LogiCameraSettings_2.12.8.exe
This report is generated from a file or URL submitted to this webservice on December 3rd 2020 16:32:59 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.45.3 © Hybrid Analysis
Incident Response
Risk Assessment
- Persistence
-
Modifies auto-execute functionality by setting/creating a value in the registry
Spawns a lot of processes - Fingerprint
-
Queries kernel debugger information
Reads the active computer name
Reads the cryptographic machine GUID - Evasive
- Marks file for deletion
- Network Behavior
- Contacts 3 domains and 6 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Additional Context
Related Sandbox Artifacts
- Associated URLs
- hxxps://download01.logi.com/web/ftp/pub/techsupport/cameras/Webcams/LogiCameraSettings_2.12.8.exe
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 6
-
General
-
The analysis extracted a file that was identified as malicious
- details
-
1/90 Antivirus vendors marked dropped file "qicns.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/92 Antivirus vendors marked dropped file "testServiceLayer.exe" as malicious (classified as "Malware" with 1% detection rate)
1/91 Antivirus vendors marked dropped file "qwindows.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/91 Antivirus vendors marked dropped file "qnativewifibearer.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/68 Antivirus vendors marked dropped file "qsvgicon.dll" as malicious (classified as "Unsafe" with 1% detection rate)
1/82 Antivirus vendors marked dropped file "qwbmp.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/81 Antivirus vendors marked dropped file "WinSparkle.dll" as malicious (classified as "Malware" with 1% detection rate)
1/93 Antivirus vendors marked dropped file "vcredist_x86.exe" as malicious (classified as "Malware" with 1% detection rate)
1/92 Antivirus vendors marked dropped file "ServiceLayer.exe" as malicious (classified as "Malware" with 1% detection rate)
1/92 Antivirus vendors marked dropped file "qgenericbearer.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/91 Antivirus vendors marked dropped file "qwebp.dll" as malicious (classified as "Unavailable" with 1% detection rate)
1/71 Antivirus vendors marked dropped file "UserInfo.dll" as malicious (classified as "Malware.Generic" with 1% detection rate)
1/70 Antivirus vendors marked dropped file "LogEx.dll" as malicious (classified as "Malware.Generic" with 1% detection rate)
1/70 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Malware.Generic" with 1% detection rate)
1/70 Antivirus vendors marked dropped file "AccessControl.dll" as malicious (classified as "Malware.Generic" with 1% detection rate)
1/58 Antivirus vendors marked dropped file "VideoServiceInstall.exe" as malicious (classified as "Malware.Generic" with 1% detection rate) - source
- Binary File
- relevance
- 10/10
-
The analysis spawned a process that was identified as malicious
- details
-
1/58 Antivirus vendors marked spawned process "VideoServiceInstall.exe" (PID: 1012) as malicious (classified as "Malware.Generic" with 1% detection rate)
1/92 Antivirus vendors marked spawned process "ServiceLayer.exe" (PID: 2428) as malicious (classified as "Malware" with 1% detection rate) - source
- Monitored Target
- relevance
- 10/10
-
The analysis extracted a file that was identified as malicious
-
Installation/Persistence
-
Drops executable files to the Windows system directory
- details
-
File type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" was dropped at "%WINDIR%\SysWOW64\vcomp120.dll"
File type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" was dropped at "%WINDIR%\SysWOW64\vcamp120.dll" - source
- Binary File
- relevance
- 7/10
- ATT&CK ID
- T1036 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns a process via the service control manager
- details
-
Process "msiexec.exe" with commandline "/V" (Show Process)
Process "ServiceLayer.exe" (Show Process) - source
- Monitored Target
- relevance
- 3/10
- ATT&CK ID
- T1050 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops executable files to the Windows system directory
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "13.249.90.199": ...
URL: https://d1yjpjoftc2be6.cloudfront.net/mag (AV positives: 1/80 scanned on 10/28/2020 16:51:41)
URL: https://d1yjpjoftc2be6.cloudfront.net/mag/brastub6ab_amobl_inst.exe/ (AV positives: 4/80 scanned on 10/23/2020 02:41:56)
URL: http://tbar.alexa.com/9.0.0.31/Alexa.9.0.0.31.exe (AV positives: 1/79 scanned on 10/01/2020 12:21:59)
URL: http://p6.360img.cc/ (AV positives: 1/79 scanned on 09/23/2020 14:49:13)
URL: https://d1pk1h168vvtrk.cloudfront.net/ra7u1au)nj6nq/CleanMaster.exe (AV positives: 1/79 scanned on 09/19/2020 23:32:09)
File SHA256: 41968cc41ce9329d8a235e2a9a375c31f807297e88e3eb9098456502ff5a1a22 (AV positives: 56/74 scanned on 10/14/2020 08:08:40)
File SHA256: 630efb15ed0b4fbf3546f757e9228195ede7544e7579597912711474167fb17e (AV positives: 28/74 scanned on 09/18/2020 08:39:01)
File SHA256: fd74eef5cf4f916cbeb1a442e7d563fa420d40cb638163acedde67652c2c908d (AV positives: 27/74 scanned on 09/18/2020 05:44:22)
File SHA256: 7ed2f03084705b1b51b26cdefafe97f9291fef270d158d670a832796ba0be4a4 (AV positives: 27/74 scanned on 09/17/2020 12:35:39)
File SHA256: 60c6a2339fe49a98a73f4104b01d328fd1feb5c7adb714f2b51ac2a89546229a (AV positives: 21/73 scanned on 09/16/2020 14:50:18) - source
- Network Traffic
- relevance
- 10/10
-
Malicious artifacts seen in the context of a contacted host
-
Unusual Characteristics
-
Spawns a lot of processes
- details
-
Spawned process "LogiCameraSettings_2.12.8.exe" (Show Process)
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart" (Show Process)
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart -burn.unelevated BurnPipe.{4DAE052F-E748-4590-A076-4CE91755AAFA} {A4F7E4BE-F942-4B16-B42A-F19CC2F8FB68} 3236" (Show Process)
Spawned process "msiexec.exe" with commandline "/V" (Show Process)
Spawned process "VideoServiceInstall.exe" with commandline "/S" (Show Process)
Spawned process "ServiceLayer.exe" (Show Process)
Spawned process "DismHost.exe" with commandline "{C51F6FE7-AA6B-49A0-ABC5-6F41121ADC05}" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Spawns a lot of processes
-
Suspicious Indicators 23
-
Anti-Detection/Stealthyness
-
Queries kernel debugger information
- details
- "ServiceLayer.exe" at 00073995-00002428-00000033-4144869
- source
- API Call
- relevance
- 6/10
-
Queries kernel debugger information
-
Anti-Reverse Engineering
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
- details
- "ServiceLayer.exe" is allocating memory with PAGE_GUARD access rights
- source
- API Call
- relevance
- 10/10
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
-
Environment Awareness
-
Queries the installation properties of user installed products
- details
-
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\21EE4A31AE32173319EEFE3BD6FDFFE3\INSTALLPROPERTIES")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\22BEFC8F7E2A1793E9ADB411DEFE1C58\INSTALLPROPERTIES")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\22BEFC8F7E2A1793E9ADB411DEFE1C58\INSTALLPROPERTIES")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\21EE4A31AE32173319EEFE3BD6FDFFE3\INSTALLPROPERTIES")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\68AB67CA7DA73301B744CAF070E41400\INSTALLPROPERTIES")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\68AB67CA7DA73301B744CAF070E41400\INSTALLPROPERTIES"; Key: "LOCALPACKAGE"; Value: "00000000010000003E00000043003A005C00570069006E0064006F00770073005C0049006E007300740061006C006C00650072005C00640036006500370066002E006D00730069000000") - source
- Registry Access
- relevance
- 10/10
-
Reads the active computer name
- details
-
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"vcredist_x86.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"msiexec.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"VideoServiceInstall.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"ServiceLayer.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"DismHost.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME") - source
- Registry Access
- relevance
- 5/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the cryptographic machine GUID
- details
-
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"ServiceLayer.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"DismHost.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries the installation properties of user installed products
-
General
-
Reads configuration files
- details
-
"LogiCameraSettings_2.12.8.exe" read file "%USERPROFILE%\Desktop\desktop.ini"
"VideoServiceInstall.exe" read file "%PROGRAMFILES%\(x86)\desktop.ini" - source
- API Call
- relevance
- 4/10
-
Reads configuration files
-
Installation/Persistence
-
Drops executable files
- details
-
"DISMHOST.EXE.5FC917D8.bin" has type "PE32+ executable (GUI) x86-64 for MS Windows"
"devconx32.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"qicns.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"testServiceLayer.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"mfc120jpn.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"qwindows.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qnativewifibearer.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qsvgicon.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qwbmp.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vcredist_x86.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"mfc120.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"nsProcess.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"WinSparkle.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"ServiceLayer.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"qgenericbearer.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"mfc120esn.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"qwebp.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"UserInfo.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"Qt5MultimediaWidgets.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 10/10
