe
3616	eReg.exe
3568	LWS.exe
3680	LWS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1856 wrote to memory of 1940	1856	lws110_x64.exe	28
PID 1940 wrote to memory of 2972	1940	setup.exe	29
PID 1940 wrote to memory of 2972	1940	setup.exe	29
PID 1940 wrote to memory of 2972	1940	setup.exe	29
PID 1940 wrote to memory of 2972	1940	setup.exe	29
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 1280	2972	Setup64.exe	30
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2764	2972	Setup64.exe	33
PID 2972 wrote to memory of 2576	2972	Setup64.exe	35
PID 2972 wrote to memory of 2576	2972	Setup64.exe	35
PID 2972 wrote to memory of 2576	2972	Setup64.exe	35
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2972 wrote to memory of 2604	2972	Setup64.exe	37
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 2604 wrote to memory of 2552	2604	Setup.exe	38
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2912	1676	msiexec.exe	42
PID 1676 wrote to memory of 2284	1676	msiexec.exe	43
PID 1676 wrote to memory of 2284	1676	msiexec.exe	43
PID 1676 wrote to memory of 2284	1676	msiexec.exe	43
PID 1676 wrote to memory of 2284	1676	msiexec.exe	43
PID 1676 wrote to memory of 2284	1676	msiexec.exe	43
PID 1676 wrote to memory of 3096	1676	msiexec.exe	44
PID 1676 wrote to memory of 3096	1676	msiexec.exe	44
PID 1676 wrote to memory of 3096	1676	msiexec.exe	44
PID 1676 wrote to memory of 3096	1676	msiexec.exe	44
PID 1676 wrote to memory of 3096	1676	msiexec.exe	44
PID 1676 wrote to memory of 3896	1676	msiexec.exe	48
PID 1676 wrote to memory of 3896	1676	msiexec.exe	48
PID 1676 wrote to memory of 3896	1676	msiexec.exe	48
PID 1676 wrote to memory of 3896	1676	msiexec.exe	48
PID 1676 wrote to memory of 3896	1676	msiexec.exe	48

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\lws110_x64.exe
"C:\Users\Admin\AppData\Local\Temp\lws110_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup64.exe
    "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\UnstLgcy.exe
      "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\UnstLgcy.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\SetupCloser.exe
      "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\SetupCloser.exe"
      4⤵
      Executes dropped EXE
      PID:2764
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del %TEMP%\a1_lws*.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\Setup.exe" -lang=enu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\MSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\MSetup.exe" -lang=enu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Checks processor information in registry
        Modifies Internet Explorer settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2552
    - - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
        
        "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -installmode -location=245x69
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3136

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Registers COM server for autorun
- Adds Run key to start application
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 965E27B242B28E8629FC17851B0E2E4D
  2⤵
  - Loads dropped DLL
  PID:2912
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding A7D981C20F8615E9B185565E52C0C920
  2⤵
  - Loads dropped DLL
  PID:2284
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding 5724CF61F4AA7174B5334EAD03704D2F M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:3096
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F0F65F60C12FDE81188CA83292AA2759 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\drivers\LgDrvInst.exe
    "C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\drivers\LgDrvInst.exe" -usemsi -productnamemsi"Logitech Webcam Software" -storename"lvdrivers" -version"12.10.1113" -cumulativeremove -forcedelete -forceremove -deletedrvfiles -enumdelay=200 -usbhubsfirst -addarp"Logitech Webcam Software" -arpcompanyname"Logitech Inc." -arpautoscan -L1036
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\ISBEW64.exe
      C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8E83FCC-8186-4EDF-81AA-A68FE4A04727}
      4⤵
      Executes dropped EXE
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264\LPEPI2~1.INF /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Windows directory
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564\lPRO564c.inf /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\ELCH64\lELCH64v.inf /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies data under HKEY_USERS
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264\LPEPI2~2.INF /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Windows directory
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264\LPEPI2~3.INF /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564\lPRO564s.inf /difx:install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe
      C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe /inf C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564\lPRO564v.inf /difx:install
      4⤵
      Executes dropped EXE
      Modifies data under HKEY_USERS
      PID:3280
- C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
  "C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe" /install
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3616
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 99C412DD8115240EB6F179E79F5FE6CC
  2⤵
  PID:3348
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding F31763B68705A4C6E8DF45D15F29DF4B
  2⤵
  PID:3804
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 315A0C46A445FCAEDA2743037D764996 M Global\MSI0000
  2⤵
  PID:3456

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3792

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
"C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe" -Embedding
1⤵
- Executes dropped EXE
PID:3820

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3352

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005AC" "00000000000005B4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3396

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{39d23f31-e59b-1238-aa3f-7805016e8179}\LPEPI2~1.INF" "9" "666780623" "0000000000000574" "WinSta0\Default" "00000000000005BC" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3564

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{49d7bdfa-5a45-4e60-ffbd-f05a6061a644}\lPRO564c.inf" "9" "653ec010b" "00000000000005BC" "WinSta0\Default" "00000000000005AC" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3988

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5644013f-2f20-1c28-e0b3-9912efd77f13}\lELCH64v.inf" "9" "6cdb38da7" "00000000000005B4" "WinSta0\Default" "0000000000000574" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\ELCH64"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3652

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5d610eda-ef37-23db-5392-e858d0d0d62e}\LPEPI2~2.INF" "9" "676932f07" "0000000000000574" "WinSta0\Default" "000000000000059C" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3780

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{234e7cac-0403-7a9c-c194-a52cb1489001}\LPEPI2~3.INF" "9" "686ae57ef" "000000000000059C" "WinSta0\Default" "00000000000005AC" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\IM264"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3644

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\lPRO564s.inf" "9" "6559e8f7b" "00000000000005AC" "WinSta0\Default" "00000000000005B4" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3772

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\lPRO564v.inf" "9" "685f00a2f" "00000000000005B4" "WinSta0\Default" "0000000000000574" "208" "C:\PROGRA~1\COMMON~1\LogiShrd\LOGIDR~1\LVDRIV~1\1210~1.111\PRO564"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3200

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
"C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 856
  2⤵
  - Program crash
  PID:3552

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
"C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 852
  2⤵
  - Program crash
  PID:3720

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
"C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe"
1⤵
- Executes dropped EXE
PID:3780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7769af.rbs

Filesize
585KB

MD5
15890fcea7b43e6deb5eb87186ad77de

SHA1
30b9268c8d5e96ece7d6ef6f3911c07a2fc0839d

SHA256
0ec1a67949d91f58c5bf2d942bbfcfd2857a540445693ef762e3a1c4d48b4c5c

SHA512
d5a8d4a0637c30ec7a32c1cf3c8ef4d2067660f6b907f6daef1450150ca352b3656065230dc46e38dd19bac9e3bd2c65a94c26b88ec93189fda9751832af72df

Download Submit
C:\Config.Msi\f7769b5.rbs

Filesize
364KB

MD5
702a5ed8b93d6eb4706884872bd2446b

SHA1
dd304454c64dbb9ac3bdf0fce0bfafa14cb1c1f3

SHA256
17c71885cd0fda1461afd01fcb3103b39148ff148db3b57a4d11f7fd294eea8a

SHA512
7de2bb6d48d5fca7d0a65bc9b3aaf18e3996c1ac5fd880c68e0b5fa518f01f82398602dc2c52de53ecb4b156448d6fcbbaf6c3640d1400fe9dbaa12f880343fa

Download Submit
C:\Program Files\Common Files\LogiShrd\CacheMSI\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\PrivacyShades\ps_default.jpg

Filesize
240KB

MD5
37e440d427da5899d363367c131fd587

SHA1
f5bdb9f1784553b7ca018baf1c8d1569238e7ac4

SHA256
85ec11779d1b824210dfe0b7a140b721bd840d167f862b75df6e87d8d91c5504

SHA512
a7877d5c9756a2a56db38de111e01bcc9a12ed0a1d2508ba5ab631f1877ecc52cb67ab5cab7bcf64df8b1cf38d798bdc25ad9fdbdd7346b9bb073b4d636fd305

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\LVCoin64.dll

Filesize
260KB

MD5
8f608542715f434c94292c707954df3c

SHA1
a236a7b5b250cdc40c481565534efe50f710a57c

SHA256
1b16cb2da4fc91793b34bdadd23d7ede45103f419173ee5a7a8cd195f2e5d569

SHA512
bf0050012a904ba9659265ca43385c070b86654fa2954eb7273520b5d2da8f70f60869c0f30d5f41c854337c8c595cec97605d8a2d18d404783bc0f8a6cf0579

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\LVUI2.dll

Filesize
526KB

MD5
f8239e0a33154a55bb9d06b08623ad4e

SHA1
1e4a155afab1d7c78d3f3f22b04117f4e644febd

SHA256
943b2941a65af8142dd33b4789317b85bd693f7a609e03e37a4b6df07a64a7ee

SHA512
b6a464a875158109cd768c818c453d65e0e169d03d7abaa4c46c12fe5f0c71f16fedda0b77fa66b6b45bfdeb2913ec80a633da2453f4dad81628d6551b7bca6f

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\LVUI2RC.dll

Filesize
526KB

MD5
5a3f98ee8b87ef649071144cb227c25e

SHA1
e2eb37529a672e3e14fe0ba0e5445ae7f19260b3

SHA256
89bb925c3f8ce10c097fb1516391a9b9c7fe84f41d2a88bb46557869e3527296

SHA512
8395886ee878bdd29e538c3ef006b1dc7d9f25710415ccb8b6f479789e577ab099ec6d517b67a4104e429da520eef53bd0441c164058da429b20eb2e2541f964

