URL:

https://logisofter.com/logitech-g-hub-driver-software/

Full analysis: https://app.any.run/tasks/69689fb6-be56-4cc9-8130-2d1e0bb290f2
Verdict: Malicious activity
Analysis date: January 10, 2025, 07:43:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

A1DC2949BBF20A46993C4F5534D30F33

SHA1:

F466A9BB4C3E0D8E280BEC29F9ADCE41500151C8

SHA256:

FFF6D76D6E7FD6F5D2CDD516108858FD62A0B7F99A8AE58A31D0D05A3AB6EFC8

SSDEEP:

3:N8KPRRAeCMRjN1FAC:2KPRmePR7qC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • lghub_updater.exe (PID: 1140)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • 9158-43b5-7ca6-6609.exe (PID: 2996)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • lghub_installer.exe (PID: 6968)
      • vc_redist.x64.exe (PID: 3560)
      • vc_redist.x86.exe (PID: 6728)
      • lghub_updater.exe (PID: 1140)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • drvinst.exe (PID: 6088)

    • Executable content was dropped or overwritten

      • lghub_installer.exe (PID: 6968)
      • vc_redist.x64.exe (PID: 3560)
      • vc_redist.x64.exe (PID: 1856)
      • vc_redist.x86.exe (PID: 6728)
      • vc_redist.x86.exe (PID: 6732)
      • lghub_updater.exe (PID: 1140)
      • drvinst.exe (PID: 1572)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • drvinst.exe (PID: 6088)
      • drvinst.exe (PID: 6776)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • 9158-43b5-7ca6-6609.exe (PID: 2996)
      • lghub_updater.exe (PID: 6596)

    • Searches for installed software

      • vc_redist.x64.exe (PID: 1856)
      • vc_redist.x86.exe (PID: 6732)

    • Starts a Microsoft application from unusual location

      • vc_redist.x64.exe (PID: 1856)
      • vc_redist.x64.exe (PID: 3560)
      • vc_redist.x86.exe (PID: 6732)
      • vc_redist.x86.exe (PID: 6728)

    • Reads security settings of Internet Explorer

      • lghub_installer.exe (PID: 6968)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • 9158-43b5-7ca6-6609.exe (PID: 2996)
      • lghub_system_tray.exe (PID: 2148)

    • Reads the date of Windows installation

      • lghub_installer.exe (PID: 6968)

    • Creates a software uninstall entry

      • lghub_updater.exe (PID: 1140)

    • Drops a system driver (possible attempt to evade defenses)

      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • drvinst.exe (PID: 1572)
      • drvinst.exe (PID: 6776)
      • drvinst.exe (PID: 6088)

    • Creates files in the driver directory

      • drvinst.exe (PID: 1572)
      • drvinst.exe (PID: 6088)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 6088)
      • drvinst.exe (PID: 6776)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 4360)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 4596)
      • regsvr32.exe (PID: 4912)

    • Executes as Windows Service

      • lghub_updater.exe (PID: 6596)

    • Application launched itself

      • lghub.exe (PID: 624)

  • INFO

    • Checks supported languages

      • lghub_installer.exe (PID: 6968)
      • vc_redist.x64.exe (PID: 3560)
      • vc_redist.x86.exe (PID: 6732)
      • vc_redist.x86.exe (PID: 6728)
      • lghub_updater.exe (PID: 1140)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • drvinst.exe (PID: 6776)
      • drvinst.exe (PID: 6088)
      • 20eb-6641-ae1c-233e.exe (PID: 6172)
      • drvinst.exe (PID: 5968)
      • drvinst.exe (PID: 4360)
      • drvinst.exe (PID: 1612)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • lghub_updater.exe (PID: 4596)
      • lghub_updater.exe (PID: 6596)
      • lghub_system_tray.exe (PID: 2148)
      • lghub_agent.exe (PID: 1488)
      • lghub_system_tray.exe (PID: 3144)
      • lghub.exe (PID: 624)
      • lghub_agent.exe (PID: 6232)
      • lghub.exe (PID: 7696)
      • lghub.exe (PID: 7580)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6580)
      • chrome.exe (PID: 3812)

    • Reads the machine GUID from the registry

      • lghub_installer.exe (PID: 6968)
      • drvinst.exe (PID: 1572)
      • drvinst.exe (PID: 6088)
      • drvinst.exe (PID: 6776)

    • Reads the computer name

      • lghub_installer.exe (PID: 6968)
      • vc_redist.x64.exe (PID: 1856)
      • vc_redist.x86.exe (PID: 6732)
      • lghub_updater.exe (PID: 1140)
      • drvinst.exe (PID: 1572)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • drvinst.exe (PID: 5968)
      • lghub_updater.exe (PID: 4596)
      • lghub_system_tray.exe (PID: 2148)
      • lghub_system_tray.exe (PID: 3144)
      • lghub_agent.exe (PID: 1488)
      • lghub.exe (PID: 624)
      • lghub.exe (PID: 7548)
      • lghub.exe (PID: 7580)