-
Modifies auto-execute functionality by setting/creating a value in the registry
- details
-
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE")
"vcredist_x86.exe" (Access type: "SETVAL"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE"; Key: "{F65DB027-AFF3-4070-886A-0D87064AABB1}"; Value: ""%ALLUSERSPROFILE%\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /burn.runonce") - source
- Registry Access
- relevance
- 8/10
- ATT&CK ID
- T1060 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops executable files
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?lu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17"
Heuristic match: "GET /logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?lu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17 HTTP/1.1
Host: updates.logitech.com
Connection: Keep-Alive"
Heuristic match: "/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig%3flu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17" - source
- File/Memory
- relevance
- 3/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
-
TCP traffic to 23.63.245.51 on port 80 is sent without HTTP header
TCP traffic to 52.94.29.212 on port 443 is sent without HTTP header
TCP traffic to 54.161.42.116 on port 80 is sent without HTTP header
TCP traffic to 13.249.90.199 on port 80 is sent without HTTP header
TCP traffic to 52.94.29.8 on port 443 is sent without HTTP header
TCP traffic to 52.94.28.58 on port 443 is sent without HTTP header - source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1043 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
System Destruction
-
Marks file for deletion
- details
- "C:\LogiCameraSettings_2.12.8.exe" marked "%TEMP%\nsmD5B6.tmp" for deletion
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1107 (Show technique in the MITRE ATT&CK™ matrix)
-
Opens file with deletion access rights
- details
-
"LogiCameraSettings_2.12.8.exe" opened "%TEMP%\nsmD5B6.tmp" with delete access
"vcredist_x86.exe" opened "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\vcRuntimeMinimum_x86" with delete access - source
- API Call
- relevance
- 7/10
-
Marks file for deletion
-
System Security
-
Modifies Software Policy Settings
- details
-
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CERTIFICATES")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CRLS") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Modifies proxy settings
- details
-
"ServiceLayer.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"ServiceLayer.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"ServiceLayer.exe" (Access type: "SETVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"ServiceLayer.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"ServiceLayer.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Modifies Software Policy Settings
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"LogiCameraSettings_2.12.8.exe" wrote bytes "711108027a3b0702ab8b02007f950200fc8c0200729602006cc805001ecd04027d260402" to virtual address "0x750107E4" (part of module "USER32.DLL")
"LogiCameraSettings_2.12.8.exe" wrote bytes "d055b6756473bf750000000051c11b7594981b75ee9c1b7575dc1d75273e1d750fb321750000000085487b7569877b750f777d75d9177b75ead77c75a9347b75f8117b7520147b754cbc7d75f5167b7554147b75ff107b7532147b7500000000" to virtual address "0x734F1000" (part of module "SHFOLDER.DLL")
"vcredist_x86.exe" wrote bytes "b880111773ffe0" to virtual address "0x75A81368" (part of module "WS2_32.DLL")
"vcredist_x86.exe" wrote bytes "711108027a3b0702ab8b02007f950200fc8c0200729602006cc805001ecd04027d260402" to virtual address "0x750107E4" (part of module "USER32.DLL")
"vcredist_x86.exe" wrote bytes "b4360200" to virtual address "0x748D4D68" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "68130000" to virtual address "0x75A81680" (part of module "WS2_32.DLL")
"vcredist_x86.exe" wrote bytes "a0111773" to virtual address "0x754CE324" (part of module "WININET.DLL")
"vcredist_x86.exe" wrote bytes "0efc067781ed0577ae860477c6e00377effd06772d160577c0fc0277da8f0d7760140777478d0477a8e203776089047700000000ad37a8758b2da875b641a87500000000" to virtual address "0x72E81000" (part of module "WSHIP6.DLL")
"vcredist_x86.exe" wrote bytes "b4360200" to virtual address "0x748D4EA4" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "7d07077781ed0577ae860477c6e00377effd06772d16057760140777478d0477a8e203776089047700000000ad37a8758b2da875b641a87500000000" to virtual address "0x72E91000" (part of module "WSHTCPIP.DLL")
"vcredist_x86.exe" wrote bytes "b4368d74" to virtual address "0x748E01E4" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "d83a8d74" to virtual address "0x748E01E0" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "b4368d74" to virtual address "0x748E0200" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "b4368d74" to virtual address "0x748E025C" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "d83a8d74" to virtual address "0x748E01FC" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "c0df03771cf90277ccf802770d64047700000000c0117b7500000000fc3e7b7500000000e0137b75000000009457687525e00377c6e0037700000000bc6a677500000000cf317b750000000093196875000000002c327b7500000000" to virtual address "0x74B51000" (part of module "NSI.DLL")
"vcredist_x86.exe" wrote bytes "b890121773ffe0" to virtual address "0x748D3AD8" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "d83a0200" to virtual address "0x748D4E38" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "d83a0200" to virtual address "0x748D4D78" (part of module "SSPICLI.DLL")
"vcredist_x86.exe" wrote bytes "d83a8d74" to virtual address "0x748E0258" (part of module "SSPICLI.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads information about supported languages
- details
-
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"vcredist_x86.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"msiexec.exe" (Path: "HKCU\CONTROL PANEL\INTERNATIONAL"; Key: "LOCALENAME")
"VideoServiceInstall.exe" (Path: "HKCU\CONTROL PANEL\INTERNATIONAL\GEO"; Key: "NATION")
"ServiceLayer.exe" (Path: "HKU\CONTROL PANEL\INTERNATIONAL"; Key: "SYEARMONTH")
"ServiceLayer.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409") - source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
-
Hiding 7 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 27
-
Environment Awareness
-
Queries volume information
- details
- "vcredist_x86.exe" queries volume information of "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png" at 00070440-00002412-00000046-4118066
- source
- API Call
- relevance
- 2/10
- ATT&CK ID
- T1120 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the registry for installed applications
- details
-
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LOGIUCDPP")
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LOGIVIRTUALCAM")
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LOGICAMERADEFAULTS")
"LogiCameraSettings_2.12.8.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\LOGICAMERASETTINGS_2.12.8.EXE")
"LogiCameraSettings_2.12.8.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\LOGICAMERASETTINGS_2.12.8.EXE")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADDRESSBOOK")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE AIR")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER ACTIVEX")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE SHOCKWAVE PLAYER") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries volume information
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/65 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Accesses Software Policy Settings
- details
-
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CRLS"; Key: "") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Accesses System Certificates Settings
- details
-
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\MY"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\104C63D2546B8021DD105E9FBA5A8D78169F6B32"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\1FB86B1168EC743154062E8C9CC5B171A4B7CCB4"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\247106A405B288A46E70A0262717162D0903E734"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\339CDD57CFD5B141169B615FF31428782D1DA639"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\5AEAEE3F7F2A9449CEBAFEEC68FDD184F20124A7"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\902EF2DEEB3C5B13EA4C3D5193629309E231AE55"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\C86EDBC71AB05078F61ACDF3D8DC5DB61EB75FB6"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\E3FC0AD84F2F5A83ED6F86F567F8B14B40DCBF12"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\EAB040689A0D805B5D6FD654FC168CFF00B78BE3"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FF67367C5CD4DE4AE18BCCE1D70FDABD7C866135"; Key: "BLOB")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"vcredist_x86.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
- details
-
"updates.logitech.com"
"d23iz4esrwkib6.cloudfront.net"
"dynamodb.us-west-2.amazonaws.com" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"23.63.245.51:80"
"52.94.29.212:443"
"54.161.42.116:80"
"13.249.90.199:80"
"52.94.29.8:443"
"52.94.28.58:443" - source
- Network Traffic
- relevance
- 1/10
-
Creates a writable file in a temporary directory
- details
-
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dll"
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\thm.xml"
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\thm.wxl"
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png"
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf"
"vcredist_x86.exe" created file "%TEMP%\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\BootstrapperApplicationData.xml"