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\LVUI64.dll

Filesize
747KB

MD5
562e807572a99a2be4b0ab9177ea9270

SHA1
a2fd0cc01a29a19a9ed466f928817365608837cc

SHA256
c8312c6cc729e1702e46d8d965999c5585ea650d346b4136b14820429a4e7f37

SHA512
f4f522ab4b9bd3cb5999db3402077ff68bdba28105ee9822f94323039e4896a0a3cc1acf152d16c14e3073c3bea5598c02725026b8b27f152f7b757e3aa9f44c

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\LVUIRC64.dll

Filesize
546KB

MD5
c5be2a22ed78b90ab1b08e27e0ec381e

SHA1
68e04747713dfd149050280f151d79a3bbe91756

SHA256
9ed2f88f8bce7108efabd9df5c9549640b322a578f78422d8d19f9f585e7a06c

SHA512
091511b08c1dac68ed6cb9a346e25390996abb920147d70a47c868d831d7aad7d9d0467613e65a40d08619c9350a17a63992caa1801f25ba7135b67324de9fdd

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\WUApp32.exe

Filesize
449KB

MD5
c4921f88b3145d64bbc2d4ebcc413050

SHA1
900d8d3220bd66c9654a6cadc0af7e881596412a

SHA256
873cb0fd12b5860592f17dad9425a334c03cccaa8042b30e35143bf157be285c

SHA512
56379048016f03e87d8fd07ab63766c7a6d1cd34114713ded5a3e76104e7c3604335b32efb9f3dcd1ceb7e468342adf9bff2d9d0c1832c06b374ea43f55c3c58

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\WUApp64.exe

Filesize
665KB

MD5
c31c2999cb1f97dd80fa1113df5d3d00

SHA1
4460200847b3054050b3d7b68674a8708b173822

SHA256
fd3ef21a918319b50a84a71617e0469bc46423e2c3740c831f12f43a28ba2a1e

SHA512
731088eabb76ca4a2fa9821608f61d721f3702b7dc9e432029e5cf15b0096640a198fe8e2c5883a4fce2dd8c0a1c27e1ec87b402a1ba55ced1f3020d9740e20d

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvWIAext.dll

Filesize
157KB

MD5
800c8921398bbba752bdb52aeb81ebc8

SHA1
7db652b8dff17f3976af520d53acdcf665ed976a

SHA256
fb3977746c256fafefadb4c12e9ec60de49054e1659cc822ec190b0576292dc7

SHA512
0a7e70194a4fb939eb9305d68b6238bfb734c49e015617a00d1ff47c932c1c07d659e8acbb0bdc2c219b663dd3bc1d02be5d5425b6decd11d9ac2aa124ba0ca7

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvcod64.dll

Filesize
389KB

MD5
337a1399bf03a38c4cc8bc961b42481f

SHA1
659bc5820c808e3585bbfbea33dbbe4bd1438bf2

SHA256
47e8656996c568e3ae0de99c1862a26c0dad73d1db12383d94f5a91367b6cbe6

SHA512
6fa8c4a3ce71faa6547b4b66394db9def719c4a841caaa52ac36f061a258dd3b3251f419ce648bb376413f94716e0146929f9cdb10867d07dbe54b00aa3c8c37

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvcodec2.dll

Filesize
406KB

MD5
5a951cd8133559c5fee10113a7dfa7fe

SHA1
61af275feba4fe2f527ceee783b97af5ead259d8

SHA256
fef2c3323f8d73d808d3ba3915c0c841f03a425bcb1b6678e2bde4be29519502

SHA512
b0577932e356022d272f0639210aa2ea28f5e7c4b313777883daa968d5420ec4525440968ce4313716f82402e23903cfc21499dc603be26e01a513eccda0f963

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\ELCH64\lvcoinst.dll

Filesize
194KB

MD5
1ff3f511a657f8f7c352d1016a2ebf72

SHA1
131c9d15f6c50e56c0946ab9d11f470a1d23321c

SHA256
07a646b9a274addaf405c08bcf891a3fa9436610cb45b257f69a73d2ab05d9d2

SHA512
932e57ec6fefc065a4be98d6af914254ecd1f5a3b41c3b744fdb61c30cc4f5a2f95e46105fc8441a6c09cd469b672d35240b3e2841b72b7d8f38ec240c47b527

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\IM264\lPEPI264c.inf

Filesize
4KB

MD5
e91c36eeaae70a885375a5d7066abd8b

SHA1
05a10369de532b11b743b5c2ed8c36a17f44a6a1

SHA256
e5e4ed38416db1fc7349528efc75ff17d2204821ea642d75223b7c84f4f45cc5

SHA512
bcbfb0b35ca2afc88cd736a900bb1088f9663e64f58d58002987841319bfaf5aa7a5b6f9a738c3f16b06f91093839aee041c519253e893ff954339d79cb363c2

Download Submit
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\PRO564\lPRO564c.inf

Filesize
14KB

MD5
0de8e84e4309e21a2d4ff01711b23a12

SHA1
68e85d5abd0cb42fe28651988cd15d5375232c00

SHA256
e9dfaf55bba938c22d447ea36a81f2787de07e6ccde92f1de681f81800ee5592

SHA512
f8652391d2df657371e11e8b6ba028eb2a450c8a0b30d8f49730d1312b5f3413d49b5a06e323248f230d139a162ddd1c61566ae067e18fcf25ae718b6ea91869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_5E9DA77B0642A1238CA4FA8B3D8A3BD5

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bootstrap2_log.txt

Filesize
4KB

MD5
aad2ff764d2a63333940b23b3e32d997

SHA1
b18d2b9bdec32aa1feaffda079fadfadda513a9f

SHA256
84d16ae6bfe9cbea3c7dc7f874f024f6695c74f04038cd0da7a2972d1d6a09b8

SHA512
00563518c5f2f2600b00a6bebe0bfb3c5b889e39584c16eba301397fe35b5e65f8fac60d854fe6fbf3075363e822bcd38b46d2c4558f3172c007b8386d404d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA88F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\LgDrvInst.log

Filesize
2KB

MD5
5782bdfcaad69bc6cf161fb905c89874

SHA1
3c3b125a7403f9fec9f4d8a39a4c2610bec876ac

SHA256
40837ef67f8832eb13fb41808085a787353ec5778d353a063e88d7fa28fd9673

SHA512
cbc23e2e1df3445c4d70f6d18dd13fee834ca6859e774c96a31e13504a89e0b8f4ac0a66ef06c5737989e731d2d6f6e1c8461a2880602f136c4328ab59bdc889

Download Submit
C:\Users\Admin\AppData\Local\Temp\LgDrvInst.log

Filesize
3KB

MD5
8bdf5eed03afecc0ea805aa864abd036

SHA1
6fa693b67faf17c1010c1503839dd8252bfaa049

SHA256
f4d35e88c313b977146eabf983666a51decfbe4a4fddd69db0382505398ad05c

SHA512
57cd2da4bba41c048ab421ec743d4505896358968735759b9654954c7d487cc2c5aad88a82ea2216bb9c9eb2aa3d36f7a3cf837184554232713e6b2566e3e6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\LgDrvInst.log

Filesize
4KB

MD5
66d710d86121c09720914182af55a9d1

SHA1
c3142ba95c32ffae846850b12172fcc2e929ee44

SHA256
fd397fc070f75d64c047cc0955a52d26f60325497952ad6e9b3301de62186cf8

SHA512
d7bdb34104b4319667a059121f950f9ff8e7e1ed412fee583dc6d6c083db420fc3386efa0256cc3b4a6cefd2a70d000e1ebd2a4e5e23c135e26b3653ee8f7483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\ELCH64\lELCH64v.inf

Filesize
57KB

MD5
da0a7355f77b7958b925b975c23b2406

SHA1
820478c96e0a61d99b2fb9900bf74e4abe60863c

SHA256
33c122c39f896bfac63c1628cd750b069cab360af0cb75c7e8b24fc9a98a53c3

SHA512
974f47f7326cc9472f9684fe857db1791c62b716929f704f8cc9b988e0ae8050652c9a73c074c342489b44ad0232d4ec95629196cd4c730878cb4a21999ba7e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\IM264\lPEPI264s.inf

Filesize
33KB

MD5
04fc0aba72ee11d27b55639fc7f57d15

SHA1
a81e4cbbba3395aa419bee3a72bdcca76488607a

SHA256
552010fe7220624078c803d5cda39992d880f71e5e36c38c9259ab68d415cbaa

SHA512
df6126b59ff1635c13754b2db0c0e56faf2e4c0eba49c663d37141b874af3ba82d6ee2a816dc5854928efe0efee55d896592b4dbde6027c6212a97f523f715c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\IM264\lPEPI264v.inf

Filesize
105KB

MD5
1b9f12e0e0326c43bc73b655d541fdce

SHA1
3e88a911800e3d2e7ddcbf5d28c729f86c1c30f7

SHA256
bf22e4be086bbfe480f4127e267d9de894b8a95869d61db424b8c9557bc41cdb

SHA512
6f82b40d7209b08152bebfe92737041694d01d56486c3595670c7e3769ba3dd06a24173824c0422da437d6786ca19768a5f2af1e71c868f457b75f9e161ec361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\PRO564\lPRO564s.inf

Filesize
115KB

MD5
e93e93a208543cb7de9bf078bc243243

SHA1
01b7862c4ccb37eaf2b2c0b74acd0f91c94bce48

SHA256
c1af18e5e6ecd2295f83da8272ab8b09afe89626ee86e7f5b63c16671ed1bc73

SHA512
bee708cbb016712f8b3834fc880ba15d0367db1b06c44e7c0af694a8921da25695c893681ddc5e7974375b7c326976ea8fbac3c1ce391e7628b9c8e841710ed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\PRO564\lPRO564v.inf

