URL:

https://www.logitech.com/en-us/video-collaboration/software/logi-tune-software.html

Full analysis: https://app.any.run/tasks/e60786ad-f50f-4992-9e80-0c11f19fa47d
Verdict: Malicious activity
Analysis date: March 05, 2026, 23:09:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
Indicators:
MD5:

631B5A3C8B62F6627B97E5F08657CCF3

SHA1:

F55A5B70F49E5768AEFA1DB119E7BED266562627

SHA256:

4D828D33659645FE6C78B2963A71462C3F970E105784B95A82A249A7D0BE711B

SSDEEP:

3:N8DSLYRAGNysrQGSsL+WDFsQfNSIJn:2OLYRresCWDFxlJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • msiexec.exe (PID: 7564)

    • GENERIC has been found (auto)

      • msiexec.exe (PID: 7564)
      • rundll32.exe (PID: 1976)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 7564)

    • Registers / Runs the DLL via REGSVR32.EXE

      • msiexec.exe (PID: 1704)

  • SUSPICIOUS

    • Potential Corporate Privacy Violation

      • msedge.exe (PID: 6640)

    • Executable content was dropped or overwritten

      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneInstall.exe (PID: 7004)
      • rundll32.exe (PID: 1976)
      • pnputil.exe (PID: 8284)
      • pnputil.exe (PID: 9148)

    • Searches for installed software

      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneInstall.exe (PID: 7004)

    • Reads the date of Windows installation

      • LogiTuneInstall.exe (PID: 2788)

    • Adds/modifies Windows certificates

      • msiexec.exe (PID: 7564)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7624)
      • LogiTuneUpdater.exe (PID: 4924)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7564)

    • Application launched itself

      • msiexec.exe (PID: 7564)
      • LogiTune.exe (PID: 7956)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7564)
      • rundll32.exe (PID: 1976)

    • Uses RUNDLL32.EXE to run a file without a DLL extension

      • rundll32.exe (PID: 1976)

    • Uses RUNDLL32.EXE to load library

      • msiexec.exe (PID: 1704)

    • Creates files in the driver directory

      • msiexec.exe (PID: 1704)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 4776)

    • Uses ATTRIB.EXE to modify file attributes

      • LogiTune.exe (PID: 7956)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 5896)
      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneInstallerUI.exe (PID: 6756)
      • LogiTuneInstall.exe (PID: 7004)
      • msiexec.exe (PID: 7564)
      • msiexec.exe (PID: 8888)
      • msiexec.exe (PID: 1704)
      • MigrationTool.exe (PID: 6496)
      • drvinst.exe (PID: 9184)
      • drvinst.exe (PID: 3536)
      • drvinst.exe (PID: 5016)
      • LogiTuneUpdater.exe (PID: 4924)
      • LogiTuneAgent.exe (PID: 7904)
      • LogiTune.exe (PID: 7492)
      • LogiTune.exe (PID: 8696)
      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 2208)
      • LogiTune.exe (PID: 6800)
      • LogiTune.exe (PID: 8864)

    • Reads the computer name

      • identity_helper.exe (PID: 5896)
      • LogiTuneInstallerUI.exe (PID: 6756)
      • LogiTuneInstall.exe (PID: 2788)
      • msiexec.exe (PID: 7564)
      • msiexec.exe (PID: 8888)
      • msiexec.exe (PID: 1704)
      • LogiTuneInstall.exe (PID: 7004)
      • drvinst.exe (PID: 9184)
      • drvinst.exe (PID: 3536)
      • drvinst.exe (PID: 5016)
      • LogiTuneUpdater.exe (PID: 4924)
      • LogiTuneAgent.exe (PID: 7904)
      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 7492)
      • LogiTune.exe (PID: 8696)
      • LogiTune.exe (PID: 6800)
      • LogiTune.exe (PID: 8864)
      • LogiTune.exe (PID: 2208)

    • Reads Environment values

      • identity_helper.exe (PID: 5896)
      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 6800)
      • LogiTune.exe (PID: 8864)
      • LogiTune.exe (PID: 2208)

    • Application launched itself

      • msedge.exe (PID: 6540)

    • Create files in a temporary directory

      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneInstall.exe (PID: 7004)
      • pnputil.exe (PID: 8284)
      • pnputil.exe (PID: 7700)
      • pnputil.exe (PID: 9148)
      • LogiTune.exe (PID: 7956)

    • The sample compiled with english language support

      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneInstall.exe (PID: 7004)
      • msiexec.exe (PID: 7564)
      • rundll32.exe (PID: 1976)
      • pnputil.exe (PID: 8284)
      • drvinst.exe (PID: 9184)
      • pnputil.exe (PID: 9148)
      • drvinst.exe (PID: 3536)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6540)
      • msiexec.exe (PID: 7564)