"ServiceLayer.exe" created file "%WINDIR%\Temp\LogiDFULibUpdate\ServiceDFUNetLib.log" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\L"
"L"
"\Sessions\1\BaseNamedObjects\Global\WindowsUpdateTracingMutex"
"\Sessions\1\BaseNamedObjects\Global\MSILOG_65e14f6b1d6c98agol.68x_muminiMemitnuRcv_0_20736130210202_68x_tsidercv_dd_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"\Sessions\1\BaseNamedObjects\Global\MSILOG_83f176431d6c98agol.68x_lanoitiddAemitnuRcv_1_20736130210202_68x_tsidercv_dd_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"Global\_MSIExecute"
"Global\WindowsUpdateTracingMutex"
"Global\MSILOG_65e14f6b1d6c98agol.68x_muminiMemitnuRcv_0_20736130210202_68x_tsidercv_dd_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"Global\MSILOG_83f176431d6c98agol.68x_lanoitiddAemitnuRcv_1_20736130210202_68x_tsidercv_dd_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"\Sessions\1\BaseNamedObjects\Global\_MSIExecute"
"\BaseNamedObjects\Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511"
"\BaseNamedObjects\Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "DISMHOST.EXE.5FC917D8.bin" as clean (type is "PE32+ executable (GUI) x86-64 for MS Windows"), Antivirus vendors marked dropped file "devconx32.exe" as clean (type is "PE32 executable (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120jpn.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vcredist_x86.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "nsProcess.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120esn.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "Qt5MultimediaWidgets.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "wixstdba.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vcomp120.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "Qt5Widgets.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120u.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120rus.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "qdds.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "qtmedia_audioengine.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "qtaudio_windows.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "mfc120deu.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "BLEAdminTool.bat" as clean (type is "ASCII text with no line terminators"), Antivirus vendors marked dropped file "qico.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "Qt5Network.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows")
- source
- Binary File
- relevance
- 10/10
-
GETs files from a webserver
- details
-
"GET /logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?lu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17 HTTP/1.1
Host: updates.logitech.com
Connection: Keep-Alive"
"GET /logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig%3flu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17 HTTP/1.1
Host: d23iz4esrwkib6.cloudfront.net
Connection: Keep-Alive" - source
- Network Traffic
- relevance
- 5/10
-
Loads rich edit control libraries
- details
-
"LogiCameraSettings_2.12.8.exe" loaded module "%WINDIR%\SysWOW64\riched20.dll" at 73460000
"vcredist_x86.exe" loaded module "%WINDIR%\SysWOW64\riched20.dll" at 73460000
"ServiceLayer.exe" loaded module "%WINDIR%\SysWOW64\riched20.dll" at 73460000 - source
- Loaded Module
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Loads the .NET runtime environment
- details
- "ServiceLayer.exe" loaded module "%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\36eaccfde177c2e7b93b8dbdde4e012a\mscorlib.ni.dll" at 70D70000
- source
- Loaded Module
-
Overview of unique CLSIDs touched in registry
- details
-
"LogiCameraSettings_2.12.8.exe" touched "Computer" (Path: "HKCU\WOW6432NODE\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\SHELLFOLDER")
"LogiCameraSettings_2.12.8.exe" touched "Memory Mapped Cache Mgr" (Path: "HKCU\WOW6432NODE\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}")
"LogiCameraSettings_2.12.8.exe" touched "Shortcut" (Path: "HKCU\WOW6432NODE\CLSID\{00021401-0000-0000-C000-000000000046}\TREATAS")
"vcredist_x86.exe" touched "XML DOM Document" (Path: "HKCU\WOW6432NODE\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}")
"vcredist_x86.exe" touched "AutomaticUpdates Class" (Path: "HKCU\WOW6432NODE\CLSID\{BFE18E9C-6D87-4450-B37C-E02F0B373803}\TREATAS")
"vcredist_x86.exe" touched "CAutoUpdate Class 1.0" (Path: "HKCU\WOW6432NODE\CLSID\{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}\TREATAS")
"vcredist_x86.exe" touched "SPP Class" (Path: "HKCU\CLSID\{4B966436-6781-4906-8035-9AF94B32C3F7}")
"vcredist_x86.exe" touched "PSFactoryBuffer" (Path: "HKCU\WOW6432NODE\CLSID\{23CF860E-9D2C-451A-8E83-C79C848D85A6}\TREATAS")
"vcredist_x86.exe" touched "Msi install server" (Path: "HKCU\WOW6432NODE\CLSID\{000C101C-0000-0000-C000-000000000046}\TREATAS")
"vcredist_x86.exe" touched "Microsoft Windows Installer Message RPC" (Path: "HKCU\CLSID\{000C101D-0000-0000-C000-000000000046}\DLLVERSION")
"vcredist_x86.exe" touched "Task Bar Communication" (Path: "HKCU\WOW6432NODE\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}")
"vcredist_x86.exe" touched "Microsoft Multiple AutoComplete List Container" (Path: "HKCU\WOW6432NODE\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}")
"vcredist_x86.exe" touched "Microsoft Shell Folder AutoComplete List" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}")
"vcredist_x86.exe" touched "Microsoft AutoComplete" (Path: "HKCU\WOW6432NODE\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\TREATAS")
"vcredist_x86.exe" touched "Microsoft TipAutoCompleteClient Control" (Path: "HKCU\WOW6432NODE\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\TREATAS")
"ServiceLayer.exe" touched "WbemDefaultPathParser" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\INPROCSERVER32")
"ServiceLayer.exe" touched "WBEM Locator" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\INPROCSERVER32")
"ServiceLayer.exe" touched "Windows Management and Instrumentation" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}")
"ServiceLayer.exe" touched "Microsoft WBEM Call Context" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\TREATAS")
"ServiceLayer.exe" touched "Microsoft WBEM (non)Standard Marshaling for IWbemServices" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TREATAS") - source
- Registry Access
- relevance
- 3/10
-
Process launched with changed environment
- details
-
Process "vcredist_x86.exe" (Show Process) was launched with new environment variables: "PROCESSOR_ARCHITEW6432="AMD64""
Process "vcredist_x86.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, PROCESSOR_ARCHITECTURE, ProgramFiles"
Process "msiexec.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, LOCALAPPDATA, USERDOMAIN, PROCESSOR_ARCHITECTURE, TEMP, APPDATA, USERPROFILE, TMP, ProgramFiles"
Process "msiexec.exe" (Show Process) was launched with missing environment variables: "PROCESSOR_ARCHITEW6432, LOGONSERVER, HOMEPATH, HOMEDRIVE"
Process "VideoServiceInstall.exe" (Show Process) was launched with new environment variables: "PROCESSOR_ARCHITEW6432="AMD64", LOGONSERVER="\\HAPUBWS-PC", HOMEPATH="\Users\dmMy1LQ", HOMEDRIVE="C:""
Process "VideoServiceInstall.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, LOCALAPPDATA, USERDOMAIN, PROCESSOR_ARCHITECTURE, TEMP, APPDATA, USERPROFILE, TMP, ProgramFiles"
Process "ServiceLayer.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, LOCALAPPDATA, USERDOMAIN, PROCESSOR_ARCHITECTURE, TEMP, APPDATA, USERPROFILE, TMP, ProgramFiles"
Process "ServiceLayer.exe" (Show Process) was launched with missing environment variables: "PROCESSOR_ARCHITEW6432, LOGONSERVER, HOMEPATH, HOMEDRIVE" - source
- Monitored Target
- relevance
- 10/10
-
Reads Windows Trust Settings
- details
-
"vcredist_x86.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING"; Key: "STATE")
"msiexec.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING"; Key: "STATE")
"ServiceLayer.exe" (Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING"; Key: "STATE") - source
- Registry Access
- relevance
- 5/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart" (Show Process)
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart -burn.unelevated BurnPipe.{4DAE052F-E ..." (Show Process)
Spawned process "msiexec.exe" with commandline "/V" (Show Process)
Spawned process "VideoServiceInstall.exe" with commandline "/S" (Show Process)
Spawned process "ServiceLayer.exe" (Show Process)
Spawned process "DismHost.exe" with commandline "{C51F6FE7-AA6B-49A0-ABC5-6F41121ADC05}" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart" (Show Process)
Spawned process "vcredist_x86.exe" with commandline "/install /quiet /norestart -burn.unelevated BurnPipe.{4DAE052F-E ..." (Show Process)
Spawned process "msiexec.exe" with commandline "/V" (Show Process)
Spawned process "VideoServiceInstall.exe" with commandline "/S" (Show Process)
Spawned process "ServiceLayer.exe" (Show Process)
Spawned process "DismHost.exe" with commandline "{C51F6FE7-AA6B-49A0-ABC5-6F41121ADC05}" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.2.5.4.15=Private Organization, SERIALNUMBER=C1067879, C=US, S=California, L=Newark, O=Logitech Inc, CN=Logitech Inc" (SHA1: 8F:A3:2D:53:8B:DF:7C:F7:A5:6C:C4:15:A7:C0:BD:E6:D8:48:9D:0E: (1.2.840.113549.1.1.11); see report for more information)
The input sample is signed with a certificate issued by "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA SHA2" (SHA1: 60:EE:3F:C5:3D:4B:DF:D1:69:7A:E5:BE:AE:1C:AB:1C:0F:3A:D4:E3: (1.2.840.113549.1.1.11); see report for more information)
The input sample is signed with a certificate issued by "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA" (SHA1: 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25: (sha1RSA(RSA)); see report for more information) - source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
The input sample is signed with a valid certificate
- details
- The entire certificate chain of the input sample was validated successfully.