    • The sample compiled with english language support

      • chrome.exe (PID: 6580)
      • vc_redist.x64.exe (PID: 3560)
      • vc_redist.x64.exe (PID: 1856)
      • lghub_installer.exe (PID: 6968)
      • vc_redist.x86.exe (PID: 6728)
      • vc_redist.x86.exe (PID: 6732)
      • lghub_updater.exe (PID: 1140)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • drvinst.exe (PID: 1572)
      • drvinst.exe (PID: 6088)
      • drvinst.exe (PID: 6776)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • 9158-43b5-7ca6-6609.exe (PID: 2996)
      • lghub_updater.exe (PID: 6596)

    • Reads Environment values

      • lghub_installer.exe (PID: 6968)

    • Disables trace logs

      • lghub_installer.exe (PID: 6968)

    • The process uses the downloaded file

      • chrome.exe (PID: 2280)
      • lghub_installer.exe (PID: 6968)

    • Checks proxy server information

      • lghub_installer.exe (PID: 6968)

    • Reads the software policy settings

      • lghub_installer.exe (PID: 6968)
      • drvinst.exe (PID: 6088)

    • Create files in a temporary directory

      • vc_redist.x64.exe (PID: 1856)
      • lghub_installer.exe (PID: 6968)
      • vc_redist.x86.exe (PID: 6732)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • 20eb-6641-ae1c-233e.exe (PID: 6172)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • lghub_updater.exe (PID: 1140)

    • Application launched itself

      • chrome.exe (PID: 3812)

    • Process checks computer location settings

      • lghub_installer.exe (PID: 6968)
      • 9fc4-1e75-148f-5d6f.exe (PID: 3656)
      • lghub_system_tray.exe (PID: 2148)
      • lghub_system_tray.exe (PID: 3144)
      • lghub.exe (PID: 7696)

    • The sample compiled with slovak language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • Creates files in the program directory

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)
      • lghub_updater.exe (PID: 6596)

    • The sample compiled with arabic language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with Italian language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with french language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with russian language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with turkish language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with korean language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with Indonesian language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with swedish language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with spanish language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with czech language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with polish language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with portuguese language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with bulgarian language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with chinese language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with japanese language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • The sample compiled with german language support

      • lghub_installer.exe (PID: 6968)
      • lghub_updater.exe (PID: 1140)

    • Sends debugging messages

      • lghub_updater.exe (PID: 1140)
      • d412-01da-e4c0-10f2.exe (PID: 1792)
      • 20eb-6641-ae1c-233e.exe (PID: 6172)
      • lghub_updater.exe (PID: 6596)
      • regsvr32.exe (PID: 4912)
      • regsvr32.exe (PID: 3736)
      • lghub_system_tray.exe (PID: 2148)
      • lghub_system_tray.exe (PID: 3144)
      • lghub_agent.exe (PID: 1488)
      • lghub_updater.exe (PID: 4596)

    • Manual execution by a user

      • lghub_updater.exe (PID: 4596)
      • lghub_system_tray.exe (PID: 3144)
      • lghub_system_tray.exe (PID: 2148)

    • Creates files or folders in the user directory

      • lghub_agent.exe (PID: 1488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
208
Monitored processes
71
Malicious processes
9
Suspicious processes
9

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs lghub_installer.exe no specs lghub_installer.exe chrome.exe vc_redist.x64.exe vc_redist.x64.exe vc_redist.x86.exe vc_redist.x86.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs lghub_updater.exe chrome.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs d412-01da-e4c0-10f2.exe drvinst.exe drvinst.exe drvinst.exe drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs 20eb-6641-ae1c-233e.exe 9fc4-1e75-148f-5d6f.exe regsvr32.exe regsvr32.exe no specs regsvr32.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs 9158-43b5-7ca6-6609.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs lghub_updater.exe lghub_updater.exe lghub_system_tray.exe lghub_system_tray.exe lghub_agent.exe lghub_agent.exe no specs lghub.exe no specs unsecapp.exe no specs lghub.exe no specs lghub.exe no specs lghub.exe no specs lghub.exe no specs lghub_system_tray.exe no specs lghub_agent.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308 /s "C:\Program Files\LGHUB\sdks/sdk_legacy_steering_wheel_x86.dll"C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
536"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5932 --field-trial-handle=1900,i,12306870192519741916,8936194839946096934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
624"C:\Program Files\LGHUB\lghub.exe" --notrayC:\Program Files\LGHUB\lghub.exelghub_system_tray.exe
User:
admin
Company:
Logitech, Inc.
Integrity Level:
MEDIUM
Description:
LGHUB
Version:
31.3.0
848"C:\Users\admin\Downloads\lghub_installer.exe" C:\Users\admin\Downloads\lghub_installer.exechrome.exe
User:
admin
Company:
Logitech, Inc.
Integrity Level:
MEDIUM
Description:
Logitech G HUB
Exit code:
3221226540
Version:
2024.1.5200
Modules
Images
c:\users\admin\downloads\lghub_installer.exe
c:\windows\system32\ntdll.dll
1140"C:\ProgramData\LGHUB\depots\417866\core\LGHUB\lghub_updater.exe" --installC:\ProgramData\LGHUB\depots\417866\core\LGHUB\lghub_updater.exe
lghub_installer.exe
User:
admin
Company:
Logitech, Inc.
Integrity Level:
HIGH
Description:
LGHUB Updater
Exit code:
0
Version:
2024.9.649333
Modules
Images
c:\programdata\lghub\depots\417866\core\lghub\lghub_updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4448 --field-trial-handle=1900,i,12306870192519741916,8936194839946096934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1488"C:\Program Files\LGHUB\lghub_agent.exe"C:\Program Files\LGHUB\lghub_agent.exe
lghub_system_tray.exe
User:
admin
Company:
Logitech, Inc.
Integrity Level:
MEDIUM
Description:
LGHUB Agent
Version:
2024.9.649333
Modules
Images
c:\program files\lghub\lghub_agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1536"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\LGHUB\sdks/sdk_legacy_steering_wheel_x86.dll"C:\Windows\System32\regsvr32.exelghub_updater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1572DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{1f471e78-c55d-314b-8739-733d6a4c9ac8}\logi_joy_vir_hid.inf" "9" "4ad69d21f" "0000000000000180" "WinSta0\Default" "00000000000001DC" "208" "C:\Users\admin\AppData\Local\Temp\ef4abd10-77fb-4da8-bfd2-cb5a6ff0fab4"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1612DrvInst.exe "1" "0" "LGHUBDevice\VID_046D&PID_C232\1&79f5d87&0&01" "" "" "409067b8f" "0000000000000000"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
Total events
29 072
Read events
28 884
Write events
145
Delete events
43