Filesize
270KB

MD5
71a3645a1037e8db8522b901ddda6071

SHA1
adca3e0b86da509e0eca014908f7f8008332d91d

SHA256
e00f6a0fb6527537f770dde07f1209c5cf00783150ee56a35ae1a0cbbd03cf90

SHA512
6f34876bf056ee3e38153b5d95207bd36fe91732dcfd18cbf930c1e842eac05ef3a39cca5e8ec9644de8ca1377c43a6784ca6100cf06d6e66a02b89a55dc5fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Drivers\x64\PRO564\lvcoin64.ini

Filesize
80KB

MD5
3cd1705d96bed331d53a845dc31078de

SHA1
147a07768acda9c57e269e7cc9c70fee6e9575ae

SHA256
12e7f6554ab7ae6eedabb612c21acef4cae8a3eb3da819cbadeb3dfafda9658a

SHA512
7ceadb0a064621d7d0abf9e33ac2b225d1bbb461803a0c17bc82b7ecc3e14ef82958b2aec157620417e863a628844ff1044ec66a6d028ba60643b9719cfe2224

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\LWS\LWS64.msi

Filesize
15.2MB

MD5
6b9b5a76e913a9feec624c35a67524e5

SHA1
7455b81c2e04cf292a1bbdad1fd7c0afda2a6297

SHA256
b4380be540ff37f13db4799465a8c24828916b6b3d1aa9b1179aeeffee840255

SHA512
d33c651a6f10bf607dc4b24a921d1c479a23e57d6280118440e265393bc3c107b9bbcfffa5f35f561ea1d18899f58d374bae32109c5e9a38686e917a8d43b741

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup.ini

Filesize
60KB

MD5
131e44210e82c222f15b930604945bf3

SHA1
0cde3bb27d2160e599151bcceb217bb0ea85a1cb

SHA256
bc2f8d07861f85aa49afe39ca37ce0f3712e34b0e73f7c5db4324d9ce7e21210

SHA512
ba9a903f2eab5334503f6789df252ef0ec37ad1600c553648d51fc74fc91f9182b41d9626283054816897b6b284940246156c204fc9379b2a50f8af193c0f2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup64.exe

Filesize
482KB

MD5
e5f8869c484b07a370346ee91f9a514a

SHA1
708a5a54e5c5bef7edfa7f70f37d7580c39759b0

SHA256
ad180af2ae0a4bc964404e2af1a4dbea04f0eb7258b7507559e91b33407ec9b0

SHA512
6c888acc1b846a1da368064d7c69a3fd1152ed7acc465cb46649bfeb3279cc1d9706b6220589b4b29340b7a51c98d143ca533a36fd1f3efc3dca1aef44a46608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\SetupCloser.exe

Filesize
181KB

MD5
ced7fed95eab2c2b7dcb73e04f9f01e2

SHA1
3818d7876e59b43dd673e49efaf0d60dee010213

SHA256
2e85ec4350efb7d10d21860af6759f2a03eb949a4a273c4f96cd6b88c07dc4cc

SHA512
62c654fc6656c8e17957c52bfc5e6e0d9d5369278f3dee1d842efd2fc7c9ce255ceba4c6741b560b26915bd227d1a2619b7dda332ef07ba979a7cec3d02be9c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\MSetup.exe

Filesize
865KB

MD5
85e1f18011b8f880c721a03f9e716c21

SHA1
7c1eb376e3e2691ff8968bfc2c32965912bfa976

SHA256
98bcee7ed570b3c77a727c054311459585b001b1fd7d083d62f6c8795beb8bdb

SHA512
452c74976f7d7089436b6b11ab3bea3a46d59361c619835ac0feee8a034c2aa1ae1f6cf085c2a9185359a2c10d15752b53e274d3ad7e50bff2d40647a66825ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\Setup.exe

Filesize
121KB

MD5
c386e3a4472aa5b5533ca8f38168062e

SHA1
c709a6b2900b7e599d006750a1b68ed3a2dd1950

SHA256
99369ac798aba3b0e51c8cc5e1cbeb52aa95c7aae5f3290b732ebea8a103257f

SHA512
7da78ccced3ee80805fb158c278c3dacac4df4c0f22ce4ed08b28699d9d18643d78ffb4cdf4521877984c94e8fa997b826d3e4ccc46e341bca3a175976a6990e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\chs\00_Welcome.html

Filesize
7KB

MD5
7437970b89ba336ca2e1df821b7a1f11

SHA1
47f7cb74d159d396bd35977f6987249f70bed0e0

SHA256
7c2d0ea8b8980aab305b40f1ec5f9be2b5a2077c1871c7952db1fe43b70c1bcc

SHA512
a02734d4a014f9562904dc2ce85cf6a04775f2b19c3e67c0a35ffe6c73ce3f2b9be9b6bc58f00988de138bbff03b617855b2e4f0eb3f85f24cf7d3bb5fd9711c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\chs\buttons.js

Filesize
1KB

MD5
752cdaf280e8c6450543c7d1c21634af

SHA1
5543f32319fa03593152aa979d882b9d76f62b22

SHA256
bfa158918da12dde58ea9d5159189bde4e44dae8a981280a03fd698aa5a6ffbb

SHA512
0af0ec497e50918180f8f6b4633b83c1aedb6dddf5bc214586fc5df40323bc890e909662aaea2187b1de9429713ec95233e29b52386909ebeec107071207cc35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\chs\buttons_install.html

Filesize
2KB

MD5
cbce5ac6fdf079f7a75747d9d832f080

SHA1
5d05ca236dee0fb94fc93a7321817547c736305b

SHA256
6a1b3a18553676a8aa8b8008a622017e34f172aef9f54c818ed1bdd840df42a7

SHA512
89f71fb726bb8fa4b58a8014de098edf79cdd5046b70ae05e308c4bebec0dd0ebe69350cfc9f6d4a15ce712bb2f4c80c61ea4c203e4bfb24987f1371026848e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\00_Welcome.html

Filesize
8KB

MD5
6e969256a65648b96671a829a1c8716f

SHA1
f53812ac4e2353350c2919bed8a847b04419d373

SHA256
93bcd6e5202e538288a6e48772dde3c1ff25c6dc9e2e69520a4f7afcac21b3be

SHA512
cfb847eef37c891dabdcba370e8d4418d2a736a2e05cdb8807ddd30e767702ec85f3065d89f23f0d1863625b78c5d5b153d482cfbb215fbec6f7c4c7f3fb32f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\CustomLayout.xml

Filesize
11KB

MD5
76b91319ccc2614968959f3e3a720a8a

SHA1
84a3bba50b86178cdd5ea29698991f53f5c33a4e

SHA256
b32d4797b8c867ae4cc92b4609f789e61c85e880e0fcab75b53ef59c984b9675

SHA512
80229b396784763248c6c2ae8cb69509be75b9f9945fb61dfba2f27a4e69873c836549f53b13139d0208012dd2105e0a088d151745ae8ecc572fa4edffff7860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\code.js

Filesize
767B

MD5
8436c6f035edac8069d6a576ceb73d4c

SHA1
a800be6ad6461dcd0325183672745b3394143fa2

SHA256
b32e54f67ec9f2a1532451a4b68b5d8732a8c21e57c5b9397f383dd407643698

SHA512
973daf627c934af226880b3ac3c3c49309f3d5e7ee6d87f8b6f8a5062f6382be86e74ba1c80ed9fae270aea7479346d18cad081a1a84c9c50586360117f0ab6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\header.css

Filesize
1KB

MD5
9ef7d806b56b735a44f11b618ece2a80

SHA1
42e40e961d0840d959cfde70a4da8a0914f5d596

SHA256
d625a11a14e5a3cdfcf5d3a269fa7205a75fe79ae040d66e15e3646636aea8c7

SHA512
a5ce33d91972e7d88a731ef2bdbca8af1b4b5f5c52aee44da47f7af4a332a612f0b5008ed0bc130eaafaecfa6b363881d96ddc1c877c801ee087fec1ba5e6fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\steps.css

Filesize
383B

MD5
a40791d1e4cc41881bf125ed2bd718b2

SHA1
8a0b44d76ed8e32e44767370a577dd7872b0cf4e

SHA256
50be5697f1e8270cea34efe517d757cd0b9776a83e7767466d39ca9d52156ffe

SHA512
c9af583de93036b513f25356651a80da4bcb1bfdc414187f783987db7e406d2eca2b2f5faeb1088aa538c373e1dd8d9748c5e8b2dd80c60c012ca0af752f74a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\ell\wizpage.css

Filesize
9KB

MD5
0d49d984f40c77160e9e1300e40fff8e

SHA1
ef422e371217ece36a833d661eeaa2ffcf5472bc

SHA256
2e371522b5abb21df5f6a0d3d46ff85da950f8f90e030c66cbfc141e511ae369

SHA512
e66d21341af7f2905e9d4fd43d11f570534650923bbe14390fe60da636b9bf93c5e4258a62e9461e5502993c3131b3a27f999807730e0611854e266dfaf5b567

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\enu\00_Welcome.html

Filesize
7KB

MD5
65afe9f0d35461bf414c52437b35e01c

SHA1
9a115ed7f794e43aa44b0c6d1deb6135aabfac30

SHA256
ce4cb2d49718d34474d0385aec01e2148dcfd806fbfbc95a82a774115e98e909

SHA512
8b5a3e5c7944ee988e6be3710b9dd90280dfe83d153b1131bb2def09e301c85bbd4150ed9e2db55406e68abfef897bb8202d67799cf6a8ba7bf347a3f59e0e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\enu\License.txt