- source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
Accesses Software Policy Settings
-
Installation/Persistence
-
Connects to LPC ports
- details
- "LogiCameraSettings_2.12.8.exe" connecting to "\ThemeApiPort"
- source
- API Call
- relevance
- 1/10
-
Dropped files
- details
-
"DISMHOST.EXE.5FC917D8.bin" has type "PE32+ executable (GUI) x86-64 for MS Windows"
"devconx32.exe" has type "PE32 executable (console) Intel 80386 for MS Windows"
"qicns.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"testServiceLayer.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"mfc120jpn.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"qwindows.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qnativewifibearer.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qsvgicon.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"qwbmp.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vcredist_x86.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"mfc120.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"nsProcess.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"Logitech Camera Settings.lnk" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Has Working directory Archive ctime=Fri Sep 18 21:21:12 2020 mtime=Thu Dec 3 15:36:48 2020 atime=Fri Sep 18 21:21:12 2020 length=1992840 window=hide"
"WinSparkle.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"ServiceLayer.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"qgenericbearer.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"11526e.msi" has type "Composite Document File V2 Document Little Endian O%WINDIR%\Version 6.1 MSI Installer Code page: 1252 Title: Installation Database Subject: Visual C++ 2013 x86 Additional Runtime Author: Microsoft Corporation Keywords: Installer Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005. Template: Intel;1033 Revision Number: {5703FD24-BF2D-4D14-AB2F-E415A0361E63} Create Time/Date: Sat Oct 5 10:36:30 2013 Last Saved Time/Date: Sat Oct 5 10:36:30 2013 Number of Pages: 301 Number of Words: 2 Name of Creating Application: Windows Installer XML (3.7.1623.0) Security: 2"
"mfc120esn.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"qwebp.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"LogiCameraSettings_2.12.8.exe" touched file "%WINDIR%\SysWOW64\oleaccrc.dll"
"LogiCameraSettings_2.12.8.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu"
"LogiCameraSettings_2.12.8.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs"
"LogiCameraSettings_2.12.8.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Logitech Camera Settings"
"LogiCameraSettings_2.12.8.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Logitech Camera Settings\Logitech Camera Settings.lnk"
"LogiCameraSettings_2.12.8.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"LogiCameraSettings_2.12.8.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
"LogiCameraSettings_2.12.8.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db"
"vcredist_x86.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"msiexec.exe" touched file "C:\Windows\AppPatch\AppPatch64\sysmain.sdb"
"msiexec.exe" touched file "C:\Windows\System32\msiexec.exe"
"msiexec.exe" touched file "C:\Windows\AppPatch\AppPatch64\AcLayers.dll"
"msiexec.exe" touched file "C:\Windows\AppPatch\AppPatch64\AcGenral.dll"
"msiexec.exe" touched file "C:\Windows\System32\en-US\msiexec.exe.mui"
"msiexec.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"msiexec.exe" touched file "%ALLUSERSPROFILE%\Microsoft\Windows\Templates"
"VideoServiceInstall.exe" touched file "C:\Windows\SysWOW64\oleaccrc.dll"
"VideoServiceInstall.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"VideoServiceInstall.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "1b:b&b6b.bS"
Heuristic match: "wH:h+).Gm"
Heuristic match: "&Zj;7b.Fm"
Heuristic match: "Q/BXpG.Pa"
Pattern match: "http://nsis.sf.net/NSIS_Error"
Heuristic match: "updates.logitech.com"
Heuristic match: "d23iz4esrwkib6.cloudfront.net"
Heuristic match: "dynamodb.us-west-2.amazonaws.com"
Pattern match: "http://wixtoolset.org/schemas/thmutil/2010"
Pattern match: "http://schemas.microsoft.com/wix/2006/localization" - source
- File/Memory
- relevance
- 10/10
-
HTTP request contains Base64 encoded artifacts
- details
- "Z ,z^?Nr"["
- source
- Network Traffic
- relevance
- 7/10
- ATT&CK ID
- T1132 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
-
System Security
-
Creates or modifies windows services
- details
-
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VSS\DIAG")
"vcredist_x86.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS\DIAG\SYSTEMRESTORE")
"vcredist_x86.exe" (Access type: "SETVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS\DIAG\SYSTEMRESTORE"; Key: "SRCREATERP (ENTER)"; Value: "4000000000000000F5B26F448AC9D601A40C0000300B0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000"), "vcredist_x86.exe" (Access type: "SETVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS\DIAG\SYSTEMRESTORE"; Key: "SRCREATERP (LEAVE)"; Value: "4000000000000000AD99E9498AC9D601A40C0000300B0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000"), "ServiceLayer.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS"), "ServiceLayer.exe" (Access type: "SETVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION"; Key: "AUTOBACKUPLOGFILES"; Value: "00000000"), "ServiceLayer.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\VC HELPER"), "ServiceLayer.exe" (Access type: "SETVAL"; Path: "HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\VC HELPER"; Key: "EVENTMESSAGEFILE"; Value: "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
-
"LogiCameraSettings_2.12.8.exe" opened "\Device\KsecDD"
"ServiceLayer.exe" opened "\Device\KsecDD"
"DismHost.exe" opened "\Device\KsecDD" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates or modifies windows services
File Details
LogiCameraSettings_2.12.8.exe
- Filename
- LogiCameraSettings_2.12.8.exe
- Size
- 77MiB (80277272 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- 4a18682e139a4bf665f7bf348c2887e52c656c1c4b3797817a2849668808bb97
- MD5
- 352d00b31ef0ac99d6c901308ceb9ef8
- SHA1
- 6c4f686ab8e8eff6e137b25e8c7980d7ae2a2824
File Certificates
Certificate chain was successfully validated.
Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.2.5.4.15=Private Organization, SERIALNUMBER=C1067879, C=US, S=California, L=Newark, O=Logitech Inc, CN=Logitech Inc | OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.2.5.4.15=Private Organization, SERIALNUMBER=C1067879, C=US, S=California, L=Newark, O=Logitech Inc, CN=Logitech Inc Serial: 08fc2a6c411d88e7253c3d99170eae62 |
06/29/2020 01:00:00 07/22/2022 13:00:00 |
8F:A3:2D:53:8B:DF:7C:F7:A5:6C:C4:15:A7:C0:BD:E6:D8:48:9D:0E: (1.2.840.113549.1.1.11) |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA SHA2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA SHA2 Serial: 03f1b4e15f3a82f1149678b3d7d8475c |
04/18/2012 13:00:00 04/18/2027 13:00:00 |
60:EE:3F:C5:3D:4B:DF:D1:69:7A:E5:BE:AE:1C:AB:1C:0F:3A:D4:E3: (1.2.840.113549.1.1.11) |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA Serial: 02ac5c266a0b409b8f0b79f2ae462577 |
11/10/2006 01:00:00 11/10/2031 01:00:00 |
5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25: (sha1RSA(RSA)) |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 7 processes in total (System Resource Monitor).