    • Reads the machine GUID from the registry

      • LogiTuneInstallerUI.exe (PID: 6756)
      • msiexec.exe (PID: 7564)
      • msiexec.exe (PID: 1704)
      • drvinst.exe (PID: 9184)
      • drvinst.exe (PID: 5016)
      • drvinst.exe (PID: 3536)
      • LogiTuneUpdater.exe (PID: 4924)
      • LogiTuneAgent.exe (PID: 7904)
      • LogiTune.exe (PID: 7956)

    • Reads security settings of Internet Explorer

      • LogiTuneInstallerUI.exe (PID: 6756)
      • LogiTuneInstall.exe (PID: 2788)
      • LogiTuneAgent.exe (PID: 7904)
      • Taskmgr.exe (PID: 9664)

    • Process checks computer location settings

      • LogiTuneInstall.exe (PID: 2788)
      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 2208)
      • LogiTune.exe (PID: 8864)
      • LogiTune.exe (PID: 6800)
      • LogiTuneAgent.exe (PID: 7904)

    • Manages system restore points

      • SrTasks.exe (PID: 7104)

    • The sample compiled with chinese language support

      • msiexec.exe (PID: 7564)

    • Creates files in the program directory

      • MigrationTool.exe (PID: 6496)
      • regsvr32.exe (PID: 4776)
      • LogiTuneUpdater.exe (PID: 4924)
      • LogiTuneAgent.exe (PID: 7904)

    • Launching a file from a Registry key

      • msiexec.exe (PID: 7564)

    • Reads the time zone

      • LogiTuneUpdater.exe (PID: 4924)

    • Reads CPU info

      • LogiTuneUpdater.exe (PID: 4924)
      • LogiTune.exe (PID: 7956)

    • Checks proxy server information

      • LogiTuneAgent.exe (PID: 7904)
      • LogiTune.exe (PID: 7956)
      • slui.exe (PID: 224)

    • Creates files or folders in the user directory

      • LogiTuneAgent.exe (PID: 7904)
      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 8696)
      • LogiTune.exe (PID: 6800)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7564)

    • Reads product name

      • LogiTune.exe (PID: 7956)
      • LogiTune.exe (PID: 6800)
      • LogiTune.exe (PID: 8864)
      • LogiTune.exe (PID: 2208)

    • Manual execution by a user

      • LogiTune.exe (PID: 7956)
      • Taskmgr.exe (PID: 9616)
      • Taskmgr.exe (PID: 9664)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
229
Monitored processes
70
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs logituneinstall.exe logituneinstallerui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs logituneinstall.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs #GENERIC msiexec.exe msiexec.exe no specs msiexec.exe slui.exe #GENERIC rundll32.exe migrationtool.exe no specs conhost.exe no specs pnputil.exe conhost.exe no specs drvinst.exe no specs pnputil.exe conhost.exe no specs drvinst.exe no specs regsvr32.exe no specs pnputil.exe no specs conhost.exe no specs drvinst.exe no specs logituneupdater.exe no specs logituneagent.exe logitune.exe no specs logitune.exe no specs logitune.exe attrib.exe no specs conhost.exe no specs attrib.exe no specs conhost.exe no specs msedge.exe no specs attrib.exe no specs conhost.exe no specs logitune.exe no specs logitune.exe no specs logitune.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
224C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1584"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7344,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1704C:\Windows\System32\MsiExec.exe -Embedding 3192FBBBCA7BB3A1D9C338D14A288ACD E Global\MSI0000C:\Windows\System32\msiexec.exe
msiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5396,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3648,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1976rundll32.exe "C:\WINDOWS\Installer\MSI1BD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_2038859 51 CSharpCustomActions!CSharpCustomActions.CSharpCustomActions.InitSettingsC:\Windows\System32\rundll32.exe
msiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2208"C:\Program Files\Logitech\LogiTune\LogiTune.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\logitune" --app-user-model-id="Logi Tune" --app-path="C:\Program Files\Logitech\LogiTune\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1772750193464943 --launch-time-ticks=2047854983 --field-trial-handle=1896,i,57516238204238782,4713408096470076852,262144 --enable-features=EnableTransparentHwndEnlargement,PdfUseShowSaveFilePicker --disable-features=LocalNetworkAccessChecks,NetworkServiceSandbox,ScreenAIOCREnabled,SpareRendererForSitePerProcess,TraceSiteInstanceGetProcessCreation --variations-seed-version --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=3032 /prefetch:1C:\Program Files\Logitech\LogiTune\LogiTune.exeLogiTune.exe
User:
admin
Company:
Logitech
Integrity Level:
MEDIUM
Description:
LogiTune
Version:
3.13.106.3
Modules
Images
c:\program files\logitech\logitune\logitune.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
2284"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5692,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2312"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7412,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=1508 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2564"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2700,i,8331708960718214583,5101646152729333571,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
28 167
Read events
27 599
Write events
516
Delete events
52