Filesize
49KB

MD5
e67242fa082fba9fc609d9a4bd50c06d

SHA1
458081adc8c694ac9ed64f20bc59ea5ef0524914

SHA256
915979c3b92be856a0708d3d9f10c35728704ec0c0dbe63bff18e0af98407a95

SHA512
04f0a36e22b062bbf304bca3bb93932d624fa1d218843fab8be7b25bbb032b570fecab10431a70589f3ee6c74e2ebeebcc7e74eb8353d9d5c260a352705d4b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\enu\buttons.js

Filesize
1KB

MD5
960a100624fbcf3ef32de4009fe0baf1

SHA1
f793395db15589b5e64237001b8ee69b978f9bd4

SHA256
f6ed3a87ad7eee2cd7fae51721e6070ffb7ab52ab2c2d08437c65fea037bc185

SHA512
06fc9de01cc352bdb5207cf7608d68645ef052eb764ac8f5c160d662780df61f27c6b88a39848c47ff67211d8fdefc063565ed16e871fc4fc25383b8fdf57f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\enu\buttons_install.html

Filesize
2KB

MD5
30c9a0de3beab132758fc76adb1f649e

SHA1
8777318cd03893b1c47a18f268fe47b26abfe3e6

SHA256
d2be05a50bd5e1727581aad4f6d254286ca5d6a0458dca54956b7df5493e8f63

SHA512
a8f72823aa030cdb737d2d800cc20adea882801787a967cb8a827a8d2aa3069d20c0f71a8c271092667930c3158a396a333e4f63d64e509caabf9a9bb26a2b2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\logos\logi_new_75.png

Filesize
5KB

MD5
589e593392460fd82f26ddf0a0ee49d9

SHA1
f693e751fc4998904e71c872d34a9ba875ddcf1f

SHA256
faa46359bb6ae11a5d16303bb9b3b73c4c411a404d40b7da297e63ffce402b5d

SHA512
5a20a4c474900608c152ef1c5eb34324de4d49f5ae3113cb929b3cf10131f85d3cd5f5037b07c5110e989424fe56e8862ccd8f572151ac0aaadca2127949c54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\InstallerButton_upL.gif

Filesize
407B

MD5
f95a6ddb2695fcf51562d9f2597c13bd

SHA1
dbc2226b56907053374224be7ea766fe6de4c422

SHA256
52c74745b7bf538a71597b8eecde626bbb28bb5c44674778d32da6242c851573

SHA512
2ac61044278224b4a213a1f9d557c72794957701da20460c2a60901ed8b71c48a0fa81f7b3e9a15af1121441a9eb49c303d809110f70682a4eb8f1dac0d2203a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\InstallerButton_upM.gif

Filesize
832B

MD5
e7e3cb489bcc178986d7fcad4f67221c

SHA1
0862d4cce3c0a4d6a719f74956965ef517f5f1e7

SHA256
69e573ea1c1d052ce11dfc2e9e3f4f04268f86ee03b439e69cf362e6873e2254

SHA512
7a70779d4f153f86d086257d095734ed481e87d5dbd99780c14d871e3331f7ced4b1e54561ef5e9a8940ca9dfd396116620156638e3d7e2ba0a7a9932ce7d4ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\InstallerButton_upR.gif

Filesize
407B

MD5
0dcba5e22bb6d789a934548ea7ef5c86

SHA1
2797188385044d2b26fad50d3126225d6596afc3

SHA256
5027cb23fbc705c2dc4ce314350b572a91855e5d476e40b2cc0e56dbd562a944

SHA512
b18619dbaf036f945c21a6776ce1f34d4b92fb7fb9f0c0d26f515a561358b87b538619431d601baa8f14513ab3148270e48cde9828b5e341915919b4b9861328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\btnLlg.gif

Filesize
196B

MD5
562eef17a2da9155d0b637421a0e813d

SHA1
0e4a933345504af38929c226666ff7e0fbed4bf8

SHA256
89e2f22917b3f241432c0edbaf5a93a24d7101fb951813b874baae52afb23385

SHA512
7f19a33b6991c262155adef75bf6d4061f199b3ee00b4749abc19073fab7c25b5778f754668e7203c7a528660464c1291ddbfb1bb24e4dcc4cce73698120aa9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\btnMlg.gif

Filesize
67B

MD5
766df06eedba6230132a9fc366edab20

SHA1
45c3adc24b754f9d0eb96047e040870869c42e0e

SHA256
f054b6b63412a02a087004b64d0a8dc5f6aa85bc10af25eba821b95042194e15

SHA512
6e82ba410b057804288d61c65db395ae6be9852a56a77769a3e1afbd56a0b60fa0b3db40db84e1829e511e1c982ccf66e1af2d8de66d87f6d4ecd478a28b9c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\UI\images\optional\btnRlg.gif

Filesize
196B

MD5
7a597fffed9ad15fb467494593168712

SHA1
51e438fca99970c3ed7c42a90a4fecff30117401

SHA256
810c6259198d1e80884d68d9280b09bfce1a906dee03eecbd86ecf1be5c09010

SHA512
6ddea1224596947de6dbff88e92ce734b56192180aeb2d429ade03324f06fb13bd0f6b958e63c57f154ff7491d1f5a11b1a1f8461a3252acf72f1d167c7afd1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\setup.ini

Filesize
10KB

MD5
d809acd63c97fdaa05f88f65a9c9aa1a

SHA1
0f6481dc6cf067e997eea97a62d667c072da5d66

SHA256
af2d2ecfdd0986c1d3065ceff90d267aef32eacce0cceb439830566fa5804968

SHA512
b9f698f9e672ccf6a4e67e21ced7b9fec60d156cd6bb91491916d0bf68de3e05d760f50754c0924113950323d10f48b1b87f5633097ca535e932faa5632732c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\CHS\CustomStrings.xml

Filesize
2KB

MD5
261d3184d783bd91b706a4a0174e386a

SHA1
078636ee7ab5b8606919b18ff59d697a1f8d54f5

SHA256
93373c276e8844e550a3bd2ebf055506b457078ebc86fe43c1120eeaa24ff183

SHA512
0ece9db199dfebbc567caa4f742b0e565edb528f604b0ede8c8dc90a6edced2bae0d9a7b58655fd22c9ab1d4837b9377682846211c6fa4f8716b586960697382

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\CHS\StockStringsBase.xml

Filesize
16KB

MD5
8ff6b311543c6b8ffb5b075861064090

SHA1
3e7aff18dd67a48c5d8097a8f215c1d830cab9b8

SHA256
c75d245e175797be9007d35263a72e2e09f959907a91bb04eb2f7253b7d1b960

SHA512
433cef304bdf1d5e15aa2debd68d08a9f7311755510d1e0c0135713fb0f62db515c8284ee3a2638d552e19d9b8d8d3b8f2e5fe3c2fa0323a9cfd6c5c509e32c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\CHS\StockStringsBranded.xml

Filesize
1KB

MD5
ae18415377bc711bb8a3d61dfebf1abf

SHA1
975771322ee36e04fd0dccb1046312019b446e6f

SHA256
682740efea30540a86259fb65ed789b91fea30424ac9a7e172319b7f7d9f60d9

SHA512
909551961b09c4ac33fe583b4b38c56274e8edfbe6b58727ecb3c82d6eacc560ec2014d4be7eb2a0f091704ec8aa50ba6f981da200539d16dbf91043745e343c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\ENU\CustomStrings.xml

Filesize
2KB

MD5
9268852eee95d5cafb05f66e43ea22b2

SHA1
3b87087f0d4b7a1c39ef33e9f1cc4f9e252c3001

SHA256
e0f8d8e6fb5b2e85429067fb5acdfb86e3b6e95a585fa9ca13dbc8d91b124e51

SHA512
77b16f73e2a51ff1ff64b4b6b8273cbef7a3d7976ea18cc28a7dbe1caaeba22abe1fb5ef7519535c845eaebd22714c19aa237ff78b9071d88e29ff906b5cc5ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\ENU\StockStringsBase.xml

Filesize
16KB

MD5
0b4a89c6b42b3afdfa0d84ce14119ca6

SHA1
3195e67dd33bea24a4689a1441ed24158f6c9cfa

SHA256
49ac4600e3bdc5052aa413a8477e995c037996b628dcb9b03c75645c048b5bac

SHA512
fe329e16af601d155ede1b323642dc7621b11cb78c72a8fabe15c63fef6a54100b088b6d7188ea912dd50a8f4dd85e86894a3a03826a9c2e5a347796d1cf1a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\ENU\StockStringsBranded.xml

Filesize
1KB

MD5
3a0d3c3532821e3d2e3d3d8cd991026b

SHA1
fcc594886002248a01f03646e65d55f372fc3f9a

SHA256
0578b84baae059f5a5fb3d6dd67fbd4f9aba0b8c76388afab70e2593ecaef489

SHA512
5a363cc01db12129c3bd06a3995406f39547417c6557d648c1a1c3b466eb5a6e0bd54c36164a3bdcaa8b7d404f2f486f2c8849e33a08ac4e998c270ad8b6bf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\StockLayout.xml

Filesize
4KB

MD5
eb625460be4da41f19de51e177ef729e

SHA1
516cbc016e3e3b94709533e61e8eeada64ce3346

SHA256
812192d39aea341eafc3bb228012fdbb7b680e8baf305717a8ef836a667ad425

SHA512
036c522844d42027e046460efa387c5036959e081dc847ae664f7988c5b1a1d899e8a6a64c993b0eb9b51cfd5de06ff2bfbfc4b4a398ff423b3567da07831b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\ui\resource_ids.txt