-
LogiCameraSettings_2.12.8.exe
(PID: 2516)
-
vcredist_x86.exe
/install /quiet /norestart
(PID: 3236)
- vcredist_x86.exe /install /quiet /norestart -burn.unelevated BurnPipe.{4DAE052F-E748-4590-A076-4CE91755AAFA} {A4F7E4BE-F942-4B16-B42A-F19CC2F8FB68} 3236 (PID: 2412)
- VideoServiceInstall.exe /S (PID: 1012) 1/58
-
vcredist_x86.exe
/install /quiet /norestart
(PID: 3236)
- msiexec.exe /V (PID: 3548)
- ServiceLayer.exe (PID: 2428) 1/92
- DismHost.exe {C51F6FE7-AA6B-49A0-ABC5-6F41121ADC05} (PID: 2364)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
d23iz4esrwkib6.cloudfront.net
OSINT |
13.249.90.199
TTL: 59 |
MarkMonitor, Inc. | United States |
dynamodb.us-west-2.amazonaws.com
OSINT |
52.94.28.96
TTL: 4 |
MarkMonitor, Inc. | United States |
updates.logitech.com
OSINT |
54.161.42.116
TTL: 59 |
MarkMonitor, Inc.
Organization: Logitech Intl. SA Name Server: NS-1.LOGITECH.COM Creation Date: Mon, 07 May 1990 00:00:00 GMT |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
23.63.245.51 |
80
TCP |
vcredist_x86.exe PID: 3236 |
United States |
52.94.29.212 |
443
TCP |
servicelayer.exe PID: 2428 |
United States |
54.161.42.116 |
80
TCP |
servicelayer.exe PID: 2428 |
United States |
13.249.90.199 |
80
TCP |
servicelayer.exe PID: 2428 |
United States |
52.94.29.8 |
443
TCP |
servicelayer.exe PID: 2428 |
United States |
52.94.28.58 |
443
TCP |
servicelayer.exe PID: 2428 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
54.161.42.116:80 (updates.logitech.com) | GET | updates.logitech.com/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?lu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=lo... | GET /logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?lu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17 HTTP/1.1
Host: updates.logitech.com
Connection: Keep-Alive More Details |
13.249.90.199:80 (d23iz4esrwkib6.cloudfront.net) | GET | d23iz4esrwkib6.cloudfront.net/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig%3flu.uo... | GET /logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig?/logitech/vc/vcserv/1.17.5.0/0/w07/64/vcsi.exe.sig%3flu.uos=w07&lu.ubi=64&lu.hp=vcserv&lu.hv=1.17.5.0&lu.hpo=0&lu.hbr=logitech&neb.ver=1.17 HTTP/1.1
Host: d23iz4esrwkib6.cloudfront.net
Connection: Keep-Alive More Details |
Extracted Strings
Extracted Files
Displaying 84 extracted file(s). The remaining 57 file(s) are available in the full version and XML/JSON reports.
-
Malicious 14
-
-
VideoServiceInstall.exe
- Size
- 4.1MiB (4343856 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
- AV Scan Result
- Labeled as "Malware.Generic" (1/58)
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- dced2b28b478e3f52afc155d55ab724a
- SHA1
- 3e9f89cf3744fce10d67d73bb0ccc305545ebe9b
- SHA256
- e78978d514e68e164b3b6eb854257ef6afe01d47705be4ea01a9dd6976e28de7
-
WinSparkle.dll
- Size
- 1.8MiB (1931400 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware" (1/81)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 0cc58c6c810ee947230326a1249538fa
- SHA1
- 057fcc627f48926a3b384b06fc7f314cb5f8ee21
- SHA256
- 96b63d203a3e706522f38fd34081465ca3685dd72167f20011255fda27c52162
-
qgenericbearer.dll
- Size
- 44KiB (45192 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/92)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- b7c361ed75dfaf79bb6779b700294946
- SHA1
- 09f27f683a7635ff33ccfab338930c44d54c1a35
- SHA256
- d5da9924de0615d8c70f6e4ef42d09bf06495952adc5fff5158d98b97f5dbd1d
-
qnativewifibearer.dll
- Size
- 46KiB (47240 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/91)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 6f24701b905618e24fcd7d03ef6624ed
- SHA1
- a50647fa5429485ae51de58dd665d681efdce612
- SHA256
- 4337f55cb43e0177f55702cb17f9a2bc2345cb1bb09aade26a3f1608011838f5
-
qsvgicon.dll
- Size
- 36KiB (36488 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unsafe" (1/68)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 29bc6de9425eb3daeeff3b5db0d74288
- SHA1
- 89cf523db2e922abf3461d4fce5ccda63b22c6d5
- SHA256
- 91888d809b004f91993c7b526d10c31d71065f24bb009071df0a0eeb7cdfd781
-
qicns.dll
- Size
- 38KiB (38536 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/90)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 9c13882121ee98de142bc97702878265
- SHA1
- 6a13782a0efd8e43df687dc3842dc8e49f2acdcb
- SHA256
- 53e6282120a6566666ce659056bff0b088c5552cae73e35cc95d128be84efd51
-
qwbmp.dll
- Size
- 25KiB (25736 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/82)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- e743efb3480528c47f57f74d8eff714b
- SHA1
- ba42130dd1163df33de77d2a4c6ca42c713aa7a8
- SHA256
- 8c38fe96ea254f38c4cb9a9d38ef4bf202bbe33ade6b08146ee39a4220f40ba0
-
qwebp.dll
- Size
- 369KiB (377480 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/91)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 2d92756200d9c13c8f025fe0dedf9d77
- SHA1
- d65aa9bf8f09a2a5a47462103563640a61ceb7cb
- SHA256
- a1bd9a593b7b8351664bba23ae19abd1429b38256d665cf732c36ebd8babe4fa
-
qwindows.dll
- Size
- 973KiB (995976 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Unavailable" (1/91)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 18a255783f362521d8c7451a15f255be
- SHA1
- f0e806f00e00f90a60ba08236509a33c30260c83
- SHA256
- d9d0826db511b55c5d19e37c0c21031c2637a0f97a4a0c05f90da8d617e0e347
-
ServiceLayer.exe
- Size
- 4.3MiB (4490376 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- AV Scan Result
- Labeled as "Malware" (1/92)
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- a89fcdf729b29f583b24f27999a67488
- SHA1
- ecd4a6eac1472abe2dbc5c2a25a57da9036dc0c8
- SHA256
- ed251c3ae4420ea44599fa19511e3e1c44913f2d7b21b5b60eb962d29c67908f
-
testServiceLayer.exe
- Size
- 4.3MiB (4490376 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- AV Scan Result
- Labeled as "Malware" (1/92)
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- a89fcdf729b29f583b24f27999a67488
- SHA1
- ecd4a6eac1472abe2dbc5c2a25a57da9036dc0c8
- SHA256
- ed251c3ae4420ea44599fa19511e3e1c44913f2d7b21b5b60eb962d29c67908f
-
UserInfo.dll
- Size
- 4KiB (4096 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/71)
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- dada3e1836af78d5b24499da252d01e4
- SHA1
- d2a1c25405e3c74973cf18dec2c7138df9e96a83
- SHA256
- 0073337816509851476c2cc154f471a3e3a1a2806b97c363870acc09a30a5ed7
-
AccessControl.dll
- Size
- 15KiB (15360 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware.Generic" (1/70)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- f894e7068ee5f5b4489d7acdde7112c9
- SHA1
- 79ec857791ad4ac76673b05e6fc44e55315424ef
- SHA256
- 3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab
-
vcredist_x86.exe
- Size
- 451KiB (461368 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "Malware" (1/93)
- Runtime Process
- vcredist_x86.exe (PID: 2412)
- MD5
- 2335ab0c0e19c0ef416d07df66fee649
- SHA1
- 1e8794aff453f7647a6c149f3d38f7a3ff4ccd1b
- SHA256