Modification events

(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3812) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2280) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000CDFCC28D3363DB01
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C1I
Value:
1
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C2I
Value:
1
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C7I
Value:
1
(PID) Process:(3812) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C1S
Value:
1
Executable files
559
Suspicious files
930
Text files
1 004
Unknown types
10

Dropped files

PID
Process
Filename
Type
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF135efc.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF135efc.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF135f0b.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF135f0b.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF135f0b.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF135f0b.TMP
MD5:
SHA256:
3812chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
142
DNS requests
136
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3220
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3220
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5112
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5112
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6224
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4980
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
4980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
4980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3220
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3220
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.176:443
www.bing.com
Akamai International B.V.
DE
whitelisted
3812
chrome.exe
239.255.255.250:1900
whitelisted
6408
chrome.exe
185.68.16.153:443
logisofter.com
Hosting Ukraine LTD
UA
unknown
6408
chrome.exe
172.217.218.84:443
accounts.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
google.com
  • 142.250.186.78
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.176
  • 104.126.37.179
  • 104.126.37.178
  • 104.126.37.185
  • 104.126.37.163
  • 104.126.37.186
  • 104.126.37.170
  • 104.126.37.171
  • 104.126.37.184
  • 2.16.110.195
  • 2.16.110.130
  • 2.16.110.200
  • 2.16.110.193
  • 2.16.110.131
  • 2.16.110.123
  • 2.16.110.192
  • 2.16.110.120
  • 2.16.110.121
whitelisted
logisofter.com
  • 185.68.16.153
unknown
accounts.google.com
  • 172.217.218.84
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 23.213.166.81
whitelisted
fonts.googleapis.com
  • 142.250.186.170
whitelisted
fonts.gstatic.com
  • 142.250.184.227
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
Process
Message
lghub_updater.exe
[2025-01-10:07:47:49.886] [:3536] [info] [C:\data\cache\conan\1.64.0\.conan\data\logi_logging\2.0.1\logi\stable\build\d379c28da1564ec6deb1ec24b0de1b8294bb0233\logi_logging\src\controller_impl.cpp:309] Logging to: C:\Users\admin\AppData\Local\Temp\com.logi.ghub.updater.logs\20250110T074749-updater-1140.log
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.604] [ghub_bus_driver] [info] -----------------------------------
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.605] [ghub_bus_driver] [info] -----------------------------------
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.605] [ghub_bus_driver] [info] GHUB Bus Driver Package V2022.1.0.5
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.674] [ghub_bus_driver] [info] Extracting file logi_joy_vir_hid.cat (13213 bytes)
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.674] [ghub_bus_driver] [debug] Returning resource logi_joy_vir_hid.cat of type cat. Size: 13213 bytes.
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.678] [ghub_bus_driver] [debug] Returning resource logi_joy_vir_hid.inf of type inf. Size: 2876 bytes.
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.678] [ghub_bus_driver] [info] Extracting file logi_joy_vir_hid.inf (2876 bytes)
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.689] [ghub_bus_driver] [debug] Returning resource logi_joy_vir_hid.sys of type sys. Size: 32080 bytes.
d412-01da-e4c0-10f2.exe
[2025-01-10 07:48:15.689] [ghub_bus_driver] [info] Extracting file logi_joy_vir_hid.sys (32080 bytes)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://logisofter.com/logitech-g-hub-driver-software/