Filesize
12KB

MD5
8eefc4fb7b7d9fe00c86a1adee7472a0

SHA1
2338013c440dba96411a8d569cb639ad4eaf9710

SHA256
1cb34abbc70648e87019911fbc58758dce99c00c425d93e36ef13c2b870b6764

SHA512
101746b8fc383b60620edd9852a1e2d7571e9ac5418bc83fb9cbf392a965253796f915d26e75b0652c5015cf6e6309d4d7771b710c1934e5caa3756f654da5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\UnstLgcy.exe

Filesize
61KB

MD5
b8049eeb3fe0dec5532bb1681b861359

SHA1
953ccf9e161b61d96207d1c5be1ca68ee3c0602a

SHA256
e2329aba6f16a675000a693d2b376214a94d950c114652ea7a85a092210f6420

SHA512
10fe8f2bf8ae51530384ae9d7da8416da8e82b1c9e8d4405d0cbfeb5bd81d87952838dcc78a0e9d367e3abe6f22e39c73818a110a3f84e2fc334cb334c4d85ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Vid\Vid.msi

Filesize
14.8MB

MD5
e5465c974d92cf28e7cb4b76d290293c

SHA1
083720423bc197d4f1a9dd3ec17fc2d054f536dc

SHA256
7e6dc8da99b0bcfdb2195bdbb577e73c452ff8be814f54b707b7a25491368b39

SHA512
4263f5f6ec9f9146eecbcd84c469e56f36822f2d8772af2cece44223c0f9606825ba2d1d990f999f3661b6f7b42507a9a6154c30c1c80fd07e7d13268dba590b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC17C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.txt

Filesize
1KB

MD5
2e4fe92786a63e59f4208c1e3822c206

SHA1
06c93a7a84da49bf14a57b1ab922fabbb51be505

SHA256
81bcebe5ac310479b33c816a7412bdf08348221696bfd93e219f891abd473a9e

SHA512
bef23b17c136a22e99b08c3371ebdd585612cac156bcb091c54b84a5cfe76aee8d2197a9f0ad1ba97c34dc0455a1e940721894ab375b54172b5f51d5fce202d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.txt

Filesize
1KB

MD5
6856db28feb50f6fe75a62c4786af427

SHA1
b6b2c24ac1c4c23aca8065030108a0a7c2fdb749

SHA256
7823cae2d25570b91eab23def7b80954b3233baacc39364e48cdd307a4e73384

SHA512
e6962d144d3a9dd0df67b75a0a0f5667a075f8a2e4193c54cc634b1443bfdc617e5dd69551bd9b0af4bd0f76bfd0da174b05bd4242c5cdbbcf74361a48e0ad62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.txt

Filesize
1KB

MD5
06d156c4b8fbc127374bf1d371a391a2

SHA1
1a0b6e44b022b5c4c9c9b8fb5ea92576eacd695c

SHA256
2c325bcc0e51041da69d836f48ae896fdb8a02b3dd621b6da8eebc7f9cdcb7bc

SHA512
37da0b3570a1a801a3bfd069f18b46c577c795fee36bf05519487a3b0f993debfd2ca3a702fbf7e916d3e314531ea05cba0ffcf64f6d8e81b47562e762a2b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.txt

Filesize
1KB

MD5
562bff37177643ecc643db9bae0fe35a

SHA1
ff9ff73430b9e566c1e19093ed9b85602692b812

SHA256
30806016e8464268f58058b71af19ad359cd53cb1a1367fc791ed745489a4587

SHA512
98d43086153de7722ed5b3ef1da3b015f0f0307fe77ff0eae872fcf218395f4fc0e94755ea16908a0013688ddf93373ea9188fe35c0b05e381c5beb4201fea1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\manifest.xml

Filesize
5KB

MD5
9893f2f5c99147539d958f1aad0b2597

SHA1
d79b8d29484fb28f3f5d8b157764fc58dd968192

SHA256
5bd778525d489778ca9af3c44bf2ee31bb39fe3bda22b8c68d6df2e652e217a7

SHA512
201e39979ee4b2441487053e2ec8cad68e85a8b89f2927598807d2b937c7ce126c872382dff1c1a8020d123f9ea6fe5e2dc025fcccfe855afcbd9317e2183923

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC543.tmp

Filesize
6.1MB

MD5
5747bc465abea2858c5d037252aed84e

SHA1
783f6d9e475f4cd54268c7def6f9867bdd19c4ff

SHA256
1d62e05ed1d3265fefdd02c8653b2901b05994091f1d417632e2fbf053c5d451

SHA512
fefa905852fd204b1861ba44310fca96e4ff45558d47d0d634e671e8a6b1baeb3a6499aa6294bdd795459c6666d36d921d3c2a96669baf9c0a6c0f5cdd23a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC544.tmp

Filesize
526KB

MD5
0df1e0963754d701b2b2f3b86454adcf

SHA1
b2b071a85c06fcccce07a96f54b40c380377398f

SHA256
a174d2b9aded9cebfb93a26d76cf4eb4f84b24f38d7a2c15e714f7bdf8c4ea48

SHA512
a4262093db2ffbb22c3a8da60c763369112ffcf4438846506c0dd5621c33bee222402cee9ddad8fe39244a8c29ce51bc4f9d65bbade07f2a95d50ddf44d46c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC545.tmp

Filesize
22KB

MD5
eeaebc9a809dbc2d455634fbd32d0b7c

SHA1
7537d2b754d15d6590c91e47e536df32a5162a31

SHA256
e4b1a5e9f39159cb1cb806cd8675ceb0216d2f90caf61078182f6cee8f33106b

SHA512
aff0d5c1aedec4643a23a7de03dc76a6aeba4d3686537a195751a96bdf44b405b3cb69e1e70f83c0e44cc0332f7346210061824303691e52bcfdc6232ef1fddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC559.tmp

Filesize
546KB

MD5
10331d5f2180453d7e947b6dd6752fcb

SHA1
455b484740033e1037015c0f2a8922966fe9e5ab

SHA256
602fbfb3a18e73b4f6cbedb589d718e87ca77a0a869826b793db44cc2e8b6482

SHA512
1f56d4cb0da83e22758894696ddff3b46b6dc86546487cdfe3cb80c17938feff58bb5d55cd49d8a3ab88e067a5c0a679322b1a9c71cf81b64eb033d8fb51f628

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC55A.tmp

Filesize
406KB

MD5
8b32688233e95073769bd97ae22ed512

SHA1
da365224caf85b029af958b89b3fa197c9af5112

SHA256
bcd2a54bf1d7f0c58773947bb46ed350a2828883cd4875e0a98f44325ade0576

SHA512
87d2d3518de9f0c0dae2588860803bdfc12849747abb84d82b8b6504e84f6c93f703eabf687528eb0003f3e9bb8a247aaf90459d1aded7a3892243e9148e27a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC55B.tmp

Filesize
526KB

MD5
4f99f157a9a63017fffd264f9d852a63

SHA1
b1c6ff6b5f92d20f068830ac5d90a2b086e1a7bd

SHA256
5efc8580e3fed04eb5f74ffe0c37b0be166dcd9508d00fb6c4893cf63457ed3d

SHA512
b636dff42ef143d930f076974023ae1e402088ae7a8390ec283a11997972641f5e6174df8cce2f790f42ff22b109a451af54d5c27802dc8d2393ac6fb62255f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC55C.tmp

Filesize
260KB

MD5
835c775a6871d2a2ea6fc343b6b4c9a2

SHA1
61269d1e6597fa0966e76378327a345f3c9bac01

SHA256
e56c9eae6a8704ce7b9ebfc4a0abfe75afcad5be762a4f33a1c7911fc2fec9d7

SHA512
b9bcefe2a0e147d5058a4db73122154409aa15d5e5c19b13ff5339448f8574daf21758ce424e33eff989bed0893ed3f01d00d7e25a547e7bbc31861dc3fcc540

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC55D.tmp

Filesize
749KB

MD5
202529d580160ab1b3fb96b59068de04

SHA1
7151522f474103fa28b9e6930ea04558f6fcf1d2

SHA256
83b5ad4527cfb6f89e1b844f87acbd158bc8a21f5a95fe66edd4f4c8498acc04

SHA512
6b4476b7e651cf578078f5407cf6d4ab38319d6b4c18ebb3a9b9333a6dc34db897a00f3ac95dbcf4ecbc845d27cfb09415cee84d3e95ad32d8de1afbddd6d25f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{022496fa-74d6-065e-140f-7633d818ed37}\SETC5CB.tmp

Filesize
389KB

MD5
b99ae56c93fac9c351d0f60175e64929

SHA1
aaeb4e96aa6aaf7623a07d88b083badb7db18012

SHA256
19575d9999f29789d993e0062c6fc6e2630997432c60dc4435913dcbd5ecd9c0

SHA512
3760c2c727e0e15253431d906f9103fe7c216490f05baad717d431e6f68b838486feb94ef59105938cbeae7296035066eb0a322bda10e8d8b6835b6a1b3f0d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\{234e7cac-0403-7a9c-c194-a52cb1489001}\SETBC54.tmp

Filesize
14KB

MD5
8ea5a7bc3da5c02543fd7b56e0aa240a

SHA1
f10d6497046d37ef44f70d8239abf37518d213a9

SHA256
6afe6e046fdeffe4893812cd0278c66bf686b802cddfbfb25fdb63d2f0dfda14

SHA512
34531587a96f92af2a6b2a89ccd486dde513bdf3f85936b29f019345ac9913e6aa2d9519c0b3b86449cc7acf5447530742c7226c11cbdc454a7b788e01a9ce5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{234e7cac-0403-7a9c-c194-a52cb1489001}\SETBC67.tmp