- f0e46c0f9b2991fa6d187c6b2bed28139c67804cc58cc45c77f06a6f217cb21a
-
-
Clean 50
-
-
D3Dcompiler_47.dll
- Size
- 3.3MiB (3466856 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- c5b362bce86bb0ad3149c4540201331d
- SHA1
- 91bc4989345a4e26f06c0c781a21a27d4ee9bacd
- SHA256
- efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
-
DevManagerCore.dll
- Size
- 245KiB (250504 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 96246515220cdf73c469de0d4e573d27
- SHA1
- 335b6e4c797d4df01de3093115fe9dc90231ab75
- SHA256
- 077be62363c02868a2c125ba487165889a809d0ba3ae82ccc6905f395d7b75f3
-
Helper.exe
- Size
- 320KiB (327304 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 2393e2914ee61774f51e5434925ea532
- SHA1
- fdc39b22d12b4a9318464c44220a5a8f513f332c
- SHA256
- 50f9a0d1c69fe1149ad435339911400f9ba7175d35b398a83f2b68d645ac96f8
-
Qt5Gui.dll
- Size
- 4.7MiB (4875912 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 1da307dbc017276691a967d4ad69e45d
- SHA1
- fb2a17764ee07ac86dee479ffd5075de20df8040
- SHA256
- 1d4eff21980778f595492d1a895bfe7c811bccc70dba8829e31852c00c0551c4
-
Qt5Multimedia.dll
- Size
- 564KiB (577672 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 7de11a570fb01931003e01dd2434d34d
- SHA1
- 899d28a34de315bc15b45ab11c4342ae9267decb
- SHA256
- 4f09e06a35ed96093fe49d2bf5634fd143d03449a176709a43075bba2cd4ee62
-
Qt5MultimediaWidgets.dll
- Size
- 88KiB (90248 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- b5812b88f0d63a388a3299ebee5ec800
- SHA1
- 10be4853537dbc34f92840b8ba47ff378a8f6f7b
- SHA256
- c66de59b893aa25f654d22494d7a5e1311b60e3da9fbe011a6a2f8656174a2a6
-
Qt5Network.dll
- Size
- 837KiB (857224 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 1682443ab90c215e3775091082666d3e
- SHA1
- 331ff293089175ec91c14c2fc6239839ae7317b1
- SHA256
- f2381bedc4cf813af6185a9755ab0a93e01df94d0d9ccf7791e367727d0948d2
-
Qt5OpenGL.dll
- Size
- 272KiB (278664 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 8762e381e06f3783bb396d7db338ce92
- SHA1
- 03640f70a9d39802097eccafd23ea2429258494d
- SHA256
- 731012a8db68ad570ef69afa191a6ce594f3f789c656f42970c573e67f7ce20a
-
Qt5Svg.dll
- Size
- 253KiB (259208 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- c265c67a2c0115a9700ff379c05a369f
- SHA1
- 7b627ebde36225f454ba2ba2446d3bb1f07c39c3
- SHA256
- 20ea506db472126910d326ff2777bdb7b24ca117d7b300fed43f6fc993974779
-
Qt5WebSockets.dll
- Size
- 114KiB (116872 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 6b11687e251ec3b7cbd61a4cf898a6ef
- SHA1
- c85499b75a510c38de8055a04220ace3cc628a8d
- SHA256
- 0a74cf1f372b5a993f218d327544a9ea6cc3ba5825feae4876e994eaac25ec8c
-
Qt5Widgets.dll
- Size
- 4.3MiB (4494472 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/57
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 13ece035bd3e63f29115ffc6dc6819c0
- SHA1
- 40517976716abb989dae81800c741e8f501a655c
- SHA256
- 3838454c66901bfbdeb7da0ef005d9a6587aa1fab095be007713823507466a62
-
qtaudio_windows.dll
- Size
- 50KiB (51336 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 8095f7471aaa9120b1c0580b5d209cb9
- SHA1
- 8563fe7f432eb2a0dd7f37910d7d9f12f9001ed8
- SHA256
- 89005c11b2a69df6d5ad5733551ba33c05a18fb9755f35c17e8f0eba8283886f
-
aws-cpp-sdk-core.dll
- Size
- 768KiB (786056 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 9633bdc7767e4c70dbb38e8336373e96
- SHA1
- 42fdad7399b88650778d9f68f5ab0008fb4dd027
- SHA256
- 5209ed4fcac18b975d3bb97c7e956b645c52bb427a8864574ff93a2078302df4
-
aws-cpp-sdk-dynamodb.dll
- Size
- 944KiB (966280 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- eb2d8c1e1f04e9ab59a2eb26f5d36d04
- SHA1
- d655f5ccf4a2f92b95cff250701cbb582311cc9d
- SHA256
- 8d685f5d77dead3dcadb48ed5449abbb25893fcddc1b9e02a680e6aa040f8481
-
qdds.dll
- Size
- 45KiB (46216 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- fba01a4148f1c7c7b291569ab5869fc1
- SHA1
- 5a5f5153cefa7474a6928e21463d79a23a866a11
- SHA256
- 8d0084c2b4f0cd45a0f06d2582aeab2d542e9bc67b43cdbad7d2dccd6837b4e8
-
qgif.dll
- Size
- 32KiB (32392 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 9225b804e1ce729c21e7d5842fa64b01
- SHA1
- af3b4f7305a19e098e0cd5d2d418311816abca9c
- SHA256
- f36e4034a245b978c35ee9561d8be5e5e6aadfcc19380220d4b504e5e408c223
-
qico.dll
- Size
- 32KiB (32392 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 074cc1f00a044e9da2092dd098c682de
- SHA1
- 2620c40c504412b0d573c9c2f932940037e94b3d
- SHA256
- ed035e81f8931116845dbf6fb22195812b2dfbd9c31c2ca67a3618f2e9048c16
-
qsvg.dll
- Size
- 26KiB (26248 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 47a45ccbc8f24ff09ae37c3f9783954c
- SHA1
- 9ce40641cf6371b0bc9fc249f54ea10837241205
- SHA256
- 87cb4c9d42d83b2010ff1e86b055aacfc5ce7d1d06d1ad0f45b33d4584964548
-
qtga.dll
- Size
- 25KiB (25736 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/57
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 25a5b3d59b3009a1a478899aebf1c9af
- SHA1
- 4770bb8a76c71dcdfcf36c927f77ccd903fecd75
- SHA256
- d6c9b7b92501647b62669f7602daee3ae75cbd54aa52ca01963b45778aea6ad5
-
qtiff.dll
- Size
- 314KiB (321160 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 779a0ff265990ccfd7d689d46bb6e0c9
- SHA1
- 240a67ae77c896f20af051398a17fef9327e36d3
- SHA256
- d454c253570ba750ca802686b144d0b0814f2c4332c9baabe72834c468644269
-
libEGL.dll
- Size
- 19KiB (19080 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 9eb66cd203409d8fea28a36caa617bfb
- SHA1
- b8010de66e852b38fff1f3a6721f7000199e398a
- SHA256
- 6f52e0cd3b3c270fe0a4b79b5075bec8692c39ccbe97fafefb03d6d54cb0e159
-
libGLESV2.dll
- Size
- 1.9MiB (1997960 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- e5c8bf63f9e5f5ff882373e139c6d05f
- SHA1
- 78b1d2f4cbf122f536655a94d51055804c07efd8
- SHA256
- 5430b9dfc016742083100717c61f2bae3415b9e298feb89fd1dc497179b203fa
-
dsengine.dll
- Size
- 178KiB (181896 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- fa6856e7b02bf512eb8756e8f9ba33a6
- SHA1
- f5d829529d16b1fd00b75b2d37d42188b39e026e
- SHA256
- 74be577ec5fa15f68f8bf27ae2fa925bcc8a18cdefd3409c7ecedc97334b92f5
-
qtmedia_audioengine.dll
- Size
- 52KiB (53384 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 5980d64ab3865218e83c2c5d5585ab74
- SHA1
- aa29d8372913ad5909aab95e7c740926b86eaa88
- SHA256
- a497da7e49999ca91d69b84684b2d03cbd368f312c7bec1cf9a66e4280940c44
-
qtmultimedia_m3u.dll
- Size
- 28KiB (28808 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 5e57c2ceea2f80a3e939d820a2e70603
- SHA1
- be3f8036d45bb02f92852aa51a7fd271efe81aef
- SHA256
- 512012fab59da0f32066ac3628cf31db14d8f392301e983ce47adec2b097065f
-
uninstall.exe
- Size
- 274KiB (280992 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 88f9c43ea3dd263607b72c7ddeda3013
- SHA1
- 7843f2c45ed03adff9f034062f82c0b57e007f44
- SHA256
- a85219739eaeb5f1b17bf25a43b529435fd006c3d402eef1ee4b7455a0ab63ab
-
BLEAdminTool.bat
- Size
- 22B (22 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- AV Scan Result
- 0/58
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- 3f0373ea76ea4136acc30bb8d5645009