Modification events

(PID) Process:(7004) LogiTuneInstall.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000D6E7D837F5ACDC015C1B0000A0100000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7004) LogiTuneInstall.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000001B0C1E38F5ACDC015C1B0000A0100000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7004) LogiTuneInstall.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
15
(PID) Process:(7004) LogiTuneInstall.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000C6A83A38F5ACDC015C1B000000110000E80300000100000000000000000000003294C5F9CAEB6C429CEC1E43F463FCF900000000000000000000000000000000
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000005944638F5ACDC01C81D00000C110000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000005944638F5ACDC01C81D000044210000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000005944638F5ACDC01C81D00005C070000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000005944638F5ACDC01C81D00009C070000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(7624) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
480000000000000059754B38F5ACDC01C81D000044210000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
133
Suspicious files
298
Text files
351
Unknown types
2

Dropped files

PID
Process
Filename
Type
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e53ac.TMP
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e53ac.TMP
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e53ac.TMP
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e53ac.TMP
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e53bb.TMP
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
295
TCP/UDP connections
142
DNS requests
140
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6640
msedge.exe
GET
200
18.172.112.111:443
https://www.logitech.com/content/logitech/amr/live/en_us/video-collaboration/software/logi-tune-software.geotracking.json
US
unknown
6640
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:3cm8BpiiXkSruaZbUqVo9dIem2iZW_trr-xZguYQh_Q&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
95 b
whitelisted
6640
msedge.exe
GET
200
18.172.112.111:443
https://www.logitech.com/etc.clientlibs/logitech/clientlibs/main-editable-sfcc.min.41a80e1528fd53f94b0f7bed8abc3d08.css
US
text
1.35 Mb
unknown
6640
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.55 Kb
whitelisted
6640
msedge.exe
GET
200
18.172.112.111:443
https://www.logitech.com/en-us/video-collaboration/software/logi-tune-software.html
US
text
284 Kb
unknown
6640
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
6640
msedge.exe
GET
200
18.172.112.111:443
https://www.logitech.com/etc.clientlibs/logitech-common/clientlibs/onetrust.min.41ac4cd8610e597df080b70136957dff.js
US
text
4.56 Kb
unknown
6640
msedge.exe
GET
200
13.107.213.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
6640
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
6640
msedge.exe
GET
200
18.172.112.111:443
https://www.logitech.com/content/dam/logitech/en/nav/brand-logos/business.svg
US
image
8.06 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
2600
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8700
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6640
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
104.18.86.42:443
cdn.cookielaw.org
CLOUDFLARENET
US
whitelisted
6640
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
3.253.115.178:443
dpm.demdex.net
AMAZON-02
US
whitelisted

DNS requests

Domain
IP
Reputation
self.events.data.microsoft.com
  • 20.189.173.13
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 192.178.204.100
  • 192.178.204.102
  • 192.178.204.113
  • 192.178.204.101
  • 192.178.204.138
  • 192.178.204.139
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
www.logitech.com
  • 18.172.112.111
  • 18.172.112.105
  • 18.172.112.101
  • 18.172.112.16
whitelisted
api.edgeoffer.microsoft.com
  • 13.107.213.44
  • 13.107.246.44
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 92.123.104.33
  • 92.123.104.52
  • 92.123.104.34
  • 92.123.104.59
  • 92.123.104.31
  • 92.123.104.32
  • 2.16.241.205
  • 2.16.241.201
  • 2.16.241.218
whitelisted
webtags.logitech.com
  • 99.84.152.12
  • 99.84.152.123
  • 99.84.152.95
  • 99.84.152.29
unknown

Threats

PID
Process
Class
Message
6640
msedge.exe
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
6640
msedge.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
6640
msedge.exe
Potentially Bad Traffic
ET INFO Executable served from Amazon S3
2600
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6640
msedge.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
5592
svchost.exe
Misc activity
ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
5592
svchost.exe
Misc activity
ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
5592
svchost.exe
Misc activity
ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
5592
svchost.exe
Misc activity
ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
5592
svchost.exe
Misc activity
ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
Process
Message
msiexec.exe
DriverInstall -- initialized
msiexec.exe
Detected CPU architecture 34404
msiexec.exe
DriverInstall -- inf to install: C:\Program Files\Logitech\LogiTune\data\drivers\logue_audio.inf; Check installed: yes; Restart audio services: yes
msiexec.exe
DriverInstall -- cannot locate driver. Installation is to be launched
msiexec.exe
Running "C:\WINDOWS\system32\pnputil.exe" /add-driver "C:\Program Files\Logitech\LogiTune\data\drivers\logue_audio.inf" /install
msiexec.exe
DriverInstall -- driver installed successfully
msiexec.exe
DriverInstall -- stopping audio services...
msiexec.exe
DriverInstall -- services are stopped successfully. Now starting them...
msiexec.exe
DriverInstall -- audio services are restarted successfully!
msiexec.exe
DriverInstall -- Operation is successful!
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.logitech.com/en-us/video-collaboration/software/logi-tune-software.html