Filesize
2.6MB

MD5
ae0b94363da0f60d42b9d05b352f61ed

SHA1
395f0baf117328e14802796fe095600ed4926fe5

SHA256
284ea0123798bdbbaa93f912ad45b3d3f1f662fdda5c73c0ac0d76ac2f9033c0

SHA512
7401ca15fafe64e215952ef5d29031efd9a66f54e74f3defad1995960f1d58784ad9cfe566c3404f82d89d6d70e9ea26ac0c183fd1d8129824a92d3163053e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39d23f31-e59b-1238-aa3f-7805016e8179}\SETAF72.tmp

Filesize
8KB

MD5
6367c6a616e510e03a933454f7255213

SHA1
736bdd2c3411f9afdf0e7cf86d7f703b6638d7e6

SHA256
0901db75c240dbd68690fdf2cabdcb35406fe0f73fdf5451cee4346d2c815dcc

SHA512
4f6c936908f03eb5e805a344d6caa09e69842773aa2964a8da8b65b78d077b8f2561056f1dfdeb5d6930ef4f6f3d250db8a4f3dc71a07a38dc2d0a1052f84834

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0A1.tmp

Filesize
666KB

MD5
116ec506b4dcd4ba3e34290dc6dc96a8

SHA1
d72e54acc3353e7884df6c98d43659414a9f9da5

SHA256
1eb6a3a938db2e7d69acd121a24d30d7a1c5fbdfd9c3540f0e3546310f436fbb

SHA512
c0a6cce654bcd7a3daa99973c85b9ccfbd634496cf9d6da07dd11bd5e1a13a8d46c35ac75b5bbdbc12daaecbbe9df4290d9fc70f25f87f1c347e419ac42b0cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0B1.tmp

Filesize
20KB

MD5
011102f7e565bc3213f97f14d198fe4d

SHA1
164d8b5f54d1ee70a2e5b412d858013cda36b4d2

SHA256
87a31ef195a0619b9399e3ef5778a4dbb80089e43931cb5ba6a91862047eca85

SHA512
36f58c253eacdd9b21ca170c061771d14c4199d559c0d280005d0e3b11f89e4cc9d67c69588b16703c1917cf06aef2f27aa01de0a4a780b055a4545ee4f30490

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0B3.tmp

Filesize
260KB

MD5
c0bd314222624b5183f4aacaf47b94c5

SHA1
d2059b237942ebbed40c6e9e7e7e85c604cb4c88

SHA256
aceefbf0dc4b82a7c123e8dbccd49603b06c7b2e273aa4db1e34c185f0c2a7d6

SHA512
8de60bc461d70480c806c2dc88cf6ef6528c9051087cf43c4e2a78061f4ced6b4149430a89374ce837646969e7ba664e7b9ac5ccebe156df2a5b657fabe77826

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0C5.tmp

Filesize
265KB

MD5
b2085e335f2b57077b0cbadb6f1245cd

SHA1
836cb51d6a12c0da72d05b812809089c9e45216d

SHA256
69c81753b2abae8c89cedadfcb73fb332e5fcd555576959ad412bf036ec9e343

SHA512
4fb4a2e48cf86a475ffa53e5d49d7748d3e6269cc096714bcb9b7c41bd7e06fb4d2fd9fa61f69549a3fda34214f9f2919f39e8146d11038ee6339bff080bc96f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0C6.tmp

Filesize
66KB

MD5
99bcd802fe1c480e94dcb29d904f56cc

SHA1
5f36bf0a1d4540a3681989f6048d6bc66510a564

SHA256
d791ed0e3164f36263301ffcff0565bcade13c05df08fbdc91b21df9207d1ae1

SHA512
e53def5ef095e6f56c287cd1e827cf08f05dde5a14f875b43c690b9c678fee39bbc77a4d3f1c5bc0cb69e98f08387a82eb6f260cad70d76a0ff34b4435f166a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0C7.tmp

Filesize
320KB

MD5
986c1cb787a007baa5f74e7d316d7246

SHA1
3dbeb34c4b7ecf21620e47401bdca3403259b540

SHA256
8846d5ff09a669816f57c98507fbcbe60f770b22bc784269765e46b36ee38d9d

SHA512
148616fd049a8ba5d0f8d261a7833e545d87217d2ed1fcc4a410addc7ba2422148b079c58184f502dc28ad6d204d233621333312211e6493ddbc8b306a67afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{39e3ffe9-eb2c-099a-fde1-e57a0f823538}\SETC0C8.tmp

Filesize
33KB

MD5
d011aa06040d9d4f84028261b9432f92

SHA1
9f08cff5754154c477bf4a6978e699ffabbbff09

SHA256
192afe938db8d1f9d23721ebf0c80ac447b90555e37bf6d051c55cc79a2cde85

SHA512
3c0d9177d0dfa9cd576b47fd42d83203e3d60e4baa44acb6340e9e77573855042b5a79e0522db628cf8b399599db4a13bd5e1e14e5639a86dab8e2245ce0c866

Download Submit
C:\Users\Admin\AppData\Local\Temp\{49d7bdfa-5a45-4e60-ffbd-f05a6061a644}\SETB1B3.tmp

Filesize
15KB

MD5
39296eba4508ab42ceca0109b1074188

SHA1
de61d0f0500551d38a86c8d944a9695fe66364f3

SHA256
dca4dcb3776499410264b95a7852e41d7e42e39d1298bf7c847dd5971831c75d

SHA512
7363d919a05a8992118a71d2b8de9aa2146b18f059fbeb6282082a2bd292c326ebda58ae9761fa27dfca6530a7ef16feaabe72140906617368134ee75ceb2818

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5644013f-2f20-1c28-e0b3-9912efd77f13}\SETB463.tmp

Filesize
13KB

MD5
d2aed53842fe1e0754f857f7573e91ca

SHA1
3bc0a8f73750dbe303858d5220d92c4de0a9436a

SHA256
3b988430e2b41c98e9881585d531933054319664c1690e8454d52c4ae981bde2

SHA512
a0ff91f58a552913ebf5f1d9da38f99f2366dd67e283a7193eb92b32ec2e5c15b976ad4b65cc42342f991c22c078447c8ce2c79496a89a8daf533e11d09c7b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5644013f-2f20-1c28-e0b3-9912efd77f13}\SETB49B.tmp

Filesize
575KB

MD5
b47dee29b5e6e1939567a926c7a3e6a4

SHA1
351cbd352b3ec0d5f4f58c84af732a0bf41b4463

SHA256
e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4

SHA512
35612736073aff0bf2ae47f08f6ee2ab2737bf7233ba6a241c63738571cde96003073d66a3f574bee8a534b812915217b141874f2882e2702a680028495a24ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d610eda-ef37-23db-5392-e858d0d0d62e}\SETB87A.tmp

Filesize
13KB

MD5
169a8d5990a892c7dbcae7394c949361

SHA1
e21df35b990c301d809e43432d9b88c95183960a

SHA256
afd0d88cd2cf968cac8036ddc0479c5682199fd573249875db5a7bf0541c0d48

SHA512
ca4d0f34101be6c1388908d4dce2686a09dd4b928d9b79c9885b2cbe345edb4e6e0abb3d83c87d2b8c6568b559520f97a73f738d813fa156224367df9407c6ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d610eda-ef37-23db-5392-e858d0d0d62e}\SETB87B.tmp

Filesize
319KB

MD5
125ae13c293889001b8456cf3eb04a40

SHA1
cb489b9c1e74a4b9c1642e25758f0fbc7b30f429

SHA256
eb4b7135691935a9ac515099ed8c2767bc02308068ab9beb2869b6e841268848

SHA512
40c9c3a731a3b16ce7d0d70373573dda83c3a627df8170be76c6136d4588921e368af7ca533d8be33cbeb14d52c825996ae9f2ff6c76a9b35b5ef3ebd9fd013d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d610eda-ef37-23db-5392-e858d0d0d62e}\SETB87C.tmp

Filesize
15KB

MD5
4a503882318bb2f59218d401614e6af6

SHA1
5b343f6dce722b6449760becedb956ffdf49ba28

SHA256
678fde29eae20353e780f53cfb9e79ea8b43e1e8bac77890c178918dc5ccba0e

SHA512
45ddeaef3d757b5558f7cd01f9a7ecf01ade438ba5e4b64da70868484a9ee73cf467735ebbf2e7937ae7ecc18b5140c42eeab25bee3be49d305af51e41bef3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d610eda-ef37-23db-5392-e858d0d0d62e}\SETB88D.tmp

Filesize
33KB

MD5
9905222afb5556dd788c9cf70df1701a

SHA1
86e965b69e070fe71654fe1fdd86c95159e5d5c1

SHA256
f9bd5f4876a44622301633b88777aef80768f3b11d5d5b22be29839fe9ab06fa

SHA512
144cc6cafaa1cd78b0455d683985e3e456b47c6a6400adacde8a3a85c795a5e63e43592b411f07e0093152d4302c08a8623e2349d3f3d9c0229a60229ab5c21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\ISBEW64.exe

Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\VASData.ini

Filesize
30B

MD5
b16ff78e4420d4049da82fffe3026d31

SHA1
612be1fde59d3d4534a4d8e0947b65060ed6146b

SHA256
029f695d7a558a0070bdb42c07d35c7ae436fbd0688079b7ada58093505d9579

SHA512
8042f5a1f12ef644b7def42c52c90a252ff4a6c099956530cff8147daf2edd8934f5bc79bb560f550d47755fead71a1d0fbe7d52fdc0fb30a0ad64471beaaf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\_IsRes.dll