- SHA1
- e71eb8815d5eaac48087b544d5a3546a03fa9b2f
- SHA256
- b7b1ee9c22a16c9b0e8383a523c4a83a9b79ee7a2250370e24015d0719a01d04
-
CameraServiceUnInst.exe
- Size
- 128KiB (130640 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
- AV Scan Result
- 0/70
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- aa1bc3515e4902301fa23f81ea26a342
- SHA1
- 7d0865fc1ac2b2a57e88f17054ad35cd279baafb
- SHA256
- 3fffd362e0a9cf00553d45c2f28b5f8ddb7bc7af2468a2e22d2b2291f1368b6c
-
LogiDFULib.dll
- Size
- 786KiB (804456 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- f994388096fc31c74f0ffd4c2df322dc
- SHA1
- 2095d8486468903bdc968de0412f7d1bea228e71
- SHA256
- 1cc427fb194d74fff1b522edd1711a780de3b1cdbc8447badf485664240b196e
-
devconx32.exe
- Size
- 82KiB (84176 bytes)
- Type
- peexe executable
- Description
- PE32 executable (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/93
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- d0d909bba11584f2190dd667f52e5948
- SHA1
- ce59c07d0c1978bcb6e1ea48511a7fabe72bbbed
- SHA256
- 5cd3351a66e33a05a8025582b77a03938a784d622265f1be686b723eda7223c6
-
devconx64.exe
- Size
- 88KiB (89808 bytes)
- Type
- peexe 64bits executable
- Description
- PE32+ executable (console) x86-64, for MS Windows
- AV Scan Result
- 0/72
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- 591860142a2d1600498fa37cdecf0316
- SHA1
- fd9837df7b6f97f69f39838848375bd07840fbb2
- SHA256
- b532bfcdbbdf8b4fe4ed025f177683771b37c6c0d633b25b29446aa705939187
-
SimpleSC.dll
- Size
- 62KiB (62976 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- d63975ce28f801f236c4aca5af726961
- SHA1
- 3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9
- SHA256
- e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43
-
System.dll
- Size
- 12KiB (11776 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- 75ed96254fbf894e42058062b4b4f0d1
- SHA1
- 996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
- a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
-
nsProcess.dll
- Size
- 4.5KiB (4608 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- faa7f034b38e729a983965c04cc70fc1
- SHA1
- df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
- 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
-
nsDialogs.dll
- Size
- 9.5KiB (9728 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- ca95c9da8cef7062813b989ab9486201
- SHA1
- c555af25df3de51aa18d487d47408d5245dba2d1
- SHA256
- feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
-
wixstdba.dll
- Size
- 118KiB (120320 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- Runtime Process
- vcredist_x86.exe (PID: 2412)
- MD5
- a52e5220efb60813b31a82d101a97dcb
- SHA1
- 56e16e4df0944cb07e73a01301886644f062d79b
- SHA256
- e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf
-
vcamp120.dll
- Size
- 332KiB (339616 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- 3bca5a693f9f772fc8f92a61e45320fc
- SHA1
- c84a6bb36d9d4cde3becf4135cf8bdd0e43f68ee
- SHA256
- 25fd2eb39c27717838d115b44a53c89d028c0e00967c7fce4474e832e108db7f
-
vcomp120.dll
- Size
- 117KiB (119456 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- 27bc360d67f269a61bb052e10c9fceeb
- SHA1
- 8d81406c8dd3ed8894d8aee07dd718dcfd2035c5
- SHA256
- fc12360ff09830bf08b7a2a238016eea2b9e9475cbea4c22043b264e76b3420c
-
DISMHOST.EXE.5FC917D8.bin
- Size
- 95KiB (96768 bytes)
- Type
- peexe 64bits executable
- Description
- PE32+ executable (GUI) x86-64, for MS Windows
- AV Scan Result
- 0/93
- MD5
- 516a5fce06bb388499238a5f9286cb74
- SHA1
- 958be7d02fca674fb386482090b9a5024d0a1538
- SHA256
- 9a4b735603297448841758b29d3c387a4ce84e5fd0dae05622f43ce53b8c85e6
-
mfc120jpn.dll
- Size
- 53KiB (53928 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/91
- MD5
- 4ba51da48f1ba2222664017724251775
- SHA1
- 09b4b1f07c8da202355cbb4a7d4139a308b9c948
- SHA256
- 776d3e99fa205289d1b85a5ead9ed1a412526cbd6428a9b2e7bc857dc4734646
-
mfc120.dll
- Size
- 4.2MiB (4424344 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/91
- MD5
- df9a5545501a2442ca54c73c6f4de827
- SHA1
- 94e5abde9625c59a140249f52bdcdcfabacd7a0e
- SHA256
- 5855b0e1e04f2dbff129c8d9f6954c0bd538e4dc12addf7aa5531ab073e8beee
-
mfc120esn.dll
- Size
- 72KiB (73896 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/90
- MD5
- 0f79e653d7f5180678e457ce39813f0e
- SHA1
- 1502bec70a4f611976336f3b2b0976520465d6c9
- SHA256
- ae5eeb021006b52f66d9594f3fe7b26c934e41ecf24d252871e46442aff39b55
-
mfc120u.dll
- Size
- 4.2MiB (4449952 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- MD5
- f4f2a4c459dd3aa22dd3984d13b15746
- SHA1
- d52dc1af7bf7eca1520380fac01f8ab225b11aa3
- SHA256
- c2d0e285e2333a9c620be04a5747881af0d5615da32226886e659ff31a9761cc
-
mfc120rus.dll
- Size
- 69KiB (70824 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- MD5
- dfb441ca61002365f2db2ef8769455e4
- SHA1
- f189f4b46cc8530f3a53d9bb7bb0749893be2a04
- SHA256
- d4e11f22d3c71cd99ee3731777b1943ff3a6b828c1eeaafaea0afff56646e7dc
-
mfc120deu.dll
- Size
- 73KiB (74920 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- MD5
- b82a4ba3ebaebd8810f2304c0535da4c
- SHA1
- 54611d7788abcbaf2c3460f457ad8a76806de5de
- SHA256
- 9248457f55d091f97d282f14d3d55bc28cba5024b69050209df0f0a8806f8b5a
-
mfcm120u.dll
- Size
- 81KiB (83104 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- AV Scan Result
- 0/70
- MD5
- ab8766067bb26d7ab4061b0e4fc7d2c0
- SHA1
- 8d4adf067ac4c9af7f9a682bcc8dfbd2e178aebc
- SHA256
- 90b76725dc52692c8f6ed41eb898719b6c197890a37a4add62807fb357525fef
-
mfc120chs.dll
- Size
- 45KiB (46248 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- 1d343669e50f2cf53901c0b1a85d67f8
- SHA1
- 18955a82d87302066be07e1ddd2e2c83fad3a3be
- SHA256
- 68ec84b251dfb616e48141d674f423e70489b2b749164c0cc5c809c259f4e2af
-
mfc120enu.dll
- Size
- 64KiB (65192 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- bc61781863211abbc7c15248ccfaf9a0
- SHA1
- 00c5a5f79a64393ce56147d2a0f19e250bf284ec
- SHA256
- 9e222c509f5d1e7d451a37220b9c6574dec36fb1c5042426278478e640cf0052
-
mfc120ita.dll
- Size
- 71KiB (72872 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/70
- MD5
- ffa0b900c2c0401d902465591e165e16
- SHA1
- 7d73d542296b53562f424946d02e8c73d08171b2
- SHA256
- b175c54c7faf7b29ba8ee5c3eb647e05fd8ac5e6cbfe638a27815f621795f2eb
-
mfc120kor.dll
- Size
- 52KiB (53416 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/69
- MD5
- 6201122886a4557a3e97647f95fb34ac
- SHA1
- ad8831969784c168c861d15708528e2d359eab96
- SHA256
- 07cc905fcdbe661903851f371584388ab338c9cc2dee3fe0f91d3562e7b68078
-
-
Informative 20
-
-
Logitech Camera Settings.lnk
- Size
- 1.3KiB (1352 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Sep 18 21:21:12 2020, mtime=Thu Dec 3 15:36:48 2020, atime=Fri Sep 18 21:21:12 2020, length=1992840, window=hide
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 661c53fb1c8cf3f003e2b2aa400e98c3
- SHA1
- 935e8b04f3582b49a1600191a42cca25a38a2500
- SHA256
- dd4722bc140e5935964efb46ffd63ef7c0d3cfcebc931b6289a63aa52f0cd326