Filesize
337KB

MD5
de4b0a2dc916691ee9422c63f84c6e56

SHA1
d3c2e96115a5949c6f5853fb76b804c4c54dc906

SHA256
c7ca1ed3e3013647b0ff36de48f5fca9a0c5454572ed9aeac5846f21f5373b6a

SHA512
91902664e59eabfe659c7f1455b73a7f6bd0018d8a9a69b56df5c81d3f78c95b0e66e67671202227125392f8e22a1e57ddf27684ed69ee2619741353bb4f75a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B6E97AD7-6BB8-4CB1-8B2C-C72945B3FF19}\{53E324B1-01E2-4820-8322-403D83E65EDE}\setup.inx

Filesize
491KB

MD5
7585092cc048a2ffa298ba44dba8fac7

SHA1
56934eba90f8bb5008f0bedd6b0ff4b5a1c35833

SHA256
fb51462330328b66ae81c98c0edc164988a20dc1ebf565ab147197bd09671bed

SHA512
a2b910b767c99b0e3f51677bf8fb7ca99c302cdb2039121c4247870379fee11f56a089ebfffecf41f17bb6e60c4e69e9a7a04730d0b23f2c993dde4458f1c497

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\ISSetup.dll

Filesize
542KB

MD5
c5b13b3c260393e7d64506b7399a2a11

SHA1
ccb144bf111b97ac96d36fa890d1468d4f50f384

SHA256
508022bc8b0473aa960694fe4fe82bb98485dc9958a2bd2c7f6604bd60387213

SHA512
39fd52172e82e90b1bf3fc1fb46c8dc5720492657ec462e54436a4e271b1fdd2920710a327bc2a02dee514f63bc2860af914d96d91cc172e8be72810a02d9a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\Update64.exe

Filesize
136KB

MD5
2992d99f7dc97d8cb03fedac8e386a2b

SHA1
08b3bca150608e2a0c1d0fb4dbce86b42c822419

SHA256
c6241bddef8b0eb1494146f7cdeb2aceb973db7acc90d27a9127750615ede5f0

SHA512
60513a3c0ec15de328d23bd82a464441a9a23847a317fac6c127ca0c2908ec6effe7163a5cb94bf0d01fdfba9fa1d12ecff1753ab528a1cf7b32766a7a6ccbe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\_Setup.dll

Filesize
325KB

MD5
7de2d19c870587b8ffc5a446e9b6e29a

SHA1
4818065b55bbe0469cb2135197d69caae359ac63

SHA256
35eef33d1890a6e34d647f86f24c730b4f741c9d33fcce01cfb12d2b8e55b5d1

SHA512
bf2258b84f497e40670aac594e20f5a508cf603235f2cdd73e0c4e74613ece46468571b1beeaab5065ce214675e846a0641c9cb812b8e1fdf33a6ae0237ed3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\data1.hdr

Filesize
23KB

MD5
06283f6b4b05a233a7dea8d9decbd909

SHA1
8ebb3c078abadda8ef580ff59c14a71ffc0af9ae

SHA256
9da885a47a4093b951af84ef96298f68d0f79758648236a023abc4dcec17fc28

SHA512
3f17f0172a9287b16fd9c0427812d3104914c87029a13ddb8037b7c89be7ce5ed819892cd02ef63c73b467e34fae3410b84929009554e9bad3604599fcf5e5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\Disk1\setup.exe

Filesize
384KB

MD5
bc49243557991ac42fcc01b8e3bb05d2

SHA1
a7e88e8d743ff63e0c45332d27b0a502101e190b

SHA256
1e3bae1ac3aebb97580a63787f321a3f4004ab072da7a3cd20eb1c4f1ccbcfa7

SHA512
290274e0b245797a6dc30e08a4aba7095f59eaf0124b4bfe5817a657243fc4cdd57060f2985f7c3bb586425cb58f419f1d0c45e18f8e5650484dc35381ad2a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C38D5C8D-4098-452C-B82D-542CD41A5B34}\setup.ini

Filesize
725B

MD5
75284679e4ca2d803bf14a52e60a8884

SHA1
26fcda8c43c7455bdd3a52a8cda55a9227493cfc

SHA256
5f33dd04668e55cdbdd03b90b4a5813393bbc678a196f85765a6259023bb7ee0

SHA512
05677ec76b57e43be084c0fa7d9cc75a822495a401bb6d2f11916cec1f163a4268fb8d5279fb6301ff5fac72c404cf03cd19377cad197151d52ea942f0d9149b

Download Submit
C:\Windows\Installer\MSI21EA.tmp

Filesize
281KB

MD5
f51b5bd26a5bd8ab5268f3bd75426b1a

SHA1
5624e49ab51e20dc169c217dc2afbdcd40aadea9

SHA256
985061550fcc4f84655c3538b03794c72137779f8affb379a4f6a0c64f03048f

SHA512
b7c2cad13538f0192c46db8947d2ff3575f055b0b03eb7f877c8e6445352ea80aa4fc41df2c6905b7b5889e9a473743124a087467b8544555f5f8be99c5420c2

Download Submit
C:\Windows\Installer\MSI3330.tmp

Filesize
75KB

MD5
f3ae0a211939d0d997e288ced1b33718

SHA1
d16db2c6a07fa16b23c9fb343a48e3c523bca2b2

SHA256
b392ed62a18d67e8fd2b07f4f48f4814fa65b103c85cabe6c719a99109aa951e

SHA512
532a58729b96bb0b69ee1a75be031eda5f3f20a9b0c648af12b1a6be1baea3a6bd5093adb8bb2fa2b8e0adc796204a0d227ddece56f206db641eca9a0b97c853

Download Submit
C:\Windows\Installer\MSI86F7.tmp

Filesize
500KB

MD5
1c5b9f81d72cf1037ad4bf9ff1634eb3

SHA1
59effd757c89087c5ad6691e39c09b90c8868a15

SHA256
55a83134ce7424a7c74f21ae2e72ed91a973f6e38675a50795821c3a1b44eced

SHA512
aab525bdc950f7f1b2d48cef136c9d2a53a9bd261fef5248a8ca2bb759356364d7f9791eac1c6c53af7bd364928d8f86cc23bb5182e357f69505b8393d9be482

Download Submit
C:\Windows\Installer\MSI8D65.tmp

Filesize
147KB

MD5
41ba5ac31360bc70323117a3f03b7a6e

SHA1
4151814226cc9747ad04d9f89ff9bcba95d379c0

SHA256
0cc678ea9cee242092bdbdc48437b440a02e1b399dcbdedbef26f919e9d581aa

SHA512
a6b3cad7e44900977c2d3e4dadd50895d7eb4c229f63b47d6f4058fedd6f8731bdf10c17e0cd46e557d72db31ae7af389e6d0d39de07b1a61d998683881cc389

Download Submit
C:\Windows\Installer\{987FE247-4E69-4A2E-A961-D14F901FDBF6}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe

Filesize
56KB

MD5
80611fc36a3082184a99050b49827eb7

SHA1
e8b1086842741a43080705058aba2ae8105cd3b7

SHA256
1584e15bcc00baabcbad03d336c9956d1be78444430bea30ca28c5417ec0ff63

SHA512
0019a3b7910c3784b8379132d9905e84d2e8c4e980018519e4a4e77623d81e45bb4d81cdf9211892d6893fdf815bd9da64201bc1ebdc70f124dfadbb0afe603e

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
194KB

MD5
ad721076034240687ae17a14e2edc8d0

SHA1
74a1c742c6e9764bd1e664ee71418b6570a01345

SHA256
767c697d5dc2b260c22b758d8b2353461c6e136ac0f51f777e0d73a2a114f11e

SHA512
ad1d6599bdf3b433bf2a4dc43c74ada384e082730ca1eb8e56ac61931722e641ed4c2e2b050d7b0fc11f59605255431327e10a331aef62513f8d4acef1657082

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
ea18aba411c8e118a9c3a1a64b2b69b7

SHA1
85974648285a3928384d4fb68d73d78f44b58831

SHA256
02b83f4510d7f9b603d5da9e240ce6c88da2809d9bb700f143f52628b604fb02

SHA512
2d7db5cdebaf3a0add42b888ec74f9ac8416fc285c552ac6d118d968494d1325ec879d4a5b8331ff9ed4aea0fd847b07e7b5d0834c36551cce902de8ce539115

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
8bbd68298373c6b65fe62cfc6ac5c505

SHA1
9e6d20dc42fa835e0b338fecadb92676c91b70dd

SHA256
33b6df835114f1f960ddb94c3f8f7831bc2959df4810451fe3f1e09c15161cf9

SHA512
27b68bfb768795952ca8bb2c2351e16815cfb67e7fac1eb29fc6eb6fb7363981d28827b88a11fae54b8e2a6dfe6327393bc2fd83e747d069b839c275d401e0d9

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
966B

MD5
88bbc572953e1320b6d1f346929e6fbf

SHA1
348efa1e33773c1e9048e4bb5cb25e7e8e0e6e9c

SHA256
b50ca3efdbdcaa8f04070a8c63e6c66226d3b8089f6d2351aacbddfe6fe0844e

SHA512
a845e05e9afb4c77a0f751c760e4bd49cc73cb51c04ad72f5c3ca27ef48b6c62d8f2b2304e2204091a34ad36a661d661687204e4335ba1557aaa7c60ab60fe42

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
e5f7002ca994bef91b470e82194e4b7e

SHA1
65acd523a40fcb3d4ccdadfe9199495fa56942ca

SHA256
40e34a1303d0ee91b3a170aa4bf9056a1508a73ac1d2891e641693cd757bf7ba

SHA512
76b2dc4c138f19e2cce128c408b3f57b75fd61590d56302d825ce48f2494a37adbd26b75bae59a7d2d60108562ee5cc9b8bbe1ea19390fffaf75a9ad6b455988

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
963B

MD5
b8d92cc157d4cba524fd73a8df3d7833

SHA1
f0b5089015ca59952b57ae523176d15b7ad4c0b9

SHA256
8433799dba6e57c0fed2132b9356355b670ea2e880087896dc576886cc7ab432

SHA512
43d5bfdd6d7dfb54f31ca8d3d873f8aa7f3178daeb1113599ea4e454d85f99b373ee8e9a5bd50feb17510def208869e727968ab522d24907f98bd77690eaf7f6

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
3KB

MD5
d03fa82ad028a4f2973bb6a7060032da

SHA1
af8717308f8f561a4f0dabd879d7b1eac7562211

SHA256
bd219fa4faad1c2c83169787516ad06ba7d4d9580b63b170623a3a9781664ab3

SHA512
00cd92f2c39c51cb3ced36ab7b35bb649ea76b64fdc0c0ab56f9a5946d342a11f074e0e7db7750cdf5f15098e89c8187531e67f552bc92cf1f845dd902e5447d

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
f13d0a2018c2c2e0336df7035adddc32

SHA1
c0c95839c2a73994a8967178655e2cb0795f6812

SHA256
3c6602c3fe02d6f9a0642bdceee912a37c5f9775049c3ef5a63a1a9262991846

SHA512
84f972ed3c1666f01574bf979c6706b2e2ee88a512426ddd73d594adf7cf9f1f53ceb241b8bedc53fd9bace8c88c3652dd800f02f58e21f9f0491295f9f98377

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
963B

MD5
571653974c02c03d830e4aa5e1e9a529

SHA1
290a9a623bcfc9b4ccee6f802e030a003f96baf3

SHA256
f7605f701e23c81821cbb10b56f41752f8f084ed40274e84faaae7e9cd70f2b1

SHA512
16e598fde8e3c5dd1c3a19fd9e974c5f4d8194593db2b4d8f609ea827c5c47cc329ab979da27c07ebc30071d9166cae35a4a4b0d51c2649875695e5ba41423b9

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
a471db8beb7efbe507e28bdfc4bbaf4a

SHA1
fe5a7b25a49ca90a522e0493e297d91e838a2ae8

SHA256
f6ed7b0c93609e2225ea81705cc6a2cea52bc725c89e3f75b5e9aae27a26963f

SHA512
7fed5ef2af0bd579fce69fb8222a82c0c7530d79a6b2881ea8d76ce4a876f99a6d4f3e94bbc23b52170ad1ce349814600ffb1947affed1ad741ef853e18fe9e4

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
6bb5e5e4fd8e5f35592cc287ae5ad862

SHA1
9c3ffcc96ea506110c9460ccf4fe31ffc1ff9cf8

SHA256
99049f21bc24394efca6b5fa509ae64f815a02c647afb7c1de0f96835c6736d9

SHA512
e5c2f12d7e40d5dfc3dc8a21fbc674fed6e7eaf5dc1c97fca2b194780f8ca394c72d1f9c70856ea56296db6dfa3c587212988fcb79143a8d8cfe089e3d8472ae

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
966B

MD5
d21120e282d5104645abfd91c5e570ca

SHA1
aca7792c0942bbe11b683a720b09ec8bedc069bd

SHA256
0d6990992446ac828c9e853ed239b940538f9f69bbf99b88008bf6b8f88562d4

SHA512
1b99e8c5179fb1cc114c1f767c3a95ab7ffa77e51f28516255bfc4ad42705e8bc158714c2ae2aecb25a576f13274a3de98b04be48b1ca41a716c45898c64dedc

Download Submit
C:\Windows\inf\setupapi.dev.log

Filesize
4KB

MD5
ccf5bb1c81f940c1e45e20cac1cee9f4

SHA1
30bc4e2a11154d18f2712379081471ea0bff9490

SHA256
a3ce73eec8c47977f56c15ec5486d0d82055833f9699e576434c372dbe6c3243

SHA512
dd6965f238e4f56d31b08817521be2f22cefdf6ac745c52f64a3a5d0f9d1a95f7906961dc74eb51c1ffc303975213e97837f2c8b5ae6587ce2415b617ef0fb81

Download Submit
C:\Windows\inf\setupapi_logidevtemp.log

Filesize
2.3MB

MD5
708d150b6582b4af95bdbfbeaf2b55c0

SHA1
9952341b32dc5f4593b0b1d07555bfa04c702df1

SHA256
ea52af07f9d64f4602f4194cd53fa9c697373679e4cab8f06d7455e0611951ea

SHA512
5a32b028c1b9deef51969a960f04dc0ef6f4f862d97dadcc5bd1b9aabab1c23aad32f04697ef28de1af9cb3fa0163f6bda7b4061f1d41b39ffce3b5205aff416

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup.exe

Filesize
325KB

MD5
8ea0c0d5d191f2e73a346dcc6e33a1d6

SHA1
6dac36758639f658be01acea46d1271de3c952eb

SHA256
1d067ab808c0df40474c712b5c800414254a93df102569795f195f31cef96911

SHA512
a2728b1c70257275a2f84f3d857f4cdb48bc178d5285e6eed88eb3692e1331f309ad5e2d8f451d7fd127ce7b7565c3d3de7409f3fea45ba88cec9c6bb9b35b28

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\SetupDll.dll

Filesize
61KB

MD5
19dd9d58074097f7217223756a77a2c7

SHA1
a1b9b2334ab2cf4977538acdd0c204348410243d

SHA256
685aa3ad17112bb2d57009751f5f0fc1105b52f232406cf77e65208e218264dc

SHA512
8fef4562ec9bfbaf129669c1173e574d58b13956a0aa3148a050e4d5a6e6cc846c8423382c836365f720fa5f0443fbd88d14868c714911c60e190a896efb17b1

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\plug-ins\hwsetup.dll

Filesize
605KB

MD5
cf2d1bb5ade968fb0ecf849a55c8397e

SHA1
9f8de9700f9a2c53f217aa692cbb9a9d946c9b3c

SHA256
8718b7001411ee8e5bd2b510135623a2c99549302cb75820be4fc5dd39d88219

SHA512
71fe4c62728f6629b747495d3ad70e3dbb3fc8816bda1796ca9cd78f40f4aa5400bd890cee007f4f6b001728e67d78c2065c212301bd08a699df4efb2afe3779

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech_Webcam_1.10.1113.0\Setup\plug-ins\msiexprdll.dll

Filesize
221KB

MD5
05d2c5c59dd38e652c25775571b20665

SHA1
158933ea0a4e7dd7d25e6a7370af1e52a37519bf

SHA256
87b06cdbcdb3bdacdffdd51ab5344082725dd01625a9c29c6972da74bfb99764

SHA512
47fc42be80e40c6340526c46ac887570e24b36db270d623d5e64e6c133630f5006ac8350891581baaa10f377c13fd6760c26fca604d590ac257b6b32dd8d41ff

Download Submit
memory/2552-1162-0x0000000002A00000-0x0000000002A9C000-memory.dmp

Filesize
624KB

Download
memory/2552-1150-0x0000000001E10000-0x0000000001E4A000-memory.dmp

Filesize
232KB

Download
memory/3136-8185-0x0000000004740000-0x000000000483C000-memory.dmp

Filesize
1008KB

Download
memory/3136-8213-0x0000000068700000-0x0000000068AB0000-memory.dmp

Filesize
3.7MB

Download
memory/3136-8214-0x000000006A540000-0x000000006A575000-memory.dmp

Filesize
212KB

Download
memory/3136-8174-0x0000000000330000-0x0000000000379000-memory.dmp

Filesize
292KB

Download
memory/3136-8173-0x0000000000B70000-0x000000000163F000-memory.dmp

Filesize
10.8MB

Download
memory/3136-8176-0x0000000000380000-0x00000000003C0000-memory.dmp

Filesize
256KB

Download
memory/3136-8178-0x000000006A540000-0x000000006A575000-memory.dmp

Filesize
212KB

Download
memory/3136-8177-0x0000000068700000-0x0000000068AB0000-memory.dmp

Filesize
3.7MB

Download
memory/3136-8179-0x00000000009C0000-0x00000000009E4000-memory.dmp

Filesize
144KB

Download
memory/3136-8184-0x00000000035D0000-0x0000000003603000-memory.dmp

Filesize
204KB

Download
memory/3568-8224-0x00000000006C0000-0x0000000000741000-memory.dmp

Filesize
516KB

Download
memory/3616-7904-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3616-7891-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3680-8248-0x0000000002000000-0x0000000002081000-memory.dmp

Filesize
516KB

Download
memory/3780-8273-0x00000000009B0000-0x00000000009D4000-memory.dmp

Filesize
144KB

Download
memory/3780-8278-0x0000000068700000-0x0000000068AB0000-memory.dmp

Filesize
3.7MB

Download
memory/3780-8279-0x000000006A540000-0x000000006A575000-memory.dmp

Filesize
212KB

Download
memory/3780-8267-0x0000000000BC0000-0x000000000168F000-memory.dmp

Filesize
10.8MB

Download
memory/3780-8268-0x0000000000290000-0x00000000002D9000-memory.dmp

Filesize
292KB

Download
memory/3780-8272-0x000000006A540000-0x000000006A575000-memory.dmp

Filesize
212KB

Download
memory/3780-8271-0x0000000068700000-0x0000000068AB0000-memory.dmp

Filesize
3.7MB

Download
memory/3936-1724-0x0000000004570000-0x00000000045F8000-memory.dmp

Filesize
544KB

Download
memory/3936-6388-0x0000000002210000-0x00000000023AA000-memory.dmp

Filesize
1.6MB

Download
memory/3936-6389-0x0000000004570000-0x00000000045F8000-memory.dmp

Filesize
544KB

Download
memory/3936-1662-0x0000000002210000-0x00000000023AA000-memory.dmp

Filesize
1.6MB

Download