-
vcRuntimeMinimum_x86
- Size
- 140KiB (143360 bytes)
- Runtime Process
- vcredist_x86.exe (PID: 2412)
- MD5
- e3e632c282f2b368bca82aacb80aceaf
- SHA1
- 04a046e2ebb681b53f46db1ec1434faef8b17618
- SHA256
- 1937f3fea43918d3fb8b8bb74fd1210467f9186ad06729de82f8f0448ae65509
-
vcRuntimeAdditional_x86
- Size
- 140KiB (143360 bytes)
- Runtime Process
- vcredist_x86.exe (PID: 2412)
- MD5
- d0a78fcac0b92a149fe51c76371c989a
- SHA1
- edc4cb1484ddc7a5633efad60ea0899445ac1ca0
- SHA256
- ff206329ef1e41c038a12ca1e10634c647a8f1022e2130b7c49d91dbd48fb79a
-
state.rsm
- Size
- 742B (742 bytes)
- Runtime Process
- vcredist_x86.exe (PID: 3236)
- MD5
- f551949391629e80a6d8969c2c2048bc
- SHA1
- 661ce9a53857b7ea774f81079179082bae1cc248
- SHA256
- ae2d6d617261296d3d79b01ed6ed4a6fb2050a5757ba81c16de70c314f88a87b
-
696F3DE637E6DE85B458996D49D759AD
- Size
- 244B (244 bytes)
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- ae34daadd2316fb8751d555401fd29f8
- SHA1
- 5ae3fb51a0c3418837ce7d273683eb80a58bdb31
- SHA256
- 2628dd6781aa095eaf007d1f9f1f78131bdfac7ae1ebcb214efc0fa7ed3e5b67
-
7396C420A8E1BC1DA97F1AF0D10BAD21
- Size
- 256B (256 bytes)
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- 979266f7e18eb867b66e2d17ae31282f
- SHA1
- 3cccc537530d7bd53aa411488034b34c20591320
- SHA256
- 58f2619b20c99a2e0ca5d2d4d23e4efc729b3f2895988d61e7780fde7d5e8798
-
F90F18257CBB4D84216AC1E1F3BB2C76
- Size
- 252B (252 bytes)
- Runtime Process
- vcredist_x86.exe (PID: 3236)
- MD5
- 7b58130f9bdde6309a4d66968a4af192
- SHA1
- 907a4ca2a1090929290dcd0a58af846d58b110b0
- SHA256
- 6319c1b457afb6997cc7b7379700e4a77df629c03234fd1af3896007f82b8472
-
LogitechCamera.exe
- Size
- 1.9MiB (1992840 bytes)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 74ac0671a4fa29735934ee1732a9677c
- SHA1
- b38ebb4be6f64613f8fdc45a88d7d86b005d5659
- SHA256
- f8e4aa18b4555816b809838251299a10bd2a4ccb8e7def1c06839b7994237056
-
Qt5Core.dll
- Size
- 4.5MiB (4681352 bytes)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 6a67af82f08105d2a54fb2a8e143a45d
- SHA1
- fd99825baf7cd0515e5ebe04723043617c48dd5b
- SHA256
- 98af127acdef4bf44bb806f47cf748a1fa72fff742d88a144a0be7b56fdd9fd6
-
qjpeg.dll
- Size
- 245KiB (251016 bytes)
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- bfe298d4d5696f83ff157d7ce36e9c3f
- SHA1
- d36a5be698e2ef90c246884110383c15340ef88b
- SHA256
- 06d40fef78022bd01407d6b79fd63bf08b7dcb0c6621783c2b6544b70c97aa98
-
mu_.net_framework_4.5_r2_x86_x64_1076098.exe
- Size
- 5MiB (5236317 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 54049e0fabbb5b312f4d143ee07b73a9
- SHA1
- 95766fe143cfa302732b3b1b600a47fcb795e9ae
- SHA256
- f877c5647ee94d2a40d5f48c70d754530f95d72dce8b14da5645e213d08e636a
-
opengl32sw.dll
- Size
- 5MiB (5240923 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Runtime Process
- LogiCameraSettings_2.12.8.exe (PID: 2516)
- MD5
- 1e22fd3782c56fbccddf496abe57408c
- SHA1
- 61aa890e9843cd00c304e4026ef059be180c568f
- SHA256
- dce8d2c30ba7d64b70f31db2c79ebe69903839d0655569041ef5a8c56000959b
-
LogEx.dll
- Size
- 44KiB (45056 bytes)
- Runtime Process
- VideoServiceInstall.exe (PID: 1012)
- MD5
- 0f96d9eb959ad4e8fd205e6d58cf01b8
- SHA1
- 7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
- SHA256
- 57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
-
115263.msi
- Size
- 140KiB (143360 bytes)
- Type
- msi data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2013 x86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005., Template: Intel;1033, Revision Number: {E9934153-EAB1-4DA6-AA72-86C8BB1EDF2C}, Create Time/Date: Sat Oct 5 10:36:36 2013, Last Saved Time/Date: Sat Oct 5 10:36:36 2013, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.1623.0), Security: 2
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- e3e632c282f2b368bca82aacb80aceaf
- SHA1
- 04a046e2ebb681b53f46db1ec1434faef8b17618
- SHA256
- 1937f3fea43918d3fb8b8bb74fd1210467f9186ad06729de82f8f0448ae65509
-
115268.msi
- Size
- 140KiB (143360 bytes)
- Type
- msi data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2013 x86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005., Template: Intel;1033, Revision Number: {E9934153-EAB1-4DA6-AA72-86C8BB1EDF2C}, Create Time/Date: Sat Oct 5 10:36:36 2013, Last Saved Time/Date: Sat Oct 5 10:36:36 2013, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.1623.0), Security: 2
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- e3e632c282f2b368bca82aacb80aceaf
- SHA1
- 04a046e2ebb681b53f46db1ec1434faef8b17618
- SHA256
- 1937f3fea43918d3fb8b8bb74fd1210467f9186ad06729de82f8f0448ae65509
-
115269.msi
- Size
- 140KiB (143360 bytes)
- Runtime Process
- msiexec.exe (PID: 3548)
- MD5
- d0a78fcac0b92a149fe51c76371c989a
- SHA1
- edc4cb1484ddc7a5633efad60ea0899445ac1ca0
- SHA256
- ff206329ef1e41c038a12ca1e10634c647a8f1022e2130b7c49d91dbd48fb79a
-
11526e.msi
- Size
- 140KiB (143360 bytes)
- Type
- msi data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2013 x86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005., Template: Intel;1033, Revision Number: {5703FD24-BF2D-4D14-AB2F-E415A0361E63}, Create Time/Date: Sat Oct 5 10:36:30 2013, Last Saved Time/Date: Sat Oct 5 10:36:30 2013, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.7.1623.0), Security: 2
- MD5
- d0a78fcac0b92a149fe51c76371c989a
- SHA1
- edc4cb1484ddc7a5633efad60ea0899445ac1ca0
- SHA256
- ff206329ef1e41c038a12ca1e10634c647a8f1022e2130b7c49d91dbd48fb79a
-
mfc120fra.dll
- Size
- 73KiB (74920 bytes)
- MD5
- f09b21c8959133053e94a4af14d6b46f
- SHA1
- 5100d71973cfb310f89da5e53db7b87ae7311992
- SHA256
- 0fa0a1fd83269c78c322bf8be59f8a8bb93143ae5731cb263f2f2c91175eae47
-
mfcm120.dll
- Size
- 81KiB (83104 bytes)
- MD5
- 832cc047743469082fae5e3cc830cd8c
- SHA1
- 0e60b3ffb0d21567844de409a8449fdbac5509f9
- SHA256
- e8fc673a39a6f912b54cb2612da9d96fbc1c90606eede2e3f1a0cfbfee271d7f
-
mfc120cht.dll
- Size
- 45KiB (46248 bytes)
- MD5
- 928ef91c2bcc8f82725cdb1a5ed711d9
- SHA1
- 72dbe1129ae70bf08bf508b02dfde428c05c9212
- SHA256
- bb8111cfee6eb4a9f113ea1cb1c573de990a987635b7111821c73d6cbfdbe38b
-
Notifications
-
Runtime
- Network whitenoise filtering was applied
- No static analysis parsing on sample was performed
- Not all Falcon MalQuery lookups completed in time
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "binary-1" are available in the report
- Not all sources for indicator ID "binary-16" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "registry-17" are available in the report
- Not all sources for indicator ID "registry-18" are available in the report
- Not all sources for indicator ID "registry-19" are available in the report
- Not all sources for indicator ID "registry-55" are available in the report
- Not all sources for indicator ID "registry-72" are available in the report
- Not all sources for indicator ID "string-64" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)
- Some low-level data is hidden, as this is only a